2 problems with your script.
The big problem is that you stumbled on a 20 year vulnerability called
SQL Injection; perhaps you have heard of it.
NEVER EVER
should you create an SQL command by combining commands and user entered text. What you should be using are called
Parameters and they are well documented for most databases.
The second problem is that your query is "upside down" for lack of a better term. The WHERE clause is
after your SET items. Here is the Raw SQL with parameter names in it already.
UPDATE darb SET
darb_title = @darb_title,
darb_date = now(),
darb_user = @darb_user,
darb_status = @darb_status,
darb_content = @darb_content,
darb_work = @darb_work,
darb_finish = @darb_finish,
darb_result = @darb_result,
darb_fileUpload = @darb_fileUpload
WHERE darb_id = @the_darb_id