[Solved] Fatal error: uncaught mysqli_SQL_exception: you have an error in your SQL syntax; check the

My error when I try to change the name:
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE userId = 2' at line 1 in C:\xampp\htdocs\login2\includes\functions.inc.php:148 Stack trace: #0 C:\xampp\htdocs\login2\includes\functions.inc.php(148): mysqli->query('UPDATE users2 S...') #1 C:\xampp\htdocs\login2\includes\editfac.inc.php(23): updateFacName(Object(mysqli), '2', 'Min, Shan') #2 {main} thrown in C:\xampp\htdocs\login2\includes\functions.inc.php on line 148
My error when I try to change the username:
Fatal error: Uncaught mysqli_sql_exception: Unknown column 'shan' in 'field list' in C:\xampp\htdocs\login2\includes\functions.inc.php:167 Stack trace: #0 C:\xampp\htdocs\login2\includes\functions.inc.php(167): mysqli->query('UPDATE users2 S...') #1 C:\xampp\htdocs\login2\includes\editfac.inc.php(26): updateUsername(Object(mysqli), '1', 'shan') #2 {main} thrown in C:\xampp\htdocs\login2\includes\functions.inc.php on line 167
My Code in includes/function.inc.php:
function emptyInputEditFac($facid, $name, $username) { $result ; if (empty($facid) && empty($name) && empty($username)) { $result = true; else { $result = false; return $result ; function updateFacId($conn, $userid, $facid) { $sql = " UPDATE users2 SET facId = $facid WHERE userId = $userid;" ; if ($conn -> query($sql) === TRUE) { echo " Record updated successfully" ; header( " location: ../faculty.php" ); exit(); else { phpalert( " Error updating record: " . $conn->error); header( " location: ../faculty.php" ); exit(); function updateFacName($conn, $userid, $name) { $sql = " UPDATE users2 SET name = $name WHERE userId = $userid;" ; if ($conn -> query($sql) === TRUE) { echo " Record updated successfully" ; header( " location: ../faculty.php" ); exit(); else { echo( " Error updating record: " . $conn->error); header( " location: ../faculty.php" ); exit(); function updateUsername($conn, $userid, $username) { $sql = " UPDATE users2 SET username = $username WHERE userId = $userid;" ; if ($conn -> query($sql) === TRUE) { echo " Record updated successfully" ; header( " location: ../faculty.php" ); exit(); else { phpalert( " Error updating record: " . $conn->error); header( " location: ../faculty.php" ); exit(); My Code in includes/editfac.inc.php:
if (isset($_POST[ ' submit' ])) { $userid = $_POST[ " userid" ]; $facid = $_POST[ " facid" ]; $name = $_POST[ " name" ]; $username = $_POST[ " username" ]; require_once ' dbh.inc.php' ; require_once ' functions.inc.php' ; if (emptyInputEditFac($facid, $name, $username) !== false) { header( " location: ../faculty.php?change=nochange" ); exit(); else { if (!empty($facid)) { updateFacId($conn, $userid, $facid); if (!empty($name)) { updateFacName($conn, $userid, $name); if (!empty($username)) { updateUsername($conn, $userid, $username); exit(); else { header( " location: ../faculty.php" ); exit(); My Code in editfac.php:
< section class = " form-sec" > < div class = " form-div" > < form id =" editfac-form" action =" includes/editfac.inc.php" method =" post" > <? php if (isset($_POST[ ' user-id' ])) { $userId = $_POST[ ' user-id' ]; echo " <input type='hidden' name='userid' value='" .$userId. " '/>" ; < input type =" number" name =" facid" placeholder =" Faculty ID Number" > < input type =" text" name =" name" placeholder =" Lastname, Firstname MI." > < input type =" text" name =" username" placeholder =" Username" > < button type =" submit" name =" submit" > Update < /button > < /form > < /section >
The updateFacId() function works fine for some reason.
What I have tried:
Searched about the error in Google but I couldn't understand much. C:\xampp\htdocs\login2\includes\editfac.inc.php(23): updateFacName(Object(mysqli), ' 2' , ' Min, Shan' ) #2 {main} thrown in
You need quotes around the user name that is being passed in, owing to the comma in the name. Using proper parameterized queries would avoid such problems. Although, I suspect that "Min, Shan" is not a valid user name.

The name column in my database is a varchar type and it is already holding full names of the faculty members with commas separating the last name, first name and I was able to add that data with my createUser() function which is almost identical to the updateFacName() function.
I have $name which is supposed to be a full real name and $username for the username like abc123.
Both of these are varchar type in my database and I have nothing that check if the input is a valid name/username or not.
I just tried editing a name as Shan Min but it still gives me error. Could the space be the error?
I didn't quite understand your first sentence. Where do I need to put the quotes? Quotes as in '' and/or "" , right?

OK, but you still need to treat data containing commas in a special way so that the SQL interpreter does not treat them as separate fields. If you must use string concatenation (and you really should not) then you must surround the field with quote characters:

"UPDATE users2 SET name = \"$name\" WHERE userId = $userid;";

But the correct way to pass parameters to SQL commands is to use parameterized queries, see: MySQL :: MySQL 8.0 Reference Manual :: 13.5 Prepared Statements [ ^ ].

"UPDATE users2 SET name = \"$name\" WHERE userId = $userid;";
Thank you, this works for me and I will give the MySQL site a read.
For the name I understand that commas and spaces could be a problem but how about the error for the username? I only tried 4 alphabets like abcd or shan. The error message says something about column in 'field list'. What does that mean? \"$username\" makes it work as I wanted too but since it has the different error so I was curious.

Read the question carefully.

Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.

If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.

Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question. Let's work to help developers, not make them feel stupid.