INSERT PHP语句不起作用

So, I'm not exactly sure what the problem is, but, when I try to INSERT into a table, it doesn't work.

All the variables are working. I've echoed and tested them, they are working.

$username = $_SESSION['username'];
$update = $_GET['update'];
mysql_query("INSERT INTO updates (username, update) VALUES ('$username', '$update')");

So it must be a problem with my mySQL query. This mySQL query is one of two in the .php folder. If that makes any difference.

Error in SQL

There is an error in your SQL. You cannot use MySQL keywords in column names without quoting them.

In this case update needs to be enclosed in backticks:

$query = "INSERT INTO updates (`username`, `update`) 
                       VALUES ('$username', '$update')";

SQL injection

Your code is susceptible to SQL injection attacks. You should escape quoted strings that are placed into an SQL statement with mysql_real_escape_string() or bind your data using PHP PDO prepared statements.

$username = mysql_real_escape_string($_SESSION['username']);
$update = mysql_real_escape_string($_GET['update']);

Putting it together

$username = mysql_real_escape_string($_SESSION['username']);
$update = mysql_real_escape_string($_GET['update']);
$query = "INSERT INTO updates (`username`, `update`) 
                       VALUES ('$username', '$update')";

I have written little SQLFiddle for you so you can see this in action: http://sqlfiddle.com/#!2/c25b1/1

You need to escape the data you are about to insert. You also want to separate the string from the variables. Try something like this:

$username = mysql_real_escape_string($_SESSION['username']);
$update = mysql_real_escape_string($_GET['update']);
mysql_query("INSERT INTO `updates` (username, update) VALUES ('" . $username . "', '" . $update . "')") or die(mysql_error());

That's untested but should work.

mysql_error() is the best way but you can also echo your query and run it directly against the database to see what is the problem.

$username = $_SESSION['username'];
$update = $_GET['update'];
$query = "INSERT INTO updates (username, update) VALUES ('$username', '$update')";
mysql_query($query);

echo "My Query : $query";

try this:

$username = $_SESSION['username'];
$update = $_GET['update'];
mysql_query("INSERT INTO updates (username, update) VALUES ('+$username', '+$update')");

also is better is create a variable to put the query string and then you make the query