使用PHP将复选框输入放入MySQL表列

<?php
session_start();
$servername = "localhost";
$username = "_admin";
$password = "";
$dbname = "_users";

$value = $_POST['userTel'];
$sesh = $_SESSION['userSession'];
$checkbox1=$_POST['site'];  
$chk="";  
foreach($checkbox1 as $chk1)
{  
    $chk .= $chk1.",";  
}  

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // begin the transaction
    $conn->beginTransaction();
    // our SQL statements
    $conn->exec("UPDATE tbl_users SET userTel = '$value' WHERE userID = '$sesh'");
    $conn->exec("UPDATE tbl_sites SET siteName ('$chk')");

    // commit the transaction
    $conn->commit();
    echo "all's good ^.^";
}
catch(PDOException $e)
{
    // roll back the transaction if something failed
    $conn->rollback();
    echo "Error: " . $e->getMessage();
}

$conn = null;
?>

That's my code, and this is the error that's returned to me:

Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '('kith,')' at line 1

(kith is 1 of the input values)

What am I doing wrong here?

A more traditional prepared stmt possible way ?

session_start();
$servername = "localhost";
$username = "_admin";
$password = "";
$dbname = "_users";

$value = $_POST['userTel'];
$sesh = $_SESSION['userSession'];
$checkbox1 = $_POST['site'];
$chk = "";

foreach ($checkbox1 as $chk1) {
    $chk .= $chk1 . ",";
}
/* making sure there not the last , anyway */
$chk = rtrim($chk, ",");

/* setting conn */
try {
    $conn = new PDO('mysql:host=' . $servername . ';dbname=' . $dbname . ';charset=UTF8', $username, $password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

/* prepared stmts */
$sql1 = "UPDATE tbl_users SET userTel = ? WHERE userID = ?";
$sql2 = "UPDATE tbl_sites SET siteName = ?";
$stmt1 = $conn->prepare($sql1);
$stmt2 = $conn->prepare($sql2);

/* bindings */
$stmt1->bindParam(1, $value, PDO::PARAM_STR);
$stmt1->bindParam(2, $sesh, PDO::PARAM_STR);
$stmt2->bindParam(1, $chk, PDO::PARAM_STR);

/*exec*/
$sql1->execute();
$sql2->execute();

You have to remove tha last , from $chk.

Try this.

if(strlen($chk)>0){
   substr($chk, 0, strlen($chk)-1);
}