Whats wrong with my syntax?

Question

i am having the error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '){ concat(' Glucose Oxidase', '|', ' 4.2-6.4 mmol/l', '|', 'o'), } else {' at line 4

Glucose Oxidase, 4.2-6.4 mmol/l, o are retrieved from a form.

 $sql="INSERT INTO adenclinicalchemistry (idclinicalchemistry, Glucose, totalcholesterol, triglyceride, highdensitylipoprotein, lowdensitylipoprotein, 
                bloodureanitrogen, creatinine, blooduricacid, sgot, sgpt, status, date, patientid, userid) 
                VALUES ('',
                if($exams[0] != ''){
                    concat('$_POST[glumet]', '|', '$_POST[glunor]', '|', '$_POST[glures]'),
                } else { 
                    concat('', '|', '', '|', ''),
                }
                if($exams[1] != ''){
                    concat('$_POST[cholmet]', '|', '$_POST[cholnor]', '|', '$_POST[cholres]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                if($exams[2] != ''){
                    concat('$_POST[trimet]', '|', '$_POST[trinor]', '|', '$_POST[trires]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                if($exams[3] != ''){
                    concat('$_POST[himet]', '|', '$_POST[hinor]', '|', '$_POST[hires]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                }if($exams[4] != ''){
                    concat('$_POST[lowmet]', '|', '$_POST[lownor]', '|', '$_POST[lowres]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                }if($exams[5] != ''){
                    concat('$_POST[ureamet]', '|', '$_POST[ureanor]', '|', '$_POST[ureares]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                }if($exams[6] != ''){
                    concat('$_POST[cremet]', '|', '$_POST[crenor]', '|', '$_POST[creres]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                }if($exams[7] != ''){
                    concat('$_POST[uricmet]', '|', '$_POST[uricnor]', '|', '$_POST[uricres]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                }if($exams[8] != ''){
                    concat('$_POST[astm]', '|', '$_POST[astm]', '|', '$_POST[astm]'),
                }else {
                    concat('$_POST[astmet]', '|', '$_POST[astnor]', '|', '$_POST[astres]'),
                }
                }if($exams[9] != ''){
                    concat('$_POST[altmet]', '|', '$_POST[altnor]', '|', '$_POST[altres]'),
                }else{
                    concat('', '|', '', '|', ''),
                }
                'confirm1', 
                '$date',
                '$_POST[patid]',
                '" .$_SESSION['user']. "')";

Answer 1

PHP is not going to interpretate your code if you write it inside a string.

Put it outside the string, and generate your SQL properly.

Answer 2

do the concat thing in php and pass the variable to sql query, like

$str = '';
if($exams[0] != ''){
 $str .=$_POST['glumet'] . '|' . $_POST['glunor'] . '|' . $_POST['glures'];
} else { 
 $str .='| |';
}
..similar for others and user $str in your query

Answer 3

You can't write PHP-Code directly into the SQL-Query. Set it into a ".[PHP-Code]."-Block like you did with your $_SESSION-variable.

Have in mind, that this is a VERY unsafe way to insert form-data into your Database! It's easy to manipulate your query!