I always do it this way. Just create array for conditions and then implode it as below:
$sql = "UPDATE " . $array['tableName'] . " SET ";
$set = array();
foreach($array as $row => $value){
if($row == 'id' || $row == 'tableName' || $row == 'submit'){
continue;
}
$set[] = $row . "='" . $value."'";
}
$sql .= implode(',' $set);
$sql .= "WHERE id = " . $array['id'];
Of course you should consider using prepared statements using for example PDO for queries or at least you should use functions like mysql_real_escape_string / mysqli_real_escape_strin