0

I am having trouble with this code:

<?php
// Username
$username = $_POST['name'];

$email = $_POST['email'];
$default = "default image";
$size = 40;

// MYSQL
mysql_connect('host','username','password');
mysql_select_db('database');

$grav_url = "www.gravatar.com/avatar/" . md5( strtolower( trim( $email ) ) ) . "?d=" . urlencode( $default ) . "&s=" . $size;

$sql = "INSERT INTO `db` (profile image) VALUES mysql_real_escape_string($grav_url) WHERE id='{$_SESSION['sessid']}'";

mysql_query($sql);


echo "Profile image updated. <a href='update.php'>Go back.</a>";

?>

The problem is that this does not work, but displays no error. I look in the data base and it is not updated. I don't know why.

3
Contributors
3
Replies
4
Views
5 Years
Discussion Span
Last Post by broj1
0

I do not beleive you can use mysql_real_escape_string within a SQL statement.

This should be done via to the INSERT statement

0

I tried the insert statement before. But, ill try insert again. Can you give me an example?

0

Sory for jumping in, I just have too much time right now :-). You can not use a function within double quoted string (you can use variables though). Do a concatenation:

$sql = "INSERT INTO `db` (profile image) VALUES " . mysql_real_escape_string($grav_url) . " WHERE id='{$_SESSION['sessid']}'";

This should work provided that the {$_SESSION['sessid']} exists and has expected vaslue.

Edited by broj1

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.