Member Avatar for Djmann1013

I am having trouble with this code:

<?php
// Username
$username = $_POST['name'];

$email = $_POST['email'];
$default = "default image";
$size = 40;

// MYSQL
mysql_connect('host','username','password');
mysql_select_db('database');

$grav_url = "www.gravatar.com/avatar/" . md5( strtolower( trim( $email ) ) ) . "?d=" . urlencode( $default ) . "&s=" . $size;

$sql = "INSERT INTO `db` (profile image) VALUES mysql_real_escape_string($grav_url) WHERE id='{$_SESSION['sessid']}'";

mysql_query($sql);


echo "Profile image updated. <a href='update.php'>Go back.</a>";

?>

The problem is that this does not work, but displays no error. I look in the data base and it is not updated. I don't know why.

  • 3 Contributors
  • 3 Replies
  • 131 Views
  • 58 Minutes Discussion Span
  • Latest Post Latest Post by broj1

Recommended Answers

All 3 Replies

Member Avatar for Squidge

I do not beleive you can use mysql_real_escape_string within a SQL statement.

This should be done via to the INSERT statement

Member Avatar for Djmann1013

I tried the insert statement before. But, ill try insert again. Can you give me an example?

Member Avatar for broj1

Sory for jumping in, I just have too much time right now :-). You can not use a function within double quoted string (you can use variables though). Do a concatenation:

$sql = "INSERT INTO `db` (profile image) VALUES " . mysql_real_escape_string($grav_url) . " WHERE id='{$_SESSION['sessid']}'";

This should work provided that the {$_SESSION['sessid']} exists and has expected vaslue.

Edited by broj1
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.