MySQL & URLS

Question

Djmann1013 0 Mr. Parker

12 Years Ago

I am having trouble with this code:

<?php
// Username
$username = $_POST['name'];

$email = $_POST['email'];
$default = "default image";
$size = 40;

// MYSQL
mysql_connect('host','username','password');
mysql_select_db('database');

$grav_url = "www.gravatar.com/avatar/" . md5( strtolower( trim( $email ) ) ) . "?d=" . urlencode( $default ) . "&s=" . $size;

$sql = "INSERT INTO `db` (profile image) VALUES mysql_real_escape_string($grav_url) WHERE id='{$_SESSION['sessid']}'";

mysql_query($sql);


echo "Profile image updated. <a href='update.php'>Go back.</a>";

?>

The problem is that this does not work, but displays no error. I look in the data base and it is not updated. I don't know why.

mysql php sql

3 Contributors
3 Replies
132 Views
58 Minutes Discussion Span
Latest Post 12 Years Ago Latest Post by broj1

Squidge 101 Newbie Poster

12 Years Ago

I do not beleive you can use mysql_real_escape_string within a SQL statement.

This should be done via to the INSERT statement

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Djmann1013 0 Mr. Parker · Answer 1 · 2012-08-19T20:29:17+00:00

I tried the insert statement before. But, ill try insert again. Can you give me an example?

broj1 356 Humble servant Featured Poster · Answer 2 · 2012-08-19T21:08:10+00:00

Sory for jumping in, I just have too much time right now :-). You can not use a function within double quoted string (you can use variables though). Do a concatenation:

$sql = "INSERT INTO `db` (profile image) VALUES " . mysql_real_escape_string($grav_url) . " WHERE id='{$_SESSION['sessid']}'";

This should work provided that the {$_SESSION['sessid']} exists and has expected vaslue.