Hi,

I am trying to implement the correct update code. I have a registration script which enables someone to create an account but I am now trying to create a page which allows someone to add details to their account. Do I simply change "INSERT INTO" to "UPDATE".

What Im confused about is how I mix Post with string update to help make it secure.

Code:
 $category = mysql_real_escape_string(trim($_POST['category']));
I found this on the http://www.w3schools.com/php/php_mysql_update.asp W3 Schools Site but it doesn't include an safety measures.


Code:
       $sql = "
        UPDATE
            user
        SET
            category = '".$_POST['category']."',
			linkcategory = '".str_replace(' ', '-',strtolower($_POST['category']))."',
            website = '".$_POST['website']."',
            company = '".$_POST['company']."',
            building = '".$_POST['building']."',
            streetname = '".$_POST['streetname']."',
			town = '".$_POST['town']."',
            state = '".$_POST['state']."',
            postcode = '".$_POST['postcode']."',
            aboutcompany = '".$_POST['aboutcompany']."',
			country = '".$_POST['country']."'";

        $result = mysql_query($sql) or die("An error occurred ".mysql_error());

       

    }

}
?>