[UnknownCoder]

I'm having a problem updating the values in my SQL database. Here is the error I'm getting:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.co, WHERE id=2' at line 1

This is the code I've created for it:

// save the account info if the button was pressed.
if(isset($_POST['save_account'])){

	$id = $_SESSION['id'];
	$realname = $_POST['realname'];
	$email = $_POST['email'];
	
	$realname = mysql_real_escape_string($realname);
	$email = mysql_real_escape_string($email);
	
	mysql_query("UPDATE `users` SET `realname`=$realname, `email`=$email, WHERE `id`=$id") or die(mysql_error());
	$_SESSION['success'] = 'Your site settings have been successfully updated.';

}

If anyone could help me with this, it would be much appreciated!

[Dormilich]

you want to pass strings, but strings must be quoted in SQL (unless you use Prepared Statements, see signature)

[andrewsw]

You also have an extra comma after $email.