0

Sorry for this silly question but I really can't get it working. I am using the following code to exchange a 2-hour facebook token for a long lived. My token are stored in mysql table offline_users.When I paste the token manually, the script works perfectly and gives me the 60-day token, but when I select the token from mysql it doesn't work. Following is my code. I hope you can help me find my mistake.

  <?php
  include("lib/db.php");
  $id=$_GET['id'];
  $reponse = mysql_query("SELECT * FROM offline_access_users WHERE id=$id;");
  $app_id = "xxxxxxxxxxxxxxxxxxxxxxxx";
  $app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"; 
  $my_url = "https://apps.facebook.com/xxxxxxxxxxxxxxxxxxxxxx";
  $code = $donnees['access_token'];

 $token_url = "https://graph.facebook.com/oauth/access_token?client_id=xxxxxxxxxxxxxxxxxxxxxxxxxx&%20client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX0&%20grant_type=fb_exchange_token&%20fb_exchange_token=" . $code;

 $response = file_get_contents($token_url);
 $params = null;
 parse_str($response, $params);
 $longtoken=$params['access_token'];

 echo $longtoken;
 mysql_query(
        "UPDATE 
            offline_access_users
        SET
            `access_token` = '" . mysql_real_escape_string($longtoken) . "'
        WHERE
            `id` = $id
    ");


   //save it to database    
      ?>
Nizar Bark
  • 17
  • 7
  • 5
    Your code is vulnerable to mysql injection, learn more here http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – Fabio Mar 19 '14 at 21:22
  • are you getting a specific error message ? Which line of the code ? – Maximus2012 Mar 19 '14 at 21:23
  • actually it does not show any error msg. How can I see them please if any ? – Nizar Bark Mar 19 '14 at 21:25
  • Nizar mysql_query(...) returns a value boolean false if there was an error with the query. I would suggest doing $result = mysql_query(...); if (!$result) { die(mysql_error(); } And as already said, your opening yourself up to injection attacks and the code you are using is deprecated. see the big red box --> http://us2.php.net/manual/en/function.mysql-error.php – Rottingham Mar 19 '14 at 21:54
  • See [**mysql-fetch-assoc**](http://uk3.php.net/manual/en/function.mysql-fetch-assoc.php) – david strachan Mar 19 '14 at 22:14

0 Answers0