mysql_real_escape_string


Posted on 16th Feb 2014 07:03 pm by admin

Let me preface this that I am very much a PHP noob, but I have some SQL training (not necessarily MySQL, we used the Microsoft variety in school). I have a weird problem, I'm trying to create a script that will take a RSS feed and import it to a MySQL database. It worked well when I was only bringing in 10 items in the feed at a time, but when I opened it up to a larger set of items it freaks out. I think it has to do with the data not being very "clean". Meaning the data has a lot of single and double quotes and what not. As you'll see in my code I've tried to fix this by using mysql_real_escape_string(), but it still get's hung up for some reason. Here's a look at my code:
Code: <?php include('rss_fetch.inc');
define('MAGPIE_FETCH_TIME_OUT', 200);

function safe($value){
return mysql_real_escape_string($value);
}

// Set error reporting for this
ini_set('display_errors',1);
error_reporting(E_ALL);

// Fetch RSS feed

$rss = fetch_rss('feedurl');



if ($rss) {
// Split the array
$items = array_slice($rss->items,0);

// Cycle through each item and echo
foreach ($items as $item)
{
$con = mysql_connect("server","uname","pword");
if (!$con)
{
die('MySQL could not connect: ' . mysql_error());
}

mysql_select_db("rsstomysql", $con);


$sql="INSERT INTO `opportunities` (`opp_id`, `opp_title`, `opp_link`, `opp_desc`, `opp_provider`, `opp_startdate`, `opp_enddate`, `opp_location_name`, `opp_categories`, `opp_openended`, `opp_sponsororg`, `opp_starttime`, `opp_endtime`, `opp_contactemail`, `opp_contactphone`, `opp_contactname`)
VALUES('".$item['fp']['id']."', '".safe($item['title'])."', '".$item['link']."', '".safe($item['description'])."', '".$item['fp']['provider']."', '".$item['fp']['startdate']."', '".$item['fp']['enddate']."', '".$item['fp']['location_name']."', '".$item['fp']['categories']."', '".$item['fp']['openended']."', '".$item['fp']['sponsoringorganizationname']."', '".$item['fp']['starttime']."', '".$item['fp']['endtime']."', '".$item['fp']['contactemail']."', '".$item['fp']['contactphone']."', '".$item['fp']['contactname']."')
ON DUPLICATE KEY UPDATE `opp_title` = '".$item['title']."';";
if (!mysql_query($sql,$con))
{
die('MySQL Error: ' .mysql_errno() .mysql_error());
}
echo "Records added";
mysql_close($con);
}
}
else
{
echo '<h2>Magpie Error:</h2><p>'.magpie_error().'</p>';
}
// Restore original error reporting value
@ini_restore('error_reporting');
?>This is the error I'm getting:
QuoteMySQL Error: 1064You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Stop Modern Day Slavery'' at line 3The 'Stop Modern Day Slavery" is in one of the title fields in the feed. I have used mysql_real_escape_string() on the title field, but it does not seem to have any effect. Does anyone have any ideas? I've also used addslashes() and it does the same thing...

No comments posted yet

Your Answer:

Login to answer
72 Like 34 Dislike
Previous forums Next forums
Other forums

background color imagefill
Hello

I would like to ask you why I see this square in red color just in my local xampp insta

Sub-domains & calling unique content
Hello,

Is there a way use something similar to the $_GET function for a sub-domain? I to be a

Using the $_GET variable to view certain records
Hello,

First let me explain my problem, I have 2 pages the first page pull a list of Guide ti

Legal Issues for SAP ERP o ERP in general
Hi experts,

Can someone please help me finding some documentation about legal issues tha

Database 'Validation'
Hi everyone,
I'm trying to validate the password entered by the user with the password in the dat

How do I get the row number from from an sql table query
Hi all

I have a table that I query and it returns a number of rows.
mysql_num_rows($query)

I need help with formatting date from mysql! with php!
Hello guys

*Note: this is a php question not MySQL question, please do not move it to mysql s

.htpasswd Registration Form
Hi,
I wanted to make an htpasswd registration form.
I found this code on the internet but have

This is driving me nuts!
This insert query looks to be alright, however I get this error:

QuoteYou have an error in yo

Install page
How do I make it so when a user submits information on the Install page, it'll right it into the cor

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



 
© indyaspeak.com. All Rights Reserved.
Play Free Quiz and Win Cash