INSERT在启用了magic_quotes的服务器上失败

时间:2010-09-08 01:09:54

标签: php mysql insert

我一直在努力让我的数据插入到我的表中。数据从xml文件中提取到数组中并回显结果很好但插入失败。 

 $dbhost = 'XXXX';
 $dbuser = 'XXXX';
 $dbpass = 'XXXX';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');

if($conn)
 {
echo "Database Connection Successfull...<br /><br />";
 }

$dbname = 'a4027212_footy';
mysql_select_db($dbname) or die('Couldnt connect to database table');

if($dbname)
{
echo "Database ".$dbname." Selected..<br /><br />";
}

  $tweetmeme = "http://api.tweetmeme.com/stories/popular.xml?category=sports-soccer&count=30" ; 

  $xml = @simplexml_load_file($tweetmeme) or die ("no file loaded") ; 
  if($xml)
  {
echo "Tweetmeme XML loaded with ".count($xml->stories->story)." stories in the file..<br /><br />";
  }
 if(get_magic_quotes_gpc())
 {
echo "Magic Quotes is ON<br /><br />";
 }
foreach($xml->stories->story as $story)
{
    $title=$story->title;
$title=mysql_real_escape_string($title);

$url=$story->url;
$url=mysql_real_escape_string($url);

$media_type=$story->media_type;
$media_type=mysql_real_escape_string($media_type);

$created=$story->created_at;
$created=mysql_real_escape_string($created);


$url_count=$story->url_count;
$url_count=mysql_real_escape_string($url_count);

$comment_count=$story->comment_count;
$comment_count=mysql_real_escape_string($comment_count);

$excerpt=$story->excerpt;
$excerpt=mysql_real_escape_string($excerpt);

$sql = "INSERT INTO ft_tweets (title,url,media_type,created_at,mention_count,comment_count,excerpt) VALUES ($title,$url,$media_type,$created,$url_count,$comment_count,$excerpt)";

$result = mysql_query($sql) or die(mysql_error());
if($result)
{
echo "added to database<br />";
}
}
echo "<br /><br />";

我已经被告知如果字符串中有特殊字符,插入将失败,而mysql_real_escape_string()会有所帮助,但它没有。我尝试过,没有逃避无济于事。

返回的错误消息是:SQL语法中有错误;检查与MySQL服务器版本对应的手册,以便在'off'附近使用正确的语法。脚踝看起来很糟糕。在Twitpic上),第1行的mysql_real_escape_string(http://twitpic.c'

并且在sql插入时失败。

2 个答案:

答案 0 :(得分:2)

$sql = "INSERT INTO ft_tweets (title,url,media_type,created_at,mention_count,comment_count,excerpt) VALUES ($title,$url,$media_type,$created,$url_count,$comment_count,$excerpt)";

$ title,$ url等附近的单引号在哪里?它应该是:

$sql = "INSERT INTO ft_tweets (title,url,media_type,created_at,mention_count,comment_count,excerpt) VALUES ('$title','$url','$media_type','$created','$url_count','$comment_count','$excerpt')";

当然,你可以忽略数字字段的单引号。

答案 1 :(得分:1)

“关闭”开始的地方就是你遇到麻烦的角色。我首先回显$ sql,然后是quit();命令。然后,你会看到Sabeen提到的字符串周围缺少的引号。

我还发现this引用了启用了魔术引号的服务器:

<?php
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
  {
  $value = stripslashes($value);
  }
// Quote if not a number
if (!is_numeric($value))
  {
  $value = "'" . mysql_real_escape_string($value) . "'";
  }
return $value;
}
相关问题
最新问题