[SOLVED] mysql_real_escape_string

[fredbear]

Let me preface this that I am very much a PHP noob, but I have some SQL training (not necessarily MySQL, we used the Microsoft variety in school).  I have a weird problem, I'm trying to create a script that will take a RSS feed and import it to a MySQL database.  It worked well when I was only bringing in 10 items in the feed at a time, but when I opened it up to a larger set of items it freaks out.  I think it has to do with the data not being very "clean".  Meaning the data has a lot of single and double quotes and what not.  As you'll see in my code I've tried to fix this by using mysql_real_escape_string(), but it still get's hung up for some reason.  Here's a look at my code:

<?php include('rss_fetch.inc');
define('MAGPIE_FETCH_TIME_OUT', 200);

function safe($value){
   return mysql_real_escape_string($value);
} 

// Set error reporting for this 
ini_set('display_errors',1);
error_reporting(E_ALL);

// Fetch RSS feed

$rss = fetch_rss('feedurl'); 



if ($rss) {
// Split the array 
$items = array_slice($rss->items,0);

// Cycle through each item and echo  
foreach ($items as $item)
{   
$con = mysql_connect("server","uname","pword");
if (!$con)
  {
  die('MySQL could not connect: ' . mysql_error());
  }

mysql_select_db("rsstomysql", $con);


$sql="INSERT INTO `opportunities` (`opp_id`, `opp_title`, `opp_link`, `opp_desc`, `opp_provider`, `opp_startdate`, `opp_enddate`, `opp_location_name`, `opp_categories`, `opp_openended`, `opp_sponsororg`, `opp_starttime`, `opp_endtime`, `opp_contactemail`, `opp_contactphone`, `opp_contactname`)
VALUES('".$item['fp']['id']."', '".safe($item['title'])."', '".$item['link']."', '".safe($item['description'])."', '".$item['fp']['provider']."', '".$item['fp']['startdate']."', '".$item['fp']['enddate']."', '".$item['fp']['location_name']."', '".$item['fp']['categories']."', '".$item['fp']['openended']."', '".$item['fp']['sponsoringorganizationname']."', '".$item['fp']['starttime']."', '".$item['fp']['endtime']."', '".$item['fp']['contactemail']."', '".$item['fp']['contactphone']."', '".$item['fp']['contactname']."')
ON DUPLICATE KEY UPDATE `opp_title` = '".$item['title']."';";
if (!mysql_query($sql,$con))
  {
  die('MySQL Error: ' .mysql_errno() .mysql_error());
  }
echo "Records added";
mysql_close($con);
}
}
else
{
  echo '<h2>Magpie Error:</h2><p>'.magpie_error().'</p>';
}
// Restore original error reporting value
@ini_restore('error_reporting');
?>

This is the error I'm getting: 

MySQL Error: 1064You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Stop Modern Day Slavery'' at line 3

The 'Stop Modern Day Slavery" is in one of the title fields in the feed.  I have used mysql_real_escape_string() on the title field, but it does not seem to have any effect.  Does anyone have any ideas?  I've also used addslashes() and it does the same thing...

[trq]

Your going to need to echo the values of $sql and see what your actual queries look like.

 

ps: This really ought be in the PHP Help board.

[PFMaBiSmAd]

Your using your safe() function on some of the string data being put into the query string, but not all of the string data being put into the query string. The error is occurring on line 3 of the query -

ON DUPLICATE KEY UPDATE `opp_title` = '".$item['title']."';";

 

Where is the escaping being done on $item['title'] in that part of the query?

 

[fredbear]

Wow, I feel dumb.  My error was saying line 3 of my query the whole time and I wasn't even paying attention.  I threw my safe() function around that and my table filled right up!  Of course it makes total sense after the fact.

 

Anyhow, thanks again and sorry for putting this in the wrong forum!