esteftaats Posted September 17, 2013 Share Posted September 17, 2013 (edited) hello guys.I want to insert post in wordpress with php.I was wrote this code, but give me an error. PHP Code: $db = mysql_connect("localhost","root",""); if ($db) { $sdb = mysql_select_db('wp',$db); if($sdb) { $sql = "INSERT INTO wp_posts (post_title,post_content,post_name,post_date,post_ date_gmt,post_modified,post_modified_gmt,post_auth or,post_status) VALUES ('title2','".$post."','post_name2',now(),now(),now (),now(),1,'publish')"; $result = mysql_query($sql, $db)or die( mysql_error() ); } else { echo"database not found"; } } else { echo"not connected to mysql"; } $cdb = mysql_close($db); error of this code is : your data registeredYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'news_detail_text' > یک مجله استرال' at line 1tnx Edited September 17, 2013 by esteftaats Link to comment Share on other sites More sharing options...
justsomeguy Posted September 17, 2013 Share Posted September 17, 2013 Print the query out. I don't see "news_detail_text" in the code there. Link to comment Share on other sites More sharing options...
esteftaats Posted September 17, 2013 Author Share Posted September 17, 2013 Print the query out. I don't see "news_detail_text" in the code there. query out is : your data registeredYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'news_detail_text' > یک مجله استرال' at line 1 And "news_detail_text" is one part of $post value of $post is bellow (html characters) <div class='news_detail_text' > <div>یک مجله استرالیایی این سوپر مدل را به عنوان زیباترین شخص 2012 معرفی کرده است . او اخیرا برای برند ریبوک یک لباس ورزشی زنانه را تبلیغ کرده است و عکسهایی برای این تبلیغات گرفته شده است که نشان می دهد این عنوان واقعا برازنده وی است.</div> <div> </div> <div>به گزارش <a href="http://www.irannaz.com" title="http://www.irannaz.com">ایران ناز</a> او اکنون مادر دو فرزند است . با این حال تناسب اندام و انعطاف پذیری فوق العاده اش وی را به یک اسطوره در دنیای مد تبدیل کرده است.</div> <div> </div> <div style="text-align: center;"><a href="http://www.irannaz.com/news_cats_3.html" ><img border="0" src="http://www.irannaz.com/user_files/image/image45/0.998324001333992954.www.irannaz.com.jpg" alt="آشنایی با زیباترین و جذابترین زن معروف جهان +عکس" title="آشنایی با زیباترین و جذابترین زن معروف جهان +عکس" /></a></div> <div> </div> <div>او اکنون 28 ساله است و اخیرا تصویری از او به همراه پسر کوچک خود به نام فیلین روی جلد یک مجله پرتیراژ به چاپ رسیده است. وی در مصاحبه اش با این مجله گفته است روزی 18 ساعت کار میکند که بخش عمده آن حرکات ورزشی است.<br /> <br /> او همسر اورلاندو بلوم هنرپیشه معروف هالیوودی است و می گوید در درجه اول دوست دارد وظیفه همسری و مادری خود را به خوبی اجرا کند و سپس در کار و فعالیت مورد علاقه اش بپردازد. این دومین بار است که وی به عنوان زیباترین زن دنیا انتخاب میشود.</div> </div> Link to comment Share on other sites More sharing options...
justsomeguy Posted September 18, 2013 Share Posted September 18, 2013 If you're using the mysql extension, then you need to use mysql_real_escape_string to escape any data that is user-entered or might contain single quotes. http://www.php.net/manual/en/function.mysql-real-escape-string.php When you add that text into the query then it looks like this, and breaks the single quotes: INSERT INTO wp_posts (post_title,post_content,post_name,post_date,post_ date_gmt,post_modified,post_modified_gmt,post_auth or,post_status) VALUES ('title2','<div class='news_detail_text' > <div>... Notice how "news_detail_text" is in a different color, because the single quote before it ends the string. Those quotes inside the text need to be escaped. Link to comment Share on other sites More sharing options...
esteftaats Posted September 18, 2013 Author Share Posted September 18, 2013 INSERT INTO wp_posts (post_title,post_content,post_name,post_date,post_ date_gmt,post_modified,post_modified_gmt,post_auth or,post_status) VALUES ('title2','<div class='news_detail_text' > <div>... Notice how "news_detail_text" is in a different color, because the single quote before it ends the string. Those quotes inside the text need to be escaped. '<div class='news_detail_text' > <div>..... is'nt constant. and must be in a variable Link to comment Share on other sites More sharing options...
justsomeguy Posted September 18, 2013 Share Posted September 18, 2013 Yes I know, that's the point of escaping data that goes into a query. What I showed is the query that actually goes to MySQL. MySQL doesn't receive PHP variables, it receives text. You build the text in PHP and send it to MySQL. If you print the query out then you can see what actually gets sent to MySQL, and the data is not correct because you haven't escaped the quotes. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now