0

I get the following error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '16:45:40, 2012-12-18 16:45:40, Renovated Stone house in Perast, first line, 2012' at line 1

This is the SQL query where the problem is

$sql =  "INSERT INTO `wp_posts` (`post_author`, `post_date`, `post_date_gmt`, `post_title`, `post_modified`, `post_modified_gmt`, `xml_id`)";
$sql .= " VALUES ({$postAuthor}, {$postDate}, {$postDate}, {$title}, {$postModified}, {$postModified}, {$xmlId});";
Improve this question
1
  • 3
    You need to sanitize your input. Commented Feb 1, 2013 at 10:09

3 Answers 3

Reset to default
3

The values have to be enclosed in quotation marks, and you have to make sure that there are no quotation marks in the values.

The best way to do this is using prepared statements, e.g. with the PHP Data Objects.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

This line:

$sql .= " VALUES ({$postAuthor}, {$postDate}, {$postDate}, {$title}, {$postModified}, {$postModified}, {$xmlId});";

Should be:

$sql .= " VALUES ('$postAuthor', '$postDate', '$postDate', '$title', '$postModified', '$postModified', '$xmlId')";

Remove the wrapped: ', where the column type isn't a varchar.

Also, you must validate you're escaping the special characters inside the variables. mysql_real_escape_string

Improve this answer

1 Comment

No, it shouldn't. Or at least you have to escape the variables before.
1

It should work

$sql =  "INSERT INTO `wp_posts` (`post_author`, `post_date`, `post_date_gmt`, `post_title`, `post_modified`, `post_modified_gmt`, `xml_id`)";
$sql .= " VALUES ('$postAuthor', '$postDate', '$postDate', '$title', '$postModified', '$postModified', '$xmlId')";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.