I'm parsing a feed and I want to insert it into my database. I echo out the correct feed entries but when I want to insert into database, I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'update, link) VALUES (...) on line 1.
Here's the code:
include_once("connect_to_mysql.php");
$xml= simplexml_load_file('http://somefeed/feeds/rss');
$list = $xml->entry;
$title = $list[0]->title;
$img = $list[0]->summary->div->img['src'];
$update = $list[0]->updated;
$link = $list[0]->link['href'];
$sql = mysql_query("INSERT INTO table (title, img, update, link)
VALUES ('$title', '$img', '$update', '$link')") or die (mysql_error());
This worked fine throughout my website but now I get this error. I'm using xampp. Also some entries are files with http:// that the problem? I found similar posts but their fixes don't work for me.
the are two reserved keywords: table and update used in your query, it must be escape with backtick.
INSERT INTO `table` (title, img, `update`, link)
VALUES ('$title', '$img', '$update', '$link')
As a sidenote, the query is vulnerable with SQL Injection if the value(s) came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.