Using this code, I handle a form where I enter in my article. For some reason, now it’s throwing an error at me. The error is…
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’ at line 1
Here is the code.
<?php
error_reporting(E_ALL);
session_start();
require("access.php");
include ("config.php");
?>
<!doctype html>
<html>
<head>
<title>check</title>
</head>
<body>
<?php
$contentOfPost=$_POST['contentOfPost'];
$dateTime = time();
$type=$_POST['type'];
$URL=$_POST['URL'];
$URLtitle = str_replace('-', ' ', substr($URL, 0, -4));
$teaser=$_POST['teaser'];
$imgURL=$_POST['img'];
if(!$type=="" || !$contentOfPost=="")
{
$link = mysql_connect($host, $username, $password);
if(!$link){die(mysql_error());}
$db_selected = mysql_select_db($DbName, $link);
if(!$db_selected){echo "dbselect";die(mysql_error());}
[B]$insertionToDatabase="INSERT INTO $tableName (PostNumber, DateTime, Content, type, URL, teaser, img) VALUES (NULL, FROM_UNIXTIME($dateTime), '$contentOfPost', '$type', '$URL', '$teaser', '$imgURL'";[/B]
$result = mysql_query($insertionToDatabase);
if (!$result) {
echo $type;
echo $URL;
echo $URLtitle;
echo $imgURL;
echo "<br>";
echo $insertionToDatabase;
die('Invalid query: ' . mysql_error());
}
else
{
$fh = fopen($URL, 'w') or die("can't open file");
$stringData = '<?php $pageIdentity="'.$URLtitle.'";
$articleType="'.$type.'";
include("../../settings.php");
?>
<div id="wrapper">
<?php include("../../header.php");?>
<div id="main">
<?php include("../../menu.php");?>
<div id="page">
<div id="content">
<div class="post">
<h2 class="title article"><a href="'.$URL.'">'.$urlTitle.'</a></h2>
<p class="meta">Posted on '.$dateTime.' • <a href="http://www.ryanreese.us/blog/'.$URL.'" class="permalink">Full article</a></p>
<div class="entry">
<p><img src="'.$imgURL.'" width="186px" height="186px" alt="" class="alignleft border" />'.$contentOfPost.'</p>
</div>
</div>
</div>
<?php include ("../../sidebar.php");?>
</div>
</div>
<?php include("../../footer.php");?>
</div>
</body>
</html>';
fwrite($fh, $stringData) or die("cant");
fclose($fh);
}
echo $result;
mysql_close($link);
}
session_destroy();
?>
</body>
</html>
The bolded is what I run. I echo out the query and I get this.
INSERT INTO userSubmitted (PostNumber, DateTime, Content, type, URL, teaser, img) VALUES (NULL, FROM_UNIXTIME(1332387057), ’
Even if I remove the tacks (‘’) in the query, it doesn’t work.