0

I want to save 10.000 pages in my site's database.

When I run the file, this error occurs for every page.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '_trackPageLoadTime']);(function() {var ga = document.createElement("script"); ga' at line 1

I think there are some characters that are causing the error.

savedb.php

<?php 
include "conexao.php";

for ($nr=1; $nr<=10000; $nr++){
    $url = "http://www.site.com/u$nr";
    $html = file_get_contents($url);

    set_time_limit(120);

    $tabela_bd = "paginas";

    $sql = mysql_query("INSERT INTO $tabela_bd(html) VALUES('$html')");
    if ($sql) {echo "Cadastrado com sucesso!!";
} else {
echo "Falha ao cadastrar.".mysql_error();
}

}

?>

@edit Solved my problem with characters, but now some tables are being saved without content.

Loztaz
  • 35
  • 1
  • 6
  • 1
    If you're trying to save the html for each page all the `"'/=();` signs are going to give you lots of problems. Your need to escape all these unsafe characters. Try `mysql_esacpe()` – Cjueden Feb 02 '13 at 17:15
  • @loztaz take a look at http://stackoverflow.com/questions/887036/insert-value-in-mysql-containg-single-quotes – Anirudha Gupta Feb 02 '13 at 17:26

5 Answers5

3

Don't use the deprecated mysql_* functions. Use the mysqli_* functions instead.

Even better, use an abstraction library such as PDO, which supports the use of placeholders. This automatically applies escaping as required. See:

http://php.net/manual/en/book.pdo.php

Examples of use of placeholders:

http://www.php.net/manual/en/pdo.prepare.php

In your case, maybe this:

$stmt = $pdo->prepare("insert into $tabela_bd( html ) values ( :html )");
$stmt->bindValue('html', $html);
$stmt->execute();
leftclickben
  • 4,564
  • 23
  • 24
  • Thank you for showing this method, but is there any advantage in using it now? I think I'll use it in the future. – Loztaz Feb 02 '13 at 17:43
  • That depends how much code you've written. If it is just what is above, then I would recommend changing it over. If there are thousands of lines of code, then clearly there will be a lot of effort involved in migrating it, so maybe not. You definitely should use it in future :-) – leftclickben Feb 02 '13 at 17:52
1

Your files seem to have escape characters in them like \ or ;. What you would need to do is to make sure that these characters don't interfere with the query.

Use this

$html = mysql_real_escape_string($html);
$sql = mysql_query("INSERT INTO $tabela_bd(html) VALUES('$html')");
Achrome
  • 7,773
  • 14
  • 36
  • 45
  • Don't use deprecated mysql_* functions. – leftclickben Feb 02 '13 at 17:27
  • 1
    I don't use them when I code. I use them in my answers for readability, and only when they are used in the question. – Achrome Feb 02 '13 at 17:29
  • You don't use them in your code, yet you're okay with teaching someone else a bad practice? – leftclickben Feb 02 '13 at 17:33
  • Solved my problem with characters, but now some tables are being saved without content. – Loztaz Feb 02 '13 at 17:34
  • @leftclickben You completely misread my statement. I actively discourage the use of mysql in my answers, and if you browse through them, you would find that I write it as well. I did forget to mention it this time. – Achrome Feb 02 '13 at 17:39
0

You're not escaping the special characters in the html. Try mysql_escape or something of the like.

Cjueden
  • 1,200
  • 2
  • 13
  • 25
0

You need to escape your $html variable:

$sql = mysql_query("INSERT INTO $tabela_bd(html) VALUES('" . mysql_real_escape_string($html) . "')");
Tobias
  • 1,692
  • 12
  • 21
0

You should use mysql_real_escape_string in your situation as demonstrated below. 

<?php 
include "conexao.php";

for ($nr=1; $nr<=10000; $nr++){
    $url = "http://www.power-pixel.net/u$nr";
    $html = file_get_contents($url);

    // escape the string
    $html = mysql_real_escape_string($html);

    set_time_limit(120);

    $tabela_bd = "paginas";

    $sql = mysql_query("INSERT INTO $tabela_bd(html) VALUES('$html')");
    if ($sql) {
      echo "Cadastrado com sucesso!!";

    } else {
      echo "Falha ao cadastrar.".mysql_error();
    }

}

?>
user20232359723568423357842364
  • 4,624
  • 1
  • 18
  • 28
  • Don't use deprecated mysql_* functions. – leftclickben Feb 02 '13 at 17:26
  • are sure he has another option? mysqli,pdo? – user20232359723568423357842364 Feb 02 '13 at 17:29
  • Why would PDO not be available? – leftclickben Feb 02 '13 at 17:30
  • PDO was introduced in PHP 5.1, and there are people with older versions than that, so it would not exactly be a safe assumption to make that every developer will have access to PDO. MySQLi is from PHP4, so almost all devs would have access to it. – Achrome Feb 02 '13 at 17:45
  • @Ashwin Mukhija - PHP 5.1 was released in 2005 and has been End Of Life for at least 2 years now (as is 5.2 actually), so anyone still using a version that old already has serious issues with their hosting provider. – leftclickben Feb 03 '13 at 04:41
  • @user2023235 - You are right, it isn't deprecated until 5.5, but the notice on every `mysql_*` function says "This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used." That seems pretty clear to me. – leftclickben Feb 03 '13 at 04:43