2

How do i save rss feed to database, after a person put a link in to text input field and press "Submit" to get live content? I'm sorry for my poor English 

<?php
$url = "";
if(isset($_POST['submit'])){
    if($_POST['feedurl'] != ''){
        $url = $_POST['feedurl'];
    }
}

$invalidurl = false;
if (@simplexml_load_file($url)) {
    $feeds = simplexml_load_file($url);
} else {
    $invalidurl = true;
    echo "<h2>Invalid RSS feed URL.</h2>";
}


$i=0;
if (!empty($feeds)) {
    $site = $feeds->channel->title;
    $sitelink = $feeds->channel->link;

    echo "<h1>".$site."</h1>";
    foreach ($feeds->channel->item as $item) {
        $title = $item->title;
        $link = $item->link;
        $description = $item->description;
        $postDate = $item->pubDate;
        $pubDate = date('D, d M Y',strtotime($postDate));

        if($i>=5) break;
?>
<div class="post">
    <div class="post-head">
        <h2><a class="feed_title" href="<?php echo $link; ?>"><?php echo $title; ?></a></h2>
        <span><?php echo $pubDate; ?></span>
    </div>
    <div class="post-content">
        <?php echo implode(' ', array_slice(explode(' ', $description), 0, 20)) . "..."; ?> <a href="<?php echo $link; ?>">Read more</a>
    </div>
</div>
<?php
$i++;
   }
} else {
    if (!$invalidurl) {
        echo "<h2>No item found</h2>";
    }
}
?>

how i should modify this to get it done? the code above get things done to fetch content from posted RSS URL and display it to an user.

Tom Udding
  • 2,264
  • 3
  • 20
  • 30
Šuška Stanislovas
  • 23
  • 5
  • You have the data you need (title, link, ...), you just have to create the code to interact with the database. You should start reading this: https://secure.php.net/manual/en/book.pdo.php – NaeiKinDus May 02 '17 at 16:50

2 Answers2

2

This code is just to get you started, consider that this is executing as many inserts as items you have, a much better alternative to this would be to do an insert with multiple values

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
$stmt = $conn->prepare('INSERT INTO RSS_FEED (title, item, link, descripton, pub_date) VALUES (?, ?, ?, ?, ?)');

$values = array();
foreach ($feeds->channel->item as $item) {
  $stmt->bind_param(
    'sssss',
    $item->title,
    $item->link,
    $item->description,
    date('D, d M Y',strtotime($item->pubDate))
  );
  $stmt->execute();
}
$stmt->close();
$conn->close();

For more details click here

Community
  • 1
  • 1
lloiacono
  • 4,714
  • 2
  • 30
  • 46
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 02 '17 at 14:34
  • @AlexHowansky as I mentioned in the first line of my answer, the code is just to get him started, I also mentioned that he should sanitize the input before passing it to the DB. Why the down vote? – lloiacono May 02 '17 at 14:44
  • i have a dbconnect.php file, would it be more secure to use it instead of first code lines? – Šuška Stanislovas May 02 '17 at 14:48
  • _"Why the down vote?"_ Because I see SQL injection vulnerabilities all day, every day, and your code is teaching a very bad habit. OP may not understand what it means to sanitize or how to correctly do it. Replace the query with a proper prepared statement and I'll undo the downvote. – Alex Howansky May 02 '17 at 14:49
  • 1
    There you go -- it's no more complex than the previous edit and gets OP off on the right foot, thank you. – Alex Howansky May 02 '17 at 15:14
0

It depends on the approach you want to take in the DB, if you don't need to search for particular elements inside the feeds you could even save the entire content as a single blob

lpezzolla
  • 23
  • 6