Hi, I have made a simple script that gets some data from another website (phpbbhacks.com) and inserts it into my own database. Don't worry, I am aloud to do this
My Script:
PHP Code:
<?php
// This is version 2
if (isset($_GET['phpbbhacks_id']))
{
$phpbbhacks_id = $_GET['phpbbhacks_id'];
$phpbbhacks_url = 'http://www.phpbbhacks.com/download/' . $phpbbhacks_id;
} else {
echo "You did not set the starting phpbbhacks_id!";
exit;
};
function GetNextMod($phpbbhacks_id) {
$phpbbhacks_old_id = $phpbbhacks_id;
$phpbbhacks_id = $phpbbhacks_id + 1;
echo '<h1>The hack (ID:' . $phpbbhacks_old_id . 'has been taken from phpbbhacks and inserted correctly into the scripthackers database, you will be re-directed and the next one shall start in 3 seconds...</h1>';
header( "refresh: 3; url=http://scripthackers.com/Get_Mods2/phpbbhacks.php?phpbbhacks_id=$phpbbhacks_id" );
exit;
};
if ($phpbbhacks_id <= 6000) {
//
// Get the information and put it into short tags: $string = $datastring[5];
//
$page_data = file_get_contents($phpbbhacks_url);
// Website URL:
if (eregi("View Demo", $page_data)) {
// There is a demo link
$string = preg_match_all('/href="(.*)">View Demo/', $page_data, $data);
for ($i=0; $i< count($data[0]); $i++) {
$url = $data[1][$i];
};
} else {
// There is no demo link
$url = "http://www.phpbb.com";
}
// Download URL:
$string = eregi('title="(.*)">Download</a>', $page_data, $data);
$dl_url = $data[1];
// Get filename
$filename_parts = explode("/", $dl_url);
$filename = $filename_parts[4];
/* e.g for this url the array would be: [url]http://www.phpbbhacks.com/downloads/2925.zip[/url]
[0] => http:
[1] =>
[2] => [url]www.phpbbhacks.com[/url]
[3] => downloads
[4] => 2925.zip )
*/
// Version & other info:
$string = eregi('<h3>Download Information</h3>(.*)<div class="smallnavlinks"><a href="/forums/">', $page_data, $data);
$version_info = $data[1];
//
// Make a MySQL Connection
//
mysql_connect("localhost", "**USER**", "**PASS**") or die(mysql_error());
mysql_select_db("**DATABASE**") or die(mysql_error());
// Get the scripthackers ID
$gettingshid = mysql_query("SELECT lid FROM cms_downloads_downloads WHERE title=$title && cid=$category")
or die(mysql_error());
// Insert the mirror part into the database :-)
mysql_query("INSERT INTO cms_downloads_mirrors (did, url, filename, filesize, uploaded) VALUES ($scripthackers_id, $dl_url, $filename, $file_size, '0') ")
or die(mysql_error());
//
// Insert download version and ID into the update DB
//
mysql_query("INSERT INTO othersites_phpbbhacks (scripthackers_version, phpbbhacks_id, scripthackers_id) VALUES ($version, $phpbbhacks_id, $scripthackers_id) ")
or die(mysql_error());
//
// Start again!
//
GetNextMod($phpbbhacks_id);
} else{
echo "All phpbbhacks resources with IDs below 6000 have not been added to the database";
exit;
};
?>
When I execute it on: http://phpbbhacks.com/download/1, I get the followin error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Topic, '0', This hack changes the topic of your posts from \"Vi.
The part which I think is giving it problems is: This hack changes the topic of your posts from "View Topic" to the actual topic of the thread. This is not only better looking, but is better for search engines.
As it has "s in it, I do use
PHP Code:
$desc = addslashes($desc_code);
Though, so I would have thought this would have sorted it. As it is not sent through get/post/cookie then magic quotes thingy is not the problem (I don't think).
i would check the columns, make sure the values your passing are the correct type, as in dont be passing text to a int column, after that, try run those queries in a mysql shell ... you could take out the listing of the columns, i.e., INSERT INTO table ( column, column2) VALUES ( 'value' , 'value' ) ., take out the ( column, column2) to make INSERT INTO table VALUES ('value', 'value' ) ,
MySQL syntax error
Linear Mode
