I've been working on this for ~2 days now and can't find a solution after checking my code and error logs for hours. So, I'm hoping some fresh eyes will help.
I'm gathering facebook data and inserting it into my database. When I run a var_dump on the $sql INSERT command I see all the facebook data in the string. I've also run var_dumps on each variable to make sure the data is there. It is and each show as a string type. This matches what the database is expecting--VARCHAR with plenty of room.
I have a few other tables in this database and they are still accepting data so it doesn't seem to be a database issue (this is a shared server and I don't have access to it). Also, I've tried what seems like almost every variation of syntax, different quotes, etc. in the INSERT statement, but to no avail....
Finally, the error I get as a result of mysql_error() is "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'm just a chill dude looking for some fun . . .','AAAIAZB21He9sBAOLpbm3XTwabMVX0s' at line 1". What you are seeing in the single quotes (') is the current data for the $fbabout and $at VALUES in the INSERT statement.
With that, here is the code to the php file. Thank you in advance for taking the time to check this out!
<?php
require_once("facebook.php");
$app_id = "";
$app_secret = "";
$my_url = "";
$code = $_POST["code"];
if(empty($code)) {
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state']."&scope=email,user_birthday,user_interests,friends_interests,publish_stream,user_about_me,user_checkins";
echo("<script> top.location.href='" . $dialog_url . "'</script>");
} else {
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$_SESSION['access_token'] = $params['access_token'];
$graph_url = "https://graph.facebook.com/me?access_token=". $params['access_token'];
$interests = "https://graph.facebook.com/me/interests?access_token=". $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
$user_interests = json_decode(file_get_contents($interests));
$id = $user->id;
$fname = $user->first_name;
$lname = $user->last_name;
$link = $user->link;
$gender = $user->gender;
$locale = $user->location->name;
$email = $user->email;
$bday = $user->birthday;
$uidata = array();
$number = count($user_interests->data);
for ($i = 0;$i<=$number-1;$i++){
array_push($uidata,($user_interests->data[$i]->name));
}
$ui = implode(",", $uidata);
$fbabout = $user->bio;
$at = $params['access_token'];
// Insert data into mysql
$sql="INSERT INTO $tbl_name(fbid,fname,lname,link,gender,locale,email,birthday,interests,fbabout,fbtoken)VALUES('".$id."','".$fname."','".$lname."','".$link."','".$gender."','".$locale."','".$email."','".$bday."','".$ui."','".$fbabout."','".$at."')";
$result=mysql_query($sql);
if($result) {
header( 'Location: https://crushonit.com/join/fbRegister.html' );
} else {
echo mysql_error();
}
}
?>
<?php
// close connection
mysql_close();
?>
As other people have commented, you should always clean any data before inserting it into a database, using mysql_real_escape_string() at the very least. In your case, the "I'm" is causing you problems.
I have another query though; you are using the PHP SDK, by including facebook.php, but you are also manually querying the graph using file_get_contents. This strikes me as odd, because if you are using the SDK you don't need to do that. The SDK will create an object and you query that.
https://developers.facebook.com/docs/reference/php/
The above link may be of some help.
$ table_name浏览器将其读取为变量,将其从table_name中删除
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.