I used preg_split to remove the tag info from tweet message-id like, this is original output from Twitter
tag:search.twitter.com,2005:7551711354822656
I apply preg_split to get rid of ‘tag:search.twitter.com’ like
$arr = preg_split("/,/", "strip_tags(mysql_real_escape_string($status->id))");
$msg_ID = $arr[1];
& insert $msg_ID[1] into table. Now I apply same to message-content whose twitter output is
#DIYse_D DELIVERAB: twitter messages 1, 9th OCT 2010
I apply preg_split to get rid of ‘twitter messages 1’ from it like
$arr2 = preg_split("/,/", "strip_tags(mysql_real_escape_string($status->content))");
$msg = $arr[1];
& insert $msg[1] into table but it raises sql syntax error. OK, one thing here is that in $ status->id output, twitter added tag at the start of id while here it added ‘twitter messages 1’ inside the original message contents.
Here is SQL Insert Query
INSERT INTO msg2(id,msg,msg_id,depth,name) VALUES ('','$msg','$msg_ID','0','$name')
The four double-quotes I’ve indicated turn those bits of “code” into literal text strings. You’re not trying to split the results of a strip_tags function call, you’re trying to split a string that says “strip_tags(etc…)”. Remove the double quotes so PHP will see that it’s a function call, and not a string.
Since there’s no commas in that literal string, there won’t be any
$arr2[1]value, so you’re trying to insert a blank (or a null) into the database.As well, change your function sequence to:
Escaping for database insert should be the LAST thing you do before inserting. It’s possible that strip_tags may change the ordering of the escapes and produce a ‘bad’ string, leaving you open to SQL injection attacks.