Here is the code that’s run by the plugin. It passes the CSV file data to MySQL.:
$new_post = array(
'post_title' => $row['Account Name'],
'post_content' => $row['Yellow Page Business Description'],
'post_status' => 'publish',
'post_author' => 1,
'post_type' => 'business',
'post_category' => array(0)
);
try
{
$result = wp_insert_post(add_magic_quotes($new_post), true);
if (is_wp_error($result)) {
$output .= '<p style="color:red;">ERROR LOADING CSV FILE</p>';
$output .= "<p style='color:red;'>Failed to import {$new_post['post_title']}</p>";
$output .= '<pre>'.$result->get_error_message().'</pre>';
}
else
{
$post_id = $result;
To which, MySQL reports:
[error] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘))) AND (cj_posts.post_password = ”) AND cj_posts.post_type = ‘business’ AND ‘ at line 1 for query SELECT DISTINCT SQL_CALC_FOUND_ROWS cj_posts.* FROM cj_posts LEFT JOIN cj_term_relationships AS trel ON (cj_posts.ID = trel.object_id) LEFT JOIN cj_term_taxonomy AS ttax ON ( ( ttax.taxonomy = ‘category’ ) AND trel.term_taxonomy_id = ttax.term_taxonomy_id) LEFT JOIN cj_terms AS tter ON (ttax.term_id = tter.term_id) LEFT JOIN cj_comments AS cmt ON ( cmt.comment_post_ID = cj_posts.ID ) WHERE 1=1 AND ( ( ((())) AND (cj_posts.post_password = ”) AND cj_posts.post_type = ‘business’ AND (cj_posts.post_status = ‘publish’)) AND post_type != ‘revision’) AND post_status != ‘future’ ORDER BY cj_posts.post_title LIKE ‘% %’ DESC, cj_posts.post_date DESC LIMIT 0, 10 made by require(‘wp-blog-header.php’), wp, WP->main, WP->query_posts, WP_Query->query, WP_Query->get_posts
cj_ is the WordPress prefix.
I think it’s the use of magic_quotes not working, so it’s passing characters from the CSV data to MySQL that are not escaped properly. But I’m not 100% sure and I’m not sure what to substitute to make it work.
You don’t need to use
add_magic_quotes
. From thewp_insert_post
documentation:Emphasis is mine.
https://codex.wordpress.org/Function_Reference/wp_insert_post
add_magic_quotes
essentially iterates over an array and callsadd_slashes
on each element. This is completely unnecessary aswp_insert_post
will sanitize any input it is given. Whatever problem you expectadd_magic_quotes
to solve, it doesn’t.