I have written a custom component for Joomla. This RSS feed can be read from different sources and should be stored in the SQL database.
But how do I use the escape function properly? Here is my code:
// Create a new query object.
$query = $db->getQuery(true);
// Insert columns.
$columns = array('id',
'id_feedsource',
'title',
'link',
'pubDate',
'timePubDate',
'guid',
'description',
'creator',
'content' ,
'read',
'smart',
'demografie',
'urbanisierung',
'arbeitswelten',
'konnektivitaet',
'nano',
'femaleshift',
'energie',
'bildung',
'individualisierung',
'public',
'cache');
// Insert values.
$values = array('NULL',
$db->quote($db->escape($value['source'])),
$db->quote($db->escape($value['title'])),
$db->quote($db->escape($value['link'])),
$db->quote($db->escape($value['pubDate'])),
$db->quote($value['timePubDate']),
$db->quote($db->escape($value['guid'])),
$db->quote($db->escape($value['description'])),
$db->quote($db->escape($value['creator'])),
$db->quote($db->escape($value['content'])),
0,0,0,0,0,0,0,0,0,0,0,0,0);
// Prepare the insert query.
$query
->insert($db->quoteName('#__heka_rss_feeds'))
->columns($db->quoteName($columns))
->values(implode(',', $values));
// Set the query object and execute it.
$db->setQuery($query);
//echo $query->dump().'<br>';
$db->execute();
Now add in individual contributions "\". For example: NASA\'s Fermi Space Telescope sharpens its high-energy vision
When issuing this does not look nice. Because of the escaping SQL Injection is to be used, but it may not yet be correct. What am I doing wrong?