上传到数据库时如何过滤csv(excel文件)
how to filter csv (excel file) when uploading to database
所以这是我在从字符(如撇号)中过滤 csv 内容时遇到的问题,我尝试使用 str_replace 但它似乎没有影响任何东西。下面的代码在上传没有特殊字符的数据时工作得很好,特别是撇号你能完善我下面的代码,这样系统就不会因为特殊字符而出错吗?
这里是代码:
if ($_FILES[csv][size] > 0) {
//get the csv file
$file = str_replace("'","",$_FILES[csv][tmp_name]);
$handle = fopen($file,"r");
//loop through the csv file and insert into database
do {
if (str_replace("'","",$data[0])) {
mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]','$data[10]','$data[11]','$currentDate')") or die ("LOL" .mysql_error());
}
} while ($data = fgetcsv($handle,1000,",","'"));
这是示例 csv 文件的图片http://imgur.com/K3g5lAJ
试试 mysql_real_escape_string();
mysql_query("INSERT IGNORE INTO faculty(FCode) values('mysql_real_escape_string($data[0])')") or die ("LOL" .mysql_error());
mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('".mysql_real_escape_string($data[0])."','".mysql_real_escape_string($data[1])." ','" . mysql_real_escape_string($data[2])."','" . mysql_real_escape_string($data[3])."','" . mysql_real_escape_string($ data[4])."','" . mysql_real_escape_string($data[5])."','" . mysql_real_escape_string($data[6])."','" . mysql_real_escape_string($data[7])."','" . mysql_real_escape_string($data[8])."','" . mysql_real_escape_string($data[9]) ."','" . mysql_real_escape_string($data[10])."','" . mysql_real_escape_string($data[11])."','$currentDate')") 或死("error in sql syntax".mysql_error());
所以这是我在从字符(如撇号)中过滤 csv 内容时遇到的问题,我尝试使用 str_replace 但它似乎没有影响任何东西。下面的代码在上传没有特殊字符的数据时工作得很好,特别是撇号你能完善我下面的代码,这样系统就不会因为特殊字符而出错吗?
这里是代码:
if ($_FILES[csv][size] > 0) {
//get the csv file
$file = str_replace("'","",$_FILES[csv][tmp_name]);
$handle = fopen($file,"r");
//loop through the csv file and insert into database
do {
if (str_replace("'","",$data[0])) {
mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]','$data[10]','$data[11]','$currentDate')") or die ("LOL" .mysql_error());
}
} while ($data = fgetcsv($handle,1000,",","'"));
这是示例 csv 文件的图片http://imgur.com/K3g5lAJ
试试 mysql_real_escape_string();
mysql_query("INSERT IGNORE INTO faculty(FCode) values('mysql_real_escape_string($data[0])')") or die ("LOL" .mysql_error());
mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('".mysql_real_escape_string($data[0])."','".mysql_real_escape_string($data[1])." ','" . mysql_real_escape_string($data[2])."','" . mysql_real_escape_string($data[3])."','" . mysql_real_escape_string($ data[4])."','" . mysql_real_escape_string($data[5])."','" . mysql_real_escape_string($data[6])."','" . mysql_real_escape_string($data[7])."','" . mysql_real_escape_string($data[8])."','" . mysql_real_escape_string($data[9]) ."','" . mysql_real_escape_string($data[10])."','" . mysql_real_escape_string($data[11])."','$currentDate')") 或死("error in sql syntax".mysql_error());