Php 上传到数据库时如何过滤csv(excel文件)
所以这就是我在过滤csv内容时遇到的问题,我尝试使用str_replace从撇号之类的字符中过滤csv内容,但它似乎没有影响任何东西。当上传没有特殊字符的数据时,下面的代码工作得很好,特别是撇号。你能润色下面的代码吗?这样系统就不会因为特殊字符而出错 以下是代码:Php 上传到数据库时如何过滤csv(excel文件),php,csv,file-upload,filtering,Php,Csv,File Upload,Filtering,所以这就是我在过滤csv内容时遇到的问题,我尝试使用str_replace从撇号之类的字符中过滤csv内容,但它似乎没有影响任何东西。当上传没有特殊字符的数据时,下面的代码工作得很好,特别是撇号。你能润色下面的代码吗?这样系统就不会因为特殊字符而出错 以下是代码: if ($_FILES[csv][size] > 0) { //get the csv file $file = str_replace("'","",$_FILES[csv][tmp_name]);
if ($_FILES[csv][size] > 0) {
//get the csv file
$file = str_replace("'","",$_FILES[csv][tmp_name]);
$handle = fopen($file,"r");
//loop through the csv file and insert into database
do {
if (str_replace("'","",$data[0])) {
mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]','$data[10]','$data[11]','$currentDate')") or die ("LOL" .mysql_error());
}
} while ($data = fgetcsv($handle,1000,",","'"));
下面是示例csv文件的图片试试mysql\u real\u escape\u string()
尝试mysql_real_escape_string()
mysql_query(“在教员(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated)值中插入IGNORE(“.mysql_real_escape_string($data[0])。”,“。mysql_real_escape_字符串($data[1])。”,“,”。mysql_real_escape_字符串($data[2]),“,”。mysql_real_escape(escape(字符串($data[3]),“,”.mysql\u real\u escape\u string($data[4]),“,”,“.mysql\u real\u escape\u string($data[5]),”,“.mysql\u real\u escape\u string($data[7]),”,“.mysql\u real\u escape\u string($data[8]),“,”。mysql\u real\u escape\u string($data[9]),“,”。mysql\u real\u escape\u escape\u string($data[10]),“,”,“,”mysql\u real\u escape\u-string($data[11])。“,”$currentDate'))或die(“sql语法中的错误”.mysql_error());mysql_query(“将忽略插入函数(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated)值(”。“.mysql_real_-escape_-string($data[0])。”,“.mysql_-real_-escape_-string($data[1]),”,“.mysql_-real_-escape-string($data[2]))“,”,“.mysql\u real\u escape\u string($data[3]),”,“.mysql\u real\u escape\u string($data[4]),”,“.mysql\u real\u escape\u string($data[5]),”,“.mysql\u real\u escape\u string($data[6]),”,“,”,“.mysql\u real\u escape\u string($data[7]),”,“,“.mysql\u real\u escape\u string($data[8]),”,“.mysql\u real\u escape\u-string($data[10])。”“,”.mysql\u real\u escape\u string($data[11])。“,$currentDate'))或die(“sql语法中的错误”.mysql\u error());谢谢先生我完全忘记了谢谢先生我完全忘记了
mysql_query("INSERT IGNORE INTO faculty(FCode) values('mysql_real_escape_string($data[0])')") or die ("LOL" .mysql_error());