Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/250.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 上传到数据库时如何过滤csv(excel文件)_Php_Csv_File Upload_Filtering - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 上传到数据库时如何过滤csv(excel文件)

Php 上传到数据库时如何过滤csv(excel文件)

php csv file-upload

Php 上传到数据库时如何过滤csv(excel文件),php,csv,file-upload,filtering,Php,Csv,File Upload,Filtering,所以这就是我在过滤csv内容时遇到的问题,我尝试使用str_replace从撇号之类的字符中过滤csv内容,但它似乎没有影响任何东西。当上传没有特殊字符的数据时,下面的代码工作得很好,特别是撇号。你能润色下面的代码吗?这样系统就不会因为特殊字符而出错 以下是代码: if ($_FILES[csv][size] > 0) { //get the csv file $file = str_replace("'","",$_FILES[csv][tmp_name]);

所以这就是我在过滤csv内容时遇到的问题,我尝试使用str_replace从撇号之类的字符中过滤csv内容,但它似乎没有影响任何东西。当上传没有特殊字符的数据时,下面的代码工作得很好,特别是撇号。你能润色下面的代码吗?这样系统就不会因为特殊字符而出错

以下是代码:

 if ($_FILES[csv][size] > 0) { 

    //get the csv file 
    $file = str_replace("'","",$_FILES[csv][tmp_name]); 
    $handle = fopen($file,"r"); 

    //loop through the csv file and insert into database 
    do { 
        if (str_replace("'","",$data[0])) { 
            mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]','$data[10]','$data[11]','$currentDate')") or die ("LOL" .mysql_error()); 

        } 
    } while ($data = fgetcsv($handle,1000,",","'"));
下面是示例csv文件的图片

试试mysql\u real\u escape\u string()

尝试mysql_real_escape_string()

mysql_query(“在教员(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated)值中插入IGNORE(“.mysql_real_escape_string($data[0])。”,“。mysql_real_escape_字符串($data[1])。”,“,”。mysql_real_escape_字符串($data[2]),“,”。mysql_real_escape(escape(字符串($data[3]),“,”.mysql\u real\u escape\u string($data[4]),“,”,“.mysql\u real\u escape\u string($data[5]),”,“.mysql\u real\u escape\u string($data[7]),”,“.mysql\u real\u escape\u string($data[8]),“,”。mysql\u real\u escape\u string($data[9]),“,”。mysql\u real\u escape\u escape\u string($data[10]),“,”,“,”mysql\u real\u escape\u-string($data[11])。“,”$currentDate'))或die(“sql语法中的错误”.mysql_error());

mysql_query(“将忽略插入函数(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated)值(”。“.mysql_real_-escape_-string($data[0])。”,“.mysql_-real_-escape_-string($data[1]),”,“.mysql_-real_-escape-string($data[2]))“,”,“.mysql\u real\u escape\u string($data[3]),”,“.mysql\u real\u escape\u string($data[4]),”,“.mysql\u real\u escape\u string($data[5]),”,“.mysql\u real\u escape\u string($data[6]),”,“,”,“.mysql\u real\u escape\u string($data[7]),”,“,“.mysql\u real\u escape\u string($data[8]),”,“.mysql\u real\u escape\u-string($data[10])。”“,”.mysql\u real\u escape\u string($data[11])。“,$currentDate'))或die(“sql语法中的错误”.mysql\u error());

谢谢先生我完全忘记了谢谢先生我完全忘记了 
 mysql_query("INSERT IGNORE INTO faculty(FCode) values('mysql_real_escape_string($data[0])')") or die ("LOL" .mysql_error());