我有一段代碼,允許我從csv文件將數據導入到數據庫。但是,插入數據時出現問題,因爲我要插入的值沒有單引號('')。我試圖呼應出來的SQL查詢,我得到這個:PHP:在插入SQL時將每個數據放入單引號('')中
INSERT INTO bill_of_materials(allotment_code, category_name) VALUES(Site Electrical,Aldea Electrical Work),(CM-S24,Assembly),(CM-S4,Assembly),(CM-S4,Assembly),(CM-S8,Assembly),(CM-S3,Assembly),(CM-S3,Assembly),(CM-S3,Assembly),(CM-S8,Assembly),(CM-S4,Assembly),(CM-S24,Assembly),(CM-S8,Assembly),(CM-S23,Assembly),(CM-S23,Assembly),(CM-S23,Assembly),(CM-S22,Assembly),(CM-S22,Assembly),(CM-S22,Assembly),(CM-S24,Assembly),(CM-D2,Assembly),(CM-D18,Assembly),(CM-D18,Assembly),(CM-D14,Assembly),(CM-D14,Assembly),(CM-D14,Assembly),(CM-D20,Assembly),(CM-D20,Assembly),(CM-D20,Assembly),(CM-D13,Assembly),(CM-D13,Assembly),(CM-D10,Assembly),(CM-D18,Assembly),(CM-D10,Assembly),(CM-D13,Assembly),(CM-D2,Assembly),(CM-D2,Assembly),(CM-D21,Assembly),(CM-D21,Assembly),(CM-D21,Assembly),(CM-D11,Assembly),(CM-D11,Assembly),(CM-D11,Assembly),(CM-D12,Assembly),(CM-D12,Assembly),(CM-D12,Assembly),(CM-D10,Assembly),(CM-D19,Assembly),(CM-D17,Assembly),(CM-D17,Assembly),(CM-D19,Assembly),(CM-D16,Assembly),(CM-D15,Assembly),(CM-D15,Assembly),(CM-D15,Assembly),(CM-D17,Assembly),(CM-D19,Assembly),(CM-D1,Assembly),(CM-D1,Assembly),(CM-D16,Assembly),(CM-D16,Assembly),(CM-D1,Assembly),(CM-S17,Assembly),(CM-S18,Assembly),(CM-S18,Assembly),(CM-D26,Assembly),(CM-D26,Assembly),(CM-D26,Assembly),(CM-S16,Assembly),(CM-S16,Assembly),(CM-D4,Assembly),(CM-D4,Assembly),(CM-D3,Assembly),(CM-D3,Assembly),(CM-D25,Assembly),(CM-S17,Assembly),(CM-S21,Assembly),(CM-D9,Assembly),(CM-D9,Assembly),(CM-D9,Assembly),(CM-S17,Assembly),(CM-D8,Assembly),(CM-D8,Assembly),(CM-D8,Assembly),(CM-S12,Assembly),(CM-S12,Assembly),(CM-S12,Assembly),(CM-D25,Assembly),(CM-D25,Assembly),(CM-D3,Assembly),(CM-D5,Assembly),(CM-S13,Assembly),(CM-S13,Assembly),(CM-S13,Assembly),(CM-S19,Assembly),(CM-S19,Assembly),(CM-S19,Assembly),(CM-S20,Assembly),(CM-S20,Assembly),(CM-S20,Assembly),(CM-D7,Assembly),(CM-D7,Assembly),(CM-D7,Assembly),(CM-S18,Assembly),(CM-D5,Assembly),(CM-S21,Assembly),(CM-D22,Assembly),(CM-D22,Assembly),(CM-D22,Assembly),(CM-S15,Assembly),(CM-S15,Assembly),(CM-S15,Assembly),(CM-S11,Assembly),(CM-S11,Assembly),(CM-S11,Assembly),(CM-D23,Assembly),(CM-S21,Assembly),(CM-D4,Assembly),(CM-D5,Assembly),(CM-D24,Assembly),(CM-D24,Assembly),(CM-D23,Assembly),(CM-D23,Assembly),(CM-D6,Assembly),(CM-S14,Assembly)
我有我下面的PHP代碼:
<form method="post" enctype="multipart/form-data">
<input type="file" name="csv" value="" />
<input type="submit" name="submit" value="Save" /></form>
<?php
$new_conn = mysqli_connect('localhost', 'root', '153624123', 'db_lazvasmunhomesinc');
if(isset($_FILES['csv']['tmp_name'])) {
$data = $_FILES['csv']['tmp_name'];
$handle = fopen($data, "r");
$test = file_get_contents($data);
if(!empty($data)) {
if ($handle) {
$counter = 0;
//instead of executing query one by one,
//let us prepare 1 SQL query that will insert all values from the batch
$sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES";
while (($line = fgets($handle)) !== false) {
$sql .="($line),";
$counter++;
}
$sql = substr($sql, 0, strlen($sql) - 1);
if (mysqli_query($new_conn, $sql) === TRUE) {
echo 'success';
} else {
echo $sql;
}
fclose($handle);
} else {
}
//unlink CSV file once already imported to DB to clear directory
unlink($data);
} else
echo '<script>alert("EMPTY!");</script>';
}
?>
我試圖用另一個代碼是:
如果(!empty($ data)){
if ($handle) {
$counter = 0;
//instead of executing query one by one,
//let us prepare 1 SQL query that will insert all values from the batch
$sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES";
while (($line = fgets($handle)) !== false) {
$sql .= "('".implode("', '", explode(",", $line))."'),";
$counter++;
}
$sql = substr($sql, 0, strlen($sql) - 1);
if (mysqli_query($new_conn, $sql) === TRUE) {
echo 'success';
} else {
echo $sql;
}
fclose($handle);
}
它的工作原理,但有一點問題。因爲它會分裂逗號後的數據,有的來自CSV文件中的數據有一個逗號,這將導致這樣的:從CSV文件
INSERT INTO bill_of_materials(allotment_code, category_name) VALUES('"OH:Fuel', ' Oil and Accessories"', 'Avanza Gray-OBNO-1782 ')
的數據是:哦:燃油,機油和配件和AVANZA格雷OBNO-1782
預期的輸出應爲:
INSERT INTO bill_of_materials(allotment_code, category_name) VALUES('"OH:Fuel Oil and Accessories"', 'Avanza Gray-OBNO-1782')
,我試圖另一個碼是這樣的:
$sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES";
while (($line = fgets($handle)) !== false) {
$sql .= "('{$line[0]}', '{$data[1]}'),";
$counter++;
}
一些數據從我的CSV有一個逗號。
數據不在單引號內。我希望你能幫助我。提前致謝。
的可能重複[我怎樣才能防止在PHP中SQL注入?(https://stackoverflow.com/questions/60174/how-can-i-預防-SQL注入在PHP) – chris85
^這是答案,但不是你問的主題。 – chris85