我有一段代码,允许我从csv文件将数据导入到数据库。但是,插入数据时出现问题,因为我要插入的值没有单引号('')。我试图呼应出来的SQL查询,我得到这个:PHP:在插入SQL时将每个数据放入单引号('')中
INSERT INTO bill_of_materials(allotment_code, category_name) VALUES(Site Electrical,Aldea Electrical Work),(CM-S24,Assembly),(CM-S4,Assembly),(CM-S4,Assembly),(CM-S8,Assembly),(CM-S3,Assembly),(CM-S3,Assembly),(CM-S3,Assembly),(CM-S8,Assembly),(CM-S4,Assembly),(CM-S24,Assembly),(CM-S8,Assembly),(CM-S23,Assembly),(CM-S23,Assembly),(CM-S23,Assembly),(CM-S22,Assembly),(CM-S22,Assembly),(CM-S22,Assembly),(CM-S24,Assembly),(CM-D2,Assembly),(CM-D18,Assembly),(CM-D18,Assembly),(CM-D14,Assembly),(CM-D14,Assembly),(CM-D14,Assembly),(CM-D20,Assembly),(CM-D20,Assembly),(CM-D20,Assembly),(CM-D13,Assembly),(CM-D13,Assembly),(CM-D10,Assembly),(CM-D18,Assembly),(CM-D10,Assembly),(CM-D13,Assembly),(CM-D2,Assembly),(CM-D2,Assembly),(CM-D21,Assembly),(CM-D21,Assembly),(CM-D21,Assembly),(CM-D11,Assembly),(CM-D11,Assembly),(CM-D11,Assembly),(CM-D12,Assembly),(CM-D12,Assembly),(CM-D12,Assembly),(CM-D10,Assembly),(CM-D19,Assembly),(CM-D17,Assembly),(CM-D17,Assembly),(CM-D19,Assembly),(CM-D16,Assembly),(CM-D15,Assembly),(CM-D15,Assembly),(CM-D15,Assembly),(CM-D17,Assembly),(CM-D19,Assembly),(CM-D1,Assembly),(CM-D1,Assembly),(CM-D16,Assembly),(CM-D16,Assembly),(CM-D1,Assembly),(CM-S17,Assembly),(CM-S18,Assembly),(CM-S18,Assembly),(CM-D26,Assembly),(CM-D26,Assembly),(CM-D26,Assembly),(CM-S16,Assembly),(CM-S16,Assembly),(CM-D4,Assembly),(CM-D4,Assembly),(CM-D3,Assembly),(CM-D3,Assembly),(CM-D25,Assembly),(CM-S17,Assembly),(CM-S21,Assembly),(CM-D9,Assembly),(CM-D9,Assembly),(CM-D9,Assembly),(CM-S17,Assembly),(CM-D8,Assembly),(CM-D8,Assembly),(CM-D8,Assembly),(CM-S12,Assembly),(CM-S12,Assembly),(CM-S12,Assembly),(CM-D25,Assembly),(CM-D25,Assembly),(CM-D3,Assembly),(CM-D5,Assembly),(CM-S13,Assembly),(CM-S13,Assembly),(CM-S13,Assembly),(CM-S19,Assembly),(CM-S19,Assembly),(CM-S19,Assembly),(CM-S20,Assembly),(CM-S20,Assembly),(CM-S20,Assembly),(CM-D7,Assembly),(CM-D7,Assembly),(CM-D7,Assembly),(CM-S18,Assembly),(CM-D5,Assembly),(CM-S21,Assembly),(CM-D22,Assembly),(CM-D22,Assembly),(CM-D22,Assembly),(CM-S15,Assembly),(CM-S15,Assembly),(CM-S15,Assembly),(CM-S11,Assembly),(CM-S11,Assembly),(CM-S11,Assembly),(CM-D23,Assembly),(CM-S21,Assembly),(CM-D4,Assembly),(CM-D5,Assembly),(CM-D24,Assembly),(CM-D24,Assembly),(CM-D23,Assembly),(CM-D23,Assembly),(CM-D6,Assembly),(CM-S14,Assembly)
我有我下面的PHP代码:
<form method="post" enctype="multipart/form-data">
<input type="file" name="csv" value="" />
<input type="submit" name="submit" value="Save" /></form>
<?php
$new_conn = mysqli_connect('localhost', 'root', '153624123', 'db_lazvasmunhomesinc');
if(isset($_FILES['csv']['tmp_name'])) {
$data = $_FILES['csv']['tmp_name'];
$handle = fopen($data, "r");
$test = file_get_contents($data);
if(!empty($data)) {
if ($handle) {
$counter = 0;
//instead of executing query one by one,
//let us prepare 1 SQL query that will insert all values from the batch
$sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES";
while (($line = fgets($handle)) !== false) {
$sql .="($line),";
$counter++;
}
$sql = substr($sql, 0, strlen($sql) - 1);
if (mysqli_query($new_conn, $sql) === TRUE) {
echo 'success';
} else {
echo $sql;
}
fclose($handle);
} else {
}
//unlink CSV file once already imported to DB to clear directory
unlink($data);
} else
echo '<script>alert("EMPTY!");</script>';
}
?>
我试图用另一个代码是:
如果(!empty($ data)){
if ($handle) {
$counter = 0;
//instead of executing query one by one,
//let us prepare 1 SQL query that will insert all values from the batch
$sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES";
while (($line = fgets($handle)) !== false) {
$sql .= "('".implode("', '", explode(",", $line))."'),";
$counter++;
}
$sql = substr($sql, 0, strlen($sql) - 1);
if (mysqli_query($new_conn, $sql) === TRUE) {
echo 'success';
} else {
echo $sql;
}
fclose($handle);
}
它的工作原理,但有一点问题。因为它会分裂逗号后的数据,有的来自CSV文件中的数据有一个逗号,这将导致这样的:从CSV文件
INSERT INTO bill_of_materials(allotment_code, category_name) VALUES('"OH:Fuel', ' Oil and Accessories"', 'Avanza Gray-OBNO-1782 ')
的数据是:哦:燃油,机油和配件和AVANZA格雷OBNO-1782
预期的输出应为:
INSERT INTO bill_of_materials(allotment_code, category_name) VALUES('"OH:Fuel Oil and Accessories"', 'Avanza Gray-OBNO-1782')
,我试图另一个码是这样的:
$sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES";
while (($line = fgets($handle)) !== false) {
$sql .= "('{$line[0]}', '{$data[1]}'),";
$counter++;
}
一些数据从我的CSV有一个逗号。
数据不在单引号内。我希望你能帮助我。提前致谢。
的可能重复[我怎样才能防止在PHP中SQL注入?(https://stackoverflow.com/questions/60174/how-can-i-预防-SQL注入在PHP) – chris85
^这是答案,但不是你问的主题。 – chris85