1. 首页
  2. 问答
  3. PHP:在插入SQL时将每个数据放入单引号('')中

PHP:在插入SQL时将每个数据放入单引号('')中

2017-08-02 106 views
0

我有一段代码,允许我从csv文件将数据导入到数据库。但是,插入数据时出现问题,因为我要插入的值没有单引号('')。我试图呼应出来的SQL查询,我得到这个:PHP:在插入SQL时将每个数据放入单引号('')中

INSERT INTO bill_of_materials(allotment_code, category_name) VALUES(Site Electrical,Aldea Electrical Work),(CM-S24,Assembly),(CM-S4,Assembly),(CM-S4,Assembly),(CM-S8,Assembly),(CM-S3,Assembly),(CM-S3,Assembly),(CM-S3,Assembly),(CM-S8,Assembly),(CM-S4,Assembly),(CM-S24,Assembly),(CM-S8,Assembly),(CM-S23,Assembly),(CM-S23,Assembly),(CM-S23,Assembly),(CM-S22,Assembly),(CM-S22,Assembly),(CM-S22,Assembly),(CM-S24,Assembly),(CM-D2,Assembly),(CM-D18,Assembly),(CM-D18,Assembly),(CM-D14,Assembly),(CM-D14,Assembly),(CM-D14,Assembly),(CM-D20,Assembly),(CM-D20,Assembly),(CM-D20,Assembly),(CM-D13,Assembly),(CM-D13,Assembly),(CM-D10,Assembly),(CM-D18,Assembly),(CM-D10,Assembly),(CM-D13,Assembly),(CM-D2,Assembly),(CM-D2,Assembly),(CM-D21,Assembly),(CM-D21,Assembly),(CM-D21,Assembly),(CM-D11,Assembly),(CM-D11,Assembly),(CM-D11,Assembly),(CM-D12,Assembly),(CM-D12,Assembly),(CM-D12,Assembly),(CM-D10,Assembly),(CM-D19,Assembly),(CM-D17,Assembly),(CM-D17,Assembly),(CM-D19,Assembly),(CM-D16,Assembly),(CM-D15,Assembly),(CM-D15,Assembly),(CM-D15,Assembly),(CM-D17,Assembly),(CM-D19,Assembly),(CM-D1,Assembly),(CM-D1,Assembly),(CM-D16,Assembly),(CM-D16,Assembly),(CM-D1,Assembly),(CM-S17,Assembly),(CM-S18,Assembly),(CM-S18,Assembly),(CM-D26,Assembly),(CM-D26,Assembly),(CM-D26,Assembly),(CM-S16,Assembly),(CM-S16,Assembly),(CM-D4,Assembly),(CM-D4,Assembly),(CM-D3,Assembly),(CM-D3,Assembly),(CM-D25,Assembly),(CM-S17,Assembly),(CM-S21,Assembly),(CM-D9,Assembly),(CM-D9,Assembly),(CM-D9,Assembly),(CM-S17,Assembly),(CM-D8,Assembly),(CM-D8,Assembly),(CM-D8,Assembly),(CM-S12,Assembly),(CM-S12,Assembly),(CM-S12,Assembly),(CM-D25,Assembly),(CM-D25,Assembly),(CM-D3,Assembly),(CM-D5,Assembly),(CM-S13,Assembly),(CM-S13,Assembly),(CM-S13,Assembly),(CM-S19,Assembly),(CM-S19,Assembly),(CM-S19,Assembly),(CM-S20,Assembly),(CM-S20,Assembly),(CM-S20,Assembly),(CM-D7,Assembly),(CM-D7,Assembly),(CM-D7,Assembly),(CM-S18,Assembly),(CM-D5,Assembly),(CM-S21,Assembly),(CM-D22,Assembly),(CM-D22,Assembly),(CM-D22,Assembly),(CM-S15,Assembly),(CM-S15,Assembly),(CM-S15,Assembly),(CM-S11,Assembly),(CM-S11,Assembly),(CM-S11,Assembly),(CM-D23,Assembly),(CM-S21,Assembly),(CM-D4,Assembly),(CM-D5,Assembly),(CM-D24,Assembly),(CM-D24,Assembly),(CM-D23,Assembly),(CM-D23,Assembly),(CM-D6,Assembly),(CM-S14,Assembly)

我有我下面的PHP代码:

<form method="post" enctype="multipart/form-data"> 
<input type="file" name="csv" value="" /> 
<input type="submit" name="submit" value="Save" /></form> 

<?php 

$new_conn = mysqli_connect('localhost', 'root', '153624123', 'db_lazvasmunhomesinc'); 

if(isset($_FILES['csv']['tmp_name'])) { 
    $data = $_FILES['csv']['tmp_name']; 
    $handle = fopen($data, "r"); 
    $test = file_get_contents($data); 

    if(!empty($data)) { 

     if ($handle) { 
      $counter = 0; 
      //instead of executing query one by one, 
      //let us prepare 1 SQL query that will insert all values from the batch 
      $sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES"; 
      while (($line = fgets($handle)) !== false) { 
       $sql .="($line),"; 
       $counter++; 
      } 
      $sql = substr($sql, 0, strlen($sql) - 1); 
      if (mysqli_query($new_conn, $sql) === TRUE) { 
       echo 'success'; 
      } else { 
       echo $sql; 
      } 
      fclose($handle); 
     } else { 
     } 
     //unlink CSV file once already imported to DB to clear directory 
     unlink($data); 
    } else 
     echo '<script>alert("EMPTY!");</script>'; 
} 
?>

我试图用另一个代码是:

如果(!empty($ data)){

if ($handle) { 
    $counter = 0; 
    //instead of executing query one by one, 
    //let us prepare 1 SQL query that will insert all values from the batch 
    $sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES"; 
    while (($line = fgets($handle)) !== false) { 
     $sql .= "('".implode("', '", explode(",", $line))."'),"; 
     $counter++; 
    } 
    $sql = substr($sql, 0, strlen($sql) - 1); 
    if (mysqli_query($new_conn, $sql) === TRUE) { 
     echo 'success'; 
    } else { 
     echo $sql; 
    } 
    fclose($handle); 
}

它的工作原理,但有一点问题。因为它会分裂逗号后的数据,有的来自CSV文件中的数据有一个逗号,这将导致这样的:从CSV文件

INSERT INTO bill_of_materials(allotment_code, category_name) VALUES('"OH:Fuel', ' Oil and Accessories"', 'Avanza Gray-OBNO-1782 ')

的数据是:哦:燃油,机油和配件AVANZA格雷OBNO-1782

预期的输出应为:

INSERT INTO bill_of_materials(allotment_code, category_name) VALUES('"OH:Fuel Oil and Accessories"', 'Avanza Gray-OBNO-1782')

,我试图另一个码是这样的:

$sql ="INSERT INTO bill_of_materials(allotment_code, category_name) VALUES"; 
    while (($line = fgets($handle)) !== false) { 
     $sql .= "('{$line[0]}', '{$data[1]}'),"; 
     $counter++; 
    }

但插入的数据不正确,它会导致这样: information

我的CSV文件看起来像这样: csv file

一些数据从我的CSV有一个逗号。

数据不在单引号内。我希望你能帮助我。提前致谢。

来源

2017-08-02 Nibiru Nibiru

+0

的可能重复[我怎样才能防止在PHP中SQL注入?(https://stackoverflow.com/questions/60174/how-can-i-预防-SQL注入在PHP) – chris85

+0

^这是答案,但不是你问的主题。 – chris85

回答

1

由于您使用CSV文件,则可以解析在while循环每行与str_getcsv()

$values = str_getcsv('"OH:Fuel, Oil and Accessoires",Avanza Gray-OBNO-1779');

...然后将值回SQL语句:

$sql .= "('" . array_shift($values) . "', '" . (isset($values) ? implode(",", $values) : "") . "'),";

并且不要忘记申请rtrim()的SQL语句,所以最后一个逗号被删除:

$sql = rtrim($sql, ",");

您还可以使用fgetcsv()以读取作为数组逐行解析CSV文件:

示例:

$file = __DIR__ . "/data.csv"; 
$sql = "INSERT INTO `bill_of_materials` (`allotment_code`, `category_name`) VALUES "; 

$handle = fopen($file, "r"); 

while ($data = fgetcsv($handle)) { 
    $sql .= "('" . array_shift($data) . "', '" . (isset($data) ? implode(",", $data) : "") . "'),"; 
} 

fclose($handle); 

$sql = rtrim($sql, ",");

来源

2017-08-02 03:29:37 Spingolini

+0

这实际上工作,但有一点问题..我的一些数据在csv文件中有一个逗号,也将拆分为另一个数据。我该如何解决这个问题先生? –

+0

此数据是由单引号还是双引号括起来的?你可以发布这些特定的行吗? – Spingolini

+0

数据来自没有单引号或双引号的csv文件。我用你的代码: $ sql。=“('”.implode(“','”,explode(“,”,$ line))。“'),”; 它实际上工作。这只是一个小问题..有一些数据有逗号,例如:OH:燃料,石油和天然气。因为有一个逗号,PHP会将它分解为另一个数据。 –

0

添加单引号:

$sql .="('$line'),";

来源

2017-08-02 03:30:44 meda

+1

这会导致类似这样的错误:INSERT INTO(col1,col2)VALUES('value1,value2')',并以mysql错误结束。 – Spingolini

+0

@meda感谢您的回答先生..但不幸的是,这将无法正常工作。 –

相关问题

 相关问题