[nycphp-talk] can't populate db table with csv - Ican't believethis!
Phil Powell
soazine at erols.com
Wed Sep 10 22:35:36 EDT 2003
Um, guys I &*AM* using double quotes AND single quotes AND
mysql_escape_string().. see for yourself:
$rowNumber = 1; $sql = ''; $startSQL = '';
$varcharArray = array('varenr', 'navn', 'farge_code');
while ($row = fgetcsv($fileID, 100000, ',')) {
if ($rowNumber == 1) {
$startSQL .= 'INSERT INTO nnet_produkt(';
for ($i = 0; $i < sizeof($row); $i++)
$startSQL .= 'nnet_produkt_' . $row[$i] . ', ';
$startSQL = trim($startSQL, ', ') . ') VALUES (';
}
if ($rowNumber > 1) {
for ($i = 0; $i < sizeof($row); $i++) {
print_r("row number $rowNumber: " . $row[$i] . "\n<P>");
if (!in_array($row[$i], $varcharArray) && strlen($row[$i]) > 0) {
$sql .= $row[$i] . ', ';
} elseif (strlen($row[$i]) > 0) {
$sql .= "'" . mysql_escape_string(htmlspecialchars($row[$i])) . "', ";
} elseif (!in_array($row[$i], $varcharArray)) {
$sql .= 0 . ', ';
} else {
$sql .= "'', ";
}
}
$sql = $startSQL . trim($sql) . ')';
}
if ($rowNumber > 1) {
print_r($sql . "\n<P>");
if (!mysql_query($sql)) die('Could not perform insert: ' . $sql . ' ' .
mysql_error());
$sql = '';
}
$rowNumber++;
}
Phil
----- Original Message -----
From: "Brian Pang" <bpang at bpang.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, September 10, 2003 10:32 PM
Subject: Re: [nycphp-talk] can't populate db table with csv - Ican't
believethis!
> yes, everything
>
> if the string being enclosed in single quotes contains an apostrophe, or
> other instance of a single quote, it will need to be escaped like \'
>
> I think that Hans is recommending using mysql_escape_string() to ensure
> that everything is escaped that might need it (like double quotes).
>
>
> HOWEVER
>
> if your php script is attempting to insert any variables, you will need
> to use double quotes in place of the single quote as the encapsulator.
>
> PHP doesn't parse within the single quote.
>
> You would still want to use mysql_escape_string()
>
>
> I always use double quotes even though it means that values are being
> parsed for no reason. It's just easier for me that way and I haven't
> (been fortunate enough to have) had a problem with it creating excessive
> load, yet.
>
>
>
>
>
> > Um, I don't understand. Every single thing should be encased in '' and
is
> > escaped with mysql_escape_string(). I know the basics of SQL too. I
just
> > can't do this bit of code!
> >
> > Phil
> > ----- Original Message -----
> > From: "Hans Zaunere" <hans at nyphp.org>
> > To: "NYPHP Talk" <talk at lists.nyphp.org>
> > Sent: Wednesday, September 10, 2003 8:22 PM
> > Subject: Re: [nycphp-talk] can't populate db table with csv - I can't
> > believethis!
> >
> >
> > >
> > > Phil,
> > >
> > > > Go to http://www.nordicnet.no/admin/alle_produkter.php and you can
see
> > > > the damage!
> > >
> > > You need to learn some basics of working with SQL. In MySQL, Oracle,
> > PostgreSQL, and just about everything else, values should always be
> enclosed
> > in single quotes [1].
> > >
> > > With the SQL you show above, none of the values are enclosed in single
> > quotes, and since one of the values contains a single quote itself, it
> gives
> > an error. You'll also need to use mysql_escape_string() for every
> value you
> > create a SQL statement from; this escapes special chars that SQL will
> > interpret as having meaning. See http://php.net/mysql_escape_string
> > >
> > > > Otherwise, I'm going to have to send the code to you guys, along
with
> > > > the .csv file and maybe you can do what I cannot. I might as
> well quit
> > > > this project!
> > >
> > > I think you might have to move to a pay-per-incident support plan :)
> > >
> > > But this is a simple problem to resolve; you should have no problem
with
> > it.
> > >
> > > H
> > >
> > > [1] For the purposes of this discussion
> > >
> > >
> > > _______________________________________________
> > > talk mailing list
> > > talk at lists.nyphp.org
> > > http://lists.nyphp.org/mailman/listinfo/talk
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> >
> >
>
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list