PHP CSV解析问题逃避MySQL的字符串

I'm trying to parse a number of CSV files from a product feed. I'm using the code below to grab the data from the CSV, and process row by row for insertion in to a MySQL db. For some reason every once and a while the addslashes function seems to skip the escape sequence. What am I doing wrong here?

while (($data = fgetcsv($fh, 2000, ",")) !== FALSE)
{           
    $num = count($data);
    $nl = 0; 

    for ($c=0; $c < $num; $c++)  
    {
        $nl++;  
        if ($c >= 0)
        {
            if ($nl == 1)
            {
                $Name = addslashes($data[$c]);
            }
            if ($nl == 2)
            {
                $URL = $data[$c];
            }
            if ($nl == 3)
            {
                $CatalogName = addslashes($data[$c]);
            }
            if ($nl == 4)
            {
                $LastUpdated = $data[$c];
            }
        }
    }
    if ($headerRow > 40) 
    {   
        $sql = "INSERT INTO table (name,url,catname,updated) VALUES ('$Name','$URL','$CatalogName','$LastUpdated')";
                mysqli_query($connection3,$sql) or die("Can't execute query I001.);
    }
}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douqiang5809 2013-11-03 19:15
关注
for a parameterized query (http://php.net/manual/en/mysqli.prepare.php):

$sql=$connection3->prepare("INSERT INTO table (name,url,catname,updated) VALUES (?,?,?,?)"); $sql->bind_param('ssss',$Name,$URL,$CatalogName,$LastUpdated); $results=$sql->execute(); //results contains whether or not the execute was successful.

While this is "Object oriented style" the actual functionality of this statement will work whether or not you prefer "objects" to "procedural style", it's all in the style. In any case, it will work and there are procedural examples in the docs.

in fact, here's how you do it procedurally:

$stmt=mysqli_prepare($connection3, "INSERT INTO table (name,url,catname,updated) VALUES (?,?,?,?)"); mysqli_stmt_bind_param($stmt, "ssss", $Name,$URL,$CatalogName,$LastUpdated); mysqli_stmt_execute($stmt);

Now you don't have to worry about escaping your statement, but you still do have to sanitize your entries to prevent cross site scripting and other security risks.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP CSV解析问题逃避MySQL的字符串 mysql php
2013-11-03 18:31

回答 1 已采纳 for a parameterized query (http://php.net/manual/en/mysqli.prepare.php): $sql=$connection3->pr
PHP - 来自csv的字符串报告更多字符 html php
2016-01-20 11:00

回答 1 已采纳 The UTF-8 encoding for Unicode Character 'LATIN CAPITAL LETTER A' (U+0041) is 0x41. Since you have
python 关于csv中数字型字符串的存储 python
2022-01-04 14:59

回答 2 已采纳 a=['12','34','56'] b=[int(x) for x in a] print(*b)
php str_getcsv把字符串解析为数组的实现方法
2020-12-20 02:43

php根据定界符把字符串解析为数组一般使用explode方法实现例如：使用”,”为定界符解析字符串为数组 <?php $str = '1,2,3'; $arr = explode(',', $str); print_r($arr); ?> 输出： Array ( [0] => 1 [1]...
使用PHP在MySQL中导入CSV mysql php symfony
2017-08-25 08:07

回答 2 已采纳 Ok, It's working. Error was in counting lines in terminal: find ./ -type f -name "*csv*" -exec wc
使用PHP将CSV文件导入MySQL mysql php sql
2017-02-21 15:48

回答 1 已采纳 There's lots of good advice in the help centre - notably How to create a Minimal, Complete, and Ve
使用PHP从远程MySQL创建CSV文件 mysql php
2018-10-05 16:23

回答 1 已采纳 $fp = fopen('php://output', 'w'); this specific line should be changed to $fp = fopen($filename, '
批量读取csv数据，写入mysql
2022-06-28 22:30

python3，需要安装pymysql库
如何在PHP中将csv数据插入到mysql数据库中 mysql php
2016-06-22 09:05

回答 1 已采纳 Well the problem is you have mixed up two of the functions . One is deprecated and the other one i
PHP没有将MySQL写入CSV mysql php
2018-01-30 05:29

回答 1 已采纳 You are fundamentally misunderstanding how server-side and client-side code interact. A PHP scrip
将csv文件导入MySQL时，在创建表时更改数据类型 - PHP mysql php
2017-06-15 13:22

回答 1 已采纳 If you need to use a different column type based on the name of the column, you could use either a
java 字符串生成csv_Java – 将字符串写入CSV文件
2021-03-16 21:08

韩艺萌的博客 public class CSV { public static void main(String[]args) throws FileNotFoundException{ PrintWriter pw = new PrintWriter(new File("test.csv")); StringBuilder sb = new StringBuilder(); sb.append("id");...
CSV到MYSQL PHP mysql php
2015-08-18 05:42

回答 2 已采纳 Write your Insert query as INSERT INTO BusinessD(`Business Name`,`Short Description`,`Description
php导出大数据csv表格
2018-07-16 18:00

phpExcel导出数据老是内存溢出，用此方法一边下载一边查询数据写入到文件每次都把缓存区清空，解决了内存溢出问题。此方法可以到处大数据本人测试过导出100W数据完全无压力
Navicat把csv数据导入mysql
2020-12-16 05:02

本文为大家分享了如何用Navicat把csv数据导入mysql，供大家参考，具体内容如下 1.获取csv数据，用office另存为功能把excel另存为csv（当然这是我自己数据本身是存在excel里的缘故，如果你本来就是csv数据，则忽略这...
没有解决我的问题, 去提问

悬赏问题

¥15 装 pytorch 的时候出了好多问题，遇到这种情况怎么处理？
¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
¥15 手机接入宽带网线，如何释放宽带全部速度
¥30 关于#r语言#的问题：如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
¥15 ETLCloud 处理json多层级问题
¥15 matlab中使用gurobi时报错
¥15 这个主板怎么能扩出一两个sata口
¥15 不是，这到底错哪儿了😭
¥15 2020长安杯与连接网探
¥15 关于#matlab#的问题：在模糊控制器中选出线路信息，在simulink中根据线路信息生成速度时间目标曲线（初速度为20m/s，15秒后减为0的速度时间图像）我想问线路信息是什么

PHP CSV解析问题逃避MySQL的字符串

1条回答 默认 最新

悬赏问题

1条回答默认最新