PHP CSV解析问题逃避MySQL的字符串

I'm trying to parse a number of CSV files from a product feed. I'm using the code below to grab the data from the CSV, and process row by row for insertion in to a MySQL db. For some reason every once and a while the addslashes function seems to skip the escape sequence. What am I doing wrong here?

while (($data = fgetcsv($fh, 2000, ",")) !== FALSE)
{           
    $num = count($data);
    $nl = 0; 

    for ($c=0; $c < $num; $c++)  
    {
        $nl++;  
        if ($c >= 0)
        {
            if ($nl == 1)
            {
                $Name = addslashes($data[$c]);
            }
            if ($nl == 2)
            {
                $URL = $data[$c];
            }
            if ($nl == 3)
            {
                $CatalogName = addslashes($data[$c]);
            }
            if ($nl == 4)
            {
                $LastUpdated = $data[$c];
            }
        }
    }
    if ($headerRow > 40) 
    {   
        $sql = "INSERT INTO table (name,url,catname,updated) VALUES ('$Name','$URL','$CatalogName','$LastUpdated')";
                mysqli_query($connection3,$sql) or die("Can't execute query I001.);
    }
}

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douqiang5809 2013-11-03 19:15
关注
for a parameterized query (http://php.net/manual/en/mysqli.prepare.php):

$sql=$connection3->prepare("INSERT INTO table (name,url,catname,updated) VALUES (?,?,?,?)"); $sql->bind_param('ssss',$Name,$URL,$CatalogName,$LastUpdated); $results=$sql->execute(); //results contains whether or not the execute was successful.

While this is "Object oriented style" the actual functionality of this statement will work whether or not you prefer "objects" to "procedural style", it's all in the style. In any case, it will work and there are procedural examples in the docs.

in fact, here's how you do it procedurally:

$stmt=mysqli_prepare($connection3, "INSERT INTO table (name,url,catname,updated) VALUES (?,?,?,?)"); mysqli_stmt_bind_param($stmt, "ssss", $Name,$URL,$CatalogName,$LastUpdated); mysqli_stmt_execute($stmt);

Now you don't have to worry about escaping your statement, but you still do have to sanitize your entries to prevent cross site scripting and other security risks.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP CSV解析问题逃避MySQL的字符串 mysql php
2013-11-03 18:31

回答 1 已采纳 for a parameterized query (http://php.net/manual/en/mysqli.prepare.php): $sql=$connection3->pr
PHP - 来自csv的字符串报告更多字符 html php
2016-01-20 11:00

回答 1 已采纳 The UTF-8 encoding for Unicode Character 'LATIN CAPITAL LETTER A' (U+0041) is 0x41. Since you have
python 关于csv中数字型字符串的存储 python
2022-01-04 14:59

回答 2 已采纳 a=['12','34','56'] b=[int(x) for x in a] print(*b)
批量读取csv数据，写入mysql
2022-06-28 22:30

python3，需要安装pymysql库
使用PHP在MySQL中导入CSV mysql php symfony
2017-08-25 08:07

回答 2 已采纳 Ok, It's working. Error was in counting lines in terminal: find ./ -type f -name "*csv*" -exec wc
使用PHP将CSV文件导入MySQL mysql php sql
2017-02-21 15:48

回答 1 已采纳 There's lots of good advice in the help centre - notably How to create a Minimal, Complete, and Ve
使用PHP从远程MySQL创建CSV文件 mysql php
2018-10-05 16:23

回答 1 已采纳 $fp = fopen('php://output', 'w'); this specific line should be changed to $fp = fopen($filename, '
java 字符串生成csv_Java – 将字符串写入CSV文件
2021-03-16 21:08

韩艺萌的博客 public class CSV { public static void main(String[]args) throws FileNotFoundException{ PrintWriter pw = new PrintWriter(new File("test.csv")); StringBuilder sb = new StringBuilder(); sb.append("id");...
如何在PHP中将csv数据插入到mysql数据库中 mysql php
2016-06-22 09:05

回答 1 已采纳 Well the problem is you have mixed up two of the functions . One is deprecated and the other one i
PHP没有将MySQL写入CSV mysql php
2018-01-30 05:29

回答 1 已采纳 You are fundamentally misunderstanding how server-side and client-side code interact. A PHP scrip
将csv文件导入MySQL时，在创建表时更改数据类型 - PHP mysql php
2017-06-15 13:22

回答 1 已采纳 If you need to use a different column type based on the name of the column, you could use either a
php导出大数据csv表格
2018-07-16 18:00

phpExcel导出数据老是内存溢出，用此方法一边下载一边查询数据写入到文件每次都把缓存区清空，解决了内存溢出问题。此方法可以到处大数据本人测试过导出100W数据完全无压力
CSV到MYSQL PHP mysql php
2015-08-18 05:42

回答 2 已采纳 Write your Insert query as INSERT INTO BusinessD(`Business Name`,`Short Description`,`Description
Navicat把csv数据导入mysql
2020-12-16 05:02

标题中的“Navicat把csv数据导入mysql”指的是使用Navicat这个数据库管理工具将逗号分隔值（CSV）格式的数据文件导入到MySQL数据库的过程。Navicat是一款支持多种数据库系统的图形化管理工具，包括MySQL，它提供了一...
python将字符串写入csv_用Python将字符串值写入CSV文件
2020-12-05 13:28

IAmAngry.的博客 if-else条件返回的每个结果都应写入CSV文件。但是这里它只在CSV文件中写入一次结果，而不是写入for循环每次迭代返回的所有结果。以下是我目前掌握的代码。在import csvimport numpy as npwith open('...
没有解决我的问题, 去提问

悬赏问题

¥15 metadata提取的PDF元数据，如何转换为一个Excel
¥15 关于arduino编程toCharArray()函数的使用
¥100 vc++混合CEF采用CLR方式编译报错
¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误，如何解决？
¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
¥15 c#逐行读取txt文本，但是每一行里面数据之间空格数量不同
¥50 如何openEuler 22.03上安装配置drbd
¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
¥15 无线连接树莓派，无法执行update，如何解决？（相关搜索：软件下载）
¥15 Windows11, backspace, enter, space键失灵

PHP CSV解析问题逃避MySQL的字符串

1条回答 默认 最新

悬赏问题

1条回答默认最新