0

I'm having issues using fsgetcsv to import a text file into a database, the issues stems from some of the fields containing names with a single quote char in the names (irish database), fields are escaped by the ^ character and that bit is working fine but it basically tells me I have an error in my SQL syntax when it reaches a field with the ' character.

Is there anyway I can get around this issue? I've tried various combinations of escape characters but to no avail.

Importing the file using the tool in PhpMyAdmin works and causes no issues using the following terms:

field termination char: ^ field enclosed char: " field escaped char: \ line terminated by: auto

Here is an example of the offending line:

4^01^Patrick O'Brien^account Number^7Address^client contact^sales contact^Validity Check on appointment and report to Receiver^21/01/13^^^^^^^^^^^02

and here is the fsgetcsv statement

while (($data = fgetcsv($handle, 1000, "^" )) !== FALSE) {
Funk247
  • 330
  • 4
  • 22

1 Answers1

0

When you build the SQL statement to insert the rows into the database ensure that the values that have been returned by the fsgetcsv function are correctly escaped. You can do this by using SQL parameters (see How can I prevent SQL injection in PHP?) or by escaping using the built in functions for the database you are using (see http://www.php.net/manual/en/mysqli.real-escape-string.php).

Community
  • 1
  • 1
Stacey Richards
  • 6,536
  • 7
  • 38
  • 40
  • This was really helpful, I simply updated the insert statement to follow this format and it worked like a charm. '".mysql_real_escape_string($data[1])."', Thanks very much :D – Funk247 Feb 21 '13 at 13:26