0

My code is below, and i am not understanding that what problem is in this code, because my data is not saving in mysql db table. Is anyone tell me that what problem is in my code? ===========================================================================================

<?php

    $con = mysql_connect('localhost','root','') or die(mysql_error());

    mysql_select_db('csv_data',$con) or die(mysql_error());

    $data = array();
    if(isset($_FILES['submit'])){
        if($FILES['csv_file']['size'] > 0){
            $file = $_FILES['csv_file']['tmp_name'];
            $handle = fopen($file,"r");

        while($data = fgetcsv($handle, 134217728, ',')){
            $query = "INSERT INTO data(url) VALUES ('".$data[0]."')";
            mysql_query($query) or die(mysql_error());
            echo "File Uploaded.";

        }
    }
}
?>
<body>
<form name="frm" action="save_csv_in_mysql_table.php" method="post">
    <input type="file" name="csv_file" value="Upload Csv File"/>
    <input type="submit" name="submit" value="Upload CSV File"/>
</form>
</body>
Learner
  • 177
  • 2
  • 15
  • 1
    Try using error handlers. – Kermit Dec 09 '13 at 18:52
  • Not `if(isset($_FILES['submit'])){` but `if(isset($_POST['submit'])){` for `` or you might have meant to use `if(isset($_FILES['csv_file'])){` to work with `` - Might be opening up a potential "can of worms", as it were. Try either/or. – Funk Forty Niner Dec 09 '13 at 18:52
  • [Don't use mysql_*](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?rq=1) – elixenide Dec 09 '13 at 18:53
  • 4
    This question appears to be off-topic because `E_DOEST_WORK` is not a proper PHP error code. – tereško Dec 09 '13 at 18:56

3 Answers3

0

You need use if(isset($_POST['submit'])){

PHP:

    $con = mysql_connect('localhost','root','') or die(mysql_error());

    mysql_select_db('csv_data',$con) or die(mysql_error());

    $data = array();
    if(isset($_POST['submit'])){
        if($FILES['csv_file']['size'] > 0){
            $file = $_FILES['csv_file']['tmp_name'];
            $handle = fopen($file,"r");

            while($data = fgetcsv($handle, 134217728, ',')){
                $query = "INSERT INTO data(url) VALUES ('".$data[0]."')";
                mysql_query($query) or die(mysql_error());
                echo "File Uploaded.";

             }
         }
    }
Krish R
  • 22,583
  • 7
  • 50
  • 59
0

What is $_FILES['submit']? I think, you have not this index.

Try to add in the beginning

print_r($_POST);
print_r($_FILES);

and than create a normal statement.

For example:

if (isset($_FILES['csv_file'])) {do something}

At the second: don't use INSERT with mysql_query. Read about PDO, it's safe and comfort. There is a vulnerability in your code (SQL Injection).

BaBL86
  • 2,602
  • 1
  • 14
  • 13
0

You have built your form incorrectly, so NO FILE IS BEING UPLOADED:

<form enctype="multipart/form-data" name="frm" action="save_csv_in_mysql_table.php" method="post" >
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^--missing

You then failed to check if an upload was actually successful and simply blundered onwards blindly:

if (isset($_FILES['csv_file']['error']) && ($_FILES['csv_file']['error'] !== UPLOAD_ERR_OK)) {
   die("Upload failed with error code#: " . $_FILES['csv_file']['error']);
}

You then blindly try to slurp data from this file and insert that data directly into your query string, also leaving you wide open to SQL injection attacks.

Marc B
  • 356,200
  • 43
  • 426
  • 500