Read CSV File in php

Question

Can we Read and remove single quote , double quote and semicolons from csv file each columns so that you can upload csv file to mysql without any errors

 if (isset($_POST['submit'])) {
    if (is_uploaded_file($_FILES['filename']['tmp_name'])) {
        echo "<h1>" . "File ". $_FILES['filename']['name'] ." uploaded successfully." . "</h1>";
        echo "<h2>Displaying contents:</h2>";
        readfile($_FILES['filename']['tmp_name']);
    }

    //Import uploaded file to Database
    $handle = fopen($_FILES['filename']['tmp_name'], "r");

    while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
        $import="INSERT IGNORE INTO brokers (id,btype,bname,bphone,bmobphone,bfax,bemail,bwebsite,bcompany,bintrowho,bcurrentwho,bintrowhat,baddress,bjobtitle,bregion,bcity,bstate,bzip,bsweetspot1,bsweetspot2,bsweetspot3,bsweetspot4,bsweetspot5,bsweetspot6,bsweetspot7,bsweetspot8,bsweetspot9,bsweetspot10,bsweetspot11,bsweetspot12,bsweetspot13,bsweetspot14,bsweetspot15,baltphone,bdepartment,bitr,bvrr,bskype,bhangouts,bcomments) VALUES ('','$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]','$data[10]','$data[11]','$data[12]','$data[13]','$data[14]','$data[15]','$data[16]','$data[17]','$data[18]','$data[19]','$data[20]','$data[21]','$data[22]','$data[23]','$data[24]','$data[25]','$data[26]','$data[27]','$data[28]','$data[29]','$data[30]','$data[31]','$data[32]','$data[33]','$data[34]','$data[35]','$data[36]','$data[37]','$data[38]')";

        mysql_query($import) or die(mysql_error());
    }

    fclose($handle);

    print "Import done";
 $import=header("location:User_option.php");
    //view upload form
}

yes its possible. I have implemented it but the rules of the community are clear- You write your code and we extend our support wherever possible. We can't write code for you so google it and try it yourself first! — Swastik Padhi, Jun 30 '15 at 09:48
Removing double quotes are possible. Just use `str_replace`. — Praveen Kumar Purushothaman, Jul 10 '15 at 08:14
@DickieBoy actually not but regular expression made it possible — Hari Shankar, Jul 10 '15 at 10:23

score 0 · Answer 1 · edited May 23 '17 at 12:06

0

What you are getting here is SQL injection. It is a security venerability.

In basic terms, you should put mysql_real_escape_string around the data[N] refs you are using. Example:

"INSERT IGNORE INTO brokers (id,btype) VALUES ('','mysql_real_escape_string($data[0])')"

Please read this and this for more information.

edited May 23 '17 at 12:06

Community

1
1

answered Jun 30 '15 at 10:08

DickieBoy

4,886
1
28
47

Read CSV File in php

1 Answers1