PHP: Export sql data to CSV

Question

I have an older PHP app that I am trying to figure out why I cannot export to CSV anymore.

On the page where sql data is displayed on the page the following link is displayed for exporting to CSV:

<p class="content_text"><strong><a href="export.php?tablename=PrivateActs109">Export to Excel</a></strong></p>

And then the entirety of the export.php file:

<?php /* ########## Connect to Database ########## */

require_once('../Connections/dbConnect_acts.php');
mysql_select_db($database_dbConnect, $dbConnect) or die ("no luck") ;



// Export to CSV
require '../includes/exportcsv.inc.php';
$table=$tablename; // this is the tablename that you want to export to csv from mysql.
$sql_query = "SELECT `ChapterNumber`, `Subject`,  `Abstract` , `BillNumber` FROM $tablename ";
exportMysqlToCsv($table,$sql_query);
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");header("Content-Length: " . strlen($out));
// Output to browser with appropriate mime type, you choose ;)
//header("Content-type: text/x-csv");
//header("Content-type: text/csv");
header("Content-type: application/csv");
header("Content-Disposition: attachment; filename=$filename");

?>

Looking for direction since I am still pretty new to PHP.

`$table=$tablename` should be `$table=$_GET['tablename']` because `register_globals_gpc` is off, but that opens up a whole new can of worms of SQL Injection because it is used in the query. http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 — AbraCadaver, Jan 19 '17 at 22:19
@AbraCadaver Thanks, just getting into this app. The CSV does get created but I'm not getting what I expect. — Jason, Jan 19 '17 at 22:32
What does the line `require '../includes/exportcsv.inc.php';` include? and what does the line `exportMysqlToCsv($table,$sql_query);` do? We can't see these so we don't know what is happening. — Mike, Feb 07 '17 at 14:09

score 0 · Accepted Answer · answered Feb 08 '17 at 17:19

0

I wound up having to change the $table to the following:

$table=$_GET['tablename'];

Thanks for the suggestions, it is a legacy app and I learned a lot about PHP from working on it.

answered Feb 08 '17 at 17:19

Jason

77
1
3
9

PHP: Export sql data to CSV

1 Answers1