[英]escape from single quotes data in mysql query
I have a silly problem. 我有一个愚蠢的问题。 I am trying to upload bulk data from csv file to my database table.
我正在尝试将大量数据从csv文件上传到我的数据库表。 It is working fine.
一切正常。 But I noticed many of rows in csv file contains data in single quotes words like (That's, It's etc).
但是我注意到csv文件中的许多行包含单引号等数据,例如(That's,It's等)。 Wherever in database single quotes query throws syntax errors.
在数据库中的任何地方,单引号查询都会引发语法错误。 I seen many posts that suggest to keep you single quotes data like this (That''s) but I have more than 1000 of rows so I can't cheque each row.
我看到很多帖子都建议您使单引号这样的数据,但是我有1000多个行,因此无法检查每一行。 Is there any programmatic way to avoid this problem?
有什么编程方法可以避免此问题?
<?php
include "connection.php"; //Connect to Database
$deleterecords = "TRUNCATE TABLE tablename"; //empty the table of its current records
mysql_query($deleterecords);
//Upload File
if (isset($_POST['submit'])) {
if (is_uploaded_file($_FILES['filename']['tmp_name'])) {
echo "<h1>" . "File ". $_FILES['filename']['name'] ." uploaded successfully." . "</h1>";
echo "<h2>Displaying contents:</h2>";
readfile($_FILES['filename']['tmp_name']);
}
//Import uploaded file to Database
$handle = fopen($_FILES['filename']['tmp_name'], "r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$import="";
mysql_query($import) or die(mysql_error());
}
fclose($handle);
print "Import done";
print ""
//view upload form
}else {
print "<h1>Upload new CSV</h1><br />\n";
print "<form enctype='multipart/form-data' action='upload.php' method='post'>";
print "File name to import:<br />\n";
print "<input size='50' type='file' name='filename'><br />\n";
print "<input type='submit' name='submit' value='Upload'></form>";
}
?>
First of all you need to stop using mysql_*
Functions because it's omitted on php 7.0 instead use mysqli_*
or PDO 首先,您需要停止使用
mysql_*
函数,因为它在php 7.0上被省略了,而是使用mysqli_*
或PDO
you can add back slashes to escape single and double quotes using addslashes()
or since you are inserting into database you need to use mysql_real_escape_string()
您可以使用
addslashes()
添加反斜杠以转义单引号和双引号,或者由于要插入数据库中,因此需要使用mysql_real_escape_string()
mysql_real_escape_string($import);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.