Derleek Posted May 29, 2008 Share Posted May 29, 2008 Ok, so i needed a script to take 4 lines from a file and store them into a database. hence, this script was born: //this statement checks if the upload button has been clicked, and the file uploaded is valid (has a size>0) if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) { //retrieves file name and size form the form $fileName = $_FILES['userfile']['name']; // open the file and save each line as an array entry in $content $content = file($fileName); // count how many lines in the file $numLines = count($content); //counts how many riders are in the file $numRider = $numLines/4; // loop through all the lines $rstore = array();//array to store the $line variable for ($i = 0; $i < $numLines; $i++) { $line = trim($content[$i]); $rstore[$i] = trim($line); } //declaration of arrays for storage into MySQL $Rname = array(); $Rnum = array(); $Rqual = array(); $Rplace= array(); dbConnect('thethrgu_moto'); //loops through and stores rider name, number, qualified, placed into each of the respective arrays with identical key's $slot = 0; for ($i = 0; $i<$numRider; $i++) { $Rname[$i] = $rstore[$slot]; $slot++; $Rnum[$i] = $rstore[$slot]; $slot++; $Rqual[$i] = $rstore[$slot]; $slot++; $Rplace[$i]= $rstore[$slot]; $slot++; //YOU STILL NEED TO CHECK TO MAKE SURE THAT THE RIDER HASN'T ALREADY BEEN PUT INTO THE DATABASE!!!!!(*&!(@*&%$(!*%&(!*%& $sql = "INSERT INTO Racers (name, number, qual, placed) VALUES ('$Rname[$i]',$Rnum[$i],$Rqual[$i],$Rplace[$i])"; mysql_query($sql) or die(mysql_error()); } } i'm relatively new to the php realms so any and all critique's are encouraged and welcome. tear it up in other words Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 29, 2008 Share Posted May 29, 2008 it is nice code. i like it. Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 29, 2008 Share Posted May 29, 2008 You dont do any validation of the file. What happens if the file doesn't contain what you expect? Malicious code for example? Quote Link to comment Share on other sites More sharing options...
Derleek Posted May 29, 2008 Author Share Posted May 29, 2008 I have yet to add the validation, this script is purely local for the time being. Just developing several scripts as a beta for a long term project Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 29, 2008 Share Posted May 29, 2008 Ok, then the only other thing i would mention is that despite this: if(isset($_POST['upload')) Being commonly used to check for a form's submission, it is actually problematic. The reason? Rubbish web browsers (a.k.a. IE) dont actually set the submit button unless it is actually clicked. That is, if someone is filling out your form and hits enter to submit, IE wont post the value of the submit button, so it appears the form hasn't been submitted. A better way is to do: if(count($_POST) > 0) This ensures the $_POST array contains something. There is no requirement to previously check if $_POST has been set; it's a superglobal -- it is always set, even if it's empty. Quote Link to comment Share on other sites More sharing options...
Barand Posted May 29, 2008 Share Posted May 29, 2008 the file you just uploaded will be $_FILES['userfile']['tmp_name'] on the server <?php if(count($_POST) && $_FILES['userfile']['size'] > 0) { //retrieves file name and size form the form $fileName = $_FILES['userfile']['tmp_name']; // uploaded file is here // open the file and save each line as an array entry in $content $content = file($fileName); // count how many lines in the file $numLines = count($content); for($i=0; $i<$numLines; $i+=4) { $rider = array_slice ($content, $i, 4); // grab 4 lines at a time foreach($rider as $k=>$v) $rider[$k] = trim($v); //YOU STILL NEED TO CHECK TO MAKE SURE THAT THE RIDER HASN'T ALREADY BEEN PUT INTO THE DATABASE!!!!!(*&!(@*&%$(!*%&(!*%& $sql = vsprintf("INSERT INTO Racers (name, number, qual, placed) VALUES ('%s', '%s', '%s', '%s')", $rider); //mysql_query($sql) or die(mysql_error()); echo "<pre>$sql</pre>"; // echo sql to test } } ?> <form action="" method="post" enctype="multipart/form-data"> <input type="file" name="userfile"> <input type="submit" name="upload" value="Upload"> </form> Quote Link to comment Share on other sites More sharing options...
Derleek Posted May 29, 2008 Author Share Posted May 29, 2008 hmm, array_slice() eh? what are the values inserted into it? looks like it is (*array*,*key*,*number of slices*)? this is why i post my code, so i learn nifty new commands like that! Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 29, 2008 Share Posted May 29, 2008 what are the values inserted into it? looks like it is (*array*,*key*,*number of slices*)? The manual is always the best way to answer questions like that. If you didn't know, its set up so that you can browse easily to the function page by sticking it after the url, like: http://www.php.net/array_slice Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.