Jump to content

need to add mysql_real_escape_string, but not sure where

webguync

By webguync
in PHP Coding Help

Recommended Posts

webguync Advanced Member

webguync

Posted
Posted

Hello,

 

I need to some existing code mysql_real_escape_string such as:

 

'" . mysql_real_escape_string($name) . "'

 

but I am not sure where to insert into the existing code which is:

 

<?php
require_once('databaseClass.php');

if ($_POST) {
foreach($_POST as $key=>$value) {
	if (empty($value)) {
		if ($key == 'fileurl') {
			$errors[] = 'Please provide the URL to the text file containing the data you want to load';
			}
		else if ($key == 'dbname') {
			$errors[] = 'Please provide the name of the database into which you want to load the data';
			}
		else if ($key == 'dbuser') {
			$errors[] = 'Please provide the appropriate Username for the database';
			}
		else if ($key == 'db_pw') {
			$errors[] = 'Please provide the appropriate PW for the database';
			}
		else if ($key == 'dbtable') {
			$errors[] = 'Please provide the database table into which you would like to insert data';
			}
		else if ($key == 'fields') {
			$errors[] = 'Please specify the field names for the table';
			}
		}
	}
if (!isset($errors)) {
	$file = fopen('../'.$_POST['fileurl'], 'r');
	if ($file) {
		$pattern = '/[\n\r\t]/';
		while (!feof($file)) {
			$line = trim(fgets($file));
			$newline = preg_replace($pattern,'\t',$line);
			$lines[] = explode('\t',$newline);
			//echo (fgets($file));
			}
		fclose($file);
		if (count($lines) > 0) {
			$countSuccess = 0;
			$fields = explode(',',$_POST['fields']);
			//$entryCnt = count($tmp);
			$db = new Database('localhost',$_POST['dbuser'],$_POST['db_pw'],$_POST['dbname'],0);
			for ($i=0; $i<count($lines); $i++) {
				$tmp = NULL;
				$sql = 'INSERT INTO '.$_POST['dbtable'].' (';
				for ($k=0; $k<count($lines[$i]); $k++) {
					if (isset($lines[$i][$k]) && $lines[$i][$k] != NULL) {
						$tmp[] = $fields[$k];
						}
					}
				$sql .= implode(',',$tmp);
				$sql .= ') VALUES (';
				for ($j=0; $j<count($lines[$i]); $j++) {
					if (isset($lines[$i][$j]) && $lines[$i][$j] != NULL) {
						if (is_numeric($lines[$i][$j])) {
							$sql .= $lines[$i][$j];
							}
						else {
							$sql .= "'".$lines[$i][$j]."'";
							}
						if($j != (count($lines[$i])-1)) {
							$sql .= ',';
							}
						}
					}
				$sql .= ')';

				$result = $db->query($sql);
				if($result) {
					$countSuccess++;
					}
				//echo $sql;
				}

			$db->close();
			if($countSuccess > 0) {
				header('Location: '.$_SERVER['PHP_SELF'].'?numInserted='.$countSuccess);
				}
			else {
				$errors[] = 'No data was inserted into the database.  Please check all fields again.';
				}
			//print_r($lines);
			}
		else {
			$errors[] = 'No data in designated file';
			}
		}
	else {
		$errors[] = 'Not able to open specified file.  Please check that it is the correct URL to text file.';
		}
	}
}


?>

 

 

webguync Advanced Member

webguync

Posted
  • Author
Posted

apparently this is not where I add this code, because I am getting an error.

 


<?php
require_once('databaseClass.php');

if ($_POST) {
foreach($_POST as $key=>$value) {
	if (empty($value)) {
		if ($key == 'fileurl') {
			$errors[] = 'Please provide the URL to the text file containing the data you want to load';
			}
		else if ($key == 'dbname') {
			$errors[] = 'Please provide the name of the database into which you want to load the data';
			}
		else if ($key == 'dbuser') {
			$errors[] = 'Please provide the appropriate Username for the database';
			}
		else if ($key == 'db_pw') {
			$errors[] = 'Please provide the appropriate PW for the database';
			}
		else if ($key == 'dbtable') {
			$errors[] = 'Please provide the database table into which you would like to insert data';
			}
		else if ($key == 'fields') {
			$errors[] = 'Please specify the field names for the table';
			}
		}
	}
if (!isset($errors)) {
	$file = fopen('../'.$_POST['fileurl'], 'r');
	if ($file) {
		$pattern = '/[\n\r\t]/';
		while (!feof($file)) {
			$line = trim(fgets($file));
			$newline = preg_replace($pattern,'\t',$line);
			$lines[] = explode('\t',$newline);
			//echo (fgets($file));
			}
		fclose($file);
		if (count($lines) > 0) {
			$countSuccess = 0;
			$fields = explode(',',$_POST['fields']);
			//$entryCnt = count($tmp);
			$db = new Database('localhost',$_POST['dbuser'],$_POST['db_pw'],$_POST['dbname'],0);
			for ($i=0; $i<count($lines); $i++) {
				$tmp = NULL;
				$sql = 'INSERT INTO '.$_POST['dbtable'].' (';
				for ($k=0; $k<count($lines[$i]); $k++) {
					if (isset($lines[$i][$k]) && $lines[$i][$k] != NULL) {
						$tmp[] = $fields[$k];
						}
					}
				$sql .= implode(',',$tmp);

				$sql .= ') VALUES ('" . mysql_real_escape_string($sql) . "'';
				for ($j=0; $j<count($lines[$i]); $j++) {
					if (isset($lines[$i][$j]) && $lines[$i][$j] != NULL) {
						if (is_numeric($lines[$i][$j])) {
							$sql .= $lines[$i][$j];
							}
						else {
							$sql .= "'".$lines[$i][$j]."'";
							}
						if($j != (count($lines[$i])-1)) {
							$sql .= ',';
							}
						}
					}
				$sql .= ')';

				$result = $db->query($sql);
				if($result) {
					$countSuccess++;
					}
				//escape $sql;

				}

			$db->close();
			if($countSuccess > 0) {
				header('Location: '.$_SERVER['PHP_SELF'].'?numInserted='.$countSuccess);
				}
			else {
				$errors[] = 'No data was inserted into the database.  Please check all fields again.';
				}
			//print_r($lines);
			}
		else {
			$errors[] = 'No data in designated file';
			}
		}
	else {
		$errors[] = 'Not able to open specified file.  Please check that it is the correct URL to text file.';
		}
	}
}


?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.