Jump to content

need to add mysql_real_escape_string, but not sure where

webguync

By webguync
in PHP Coding Help

 Share

Recommended Posts

webguync Advanced Member

webguync

Posted
Posted

Hello,

 

I need to some existing code mysql_real_escape_string such as:

 

'" . mysql_real_escape_string($name) . "'

 

but I am not sure where to insert into the existing code which is:

 

<?php
require_once('databaseClass.php');

if ($_POST) {
foreach($_POST as $key=>$value) {
	if (empty($value)) {
		if ($key == 'fileurl') {
			$errors[] = 'Please provide the URL to the text file containing the data you want to load';
			}
		else if ($key == 'dbname') {
			$errors[] = 'Please provide the name of the database into which you want to load the data';
			}
		else if ($key == 'dbuser') {
			$errors[] = 'Please provide the appropriate Username for the database';
			}
		else if ($key == 'db_pw') {
			$errors[] = 'Please provide the appropriate PW for the database';
			}
		else if ($key == 'dbtable') {
			$errors[] = 'Please provide the database table into which you would like to insert data';
			}
		else if ($key == 'fields') {
			$errors[] = 'Please specify the field names for the table';
			}
		}
	}
if (!isset($errors)) {
	$file = fopen('../'.$_POST['fileurl'], 'r');
	if ($file) {
		$pattern = '/[\n\r\t]/';
		while (!feof($file)) {
			$line = trim(fgets($file));
			$newline = preg_replace($pattern,'\t',$line);
			$lines[] = explode('\t',$newline);
			//echo (fgets($file));
			}
		fclose($file);
		if (count($lines) > 0) {
			$countSuccess = 0;
			$fields = explode(',',$_POST['fields']);
			//$entryCnt = count($tmp);
			$db = new Database('localhost',$_POST['dbuser'],$_POST['db_pw'],$_POST['dbname'],0);
			for ($i=0; $i<count($lines); $i++) {
				$tmp = NULL;
				$sql = 'INSERT INTO '.$_POST['dbtable'].' (';
				for ($k=0; $k<count($lines[$i]); $k++) {
					if (isset($lines[$i][$k]) && $lines[$i][$k] != NULL) {
						$tmp[] = $fields[$k];
						}
					}
				$sql .= implode(',',$tmp);
				$sql .= ') VALUES (';
				for ($j=0; $j<count($lines[$i]); $j++) {
					if (isset($lines[$i][$j]) && $lines[$i][$j] != NULL) {
						if (is_numeric($lines[$i][$j])) {
							$sql .= $lines[$i][$j];
							}
						else {
							$sql .= "'".$lines[$i][$j]."'";
							}
						if($j != (count($lines[$i])-1)) {
							$sql .= ',';
							}
						}
					}
				$sql .= ')';

				$result = $db->query($sql);
				if($result) {
					$countSuccess++;
					}
				//echo $sql;
				}

			$db->close();
			if($countSuccess > 0) {
				header('Location: '.$_SERVER['PHP_SELF'].'?numInserted='.$countSuccess);
				}
			else {
				$errors[] = 'No data was inserted into the database.  Please check all fields again.';
				}
			//print_r($lines);
			}
		else {
			$errors[] = 'No data in designated file';
			}
		}
	else {
		$errors[] = 'Not able to open specified file.  Please check that it is the correct URL to text file.';
		}
	}
}


?>

 

 

Link to comment
Share on other sites
webguync Advanced Member

webguync

Posted
  • Author
Posted

apparently this is not where I add this code, because I am getting an error.

 


<?php
require_once('databaseClass.php');

if ($_POST) {
foreach($_POST as $key=>$value) {
	if (empty($value)) {
		if ($key == 'fileurl') {
			$errors[] = 'Please provide the URL to the text file containing the data you want to load';
			}
		else if ($key == 'dbname') {
			$errors[] = 'Please provide the name of the database into which you want to load the data';
			}
		else if ($key == 'dbuser') {
			$errors[] = 'Please provide the appropriate Username for the database';
			}
		else if ($key == 'db_pw') {
			$errors[] = 'Please provide the appropriate PW for the database';
			}
		else if ($key == 'dbtable') {
			$errors[] = 'Please provide the database table into which you would like to insert data';
			}
		else if ($key == 'fields') {
			$errors[] = 'Please specify the field names for the table';
			}
		}
	}
if (!isset($errors)) {
	$file = fopen('../'.$_POST['fileurl'], 'r');
	if ($file) {
		$pattern = '/[\n\r\t]/';
		while (!feof($file)) {
			$line = trim(fgets($file));
			$newline = preg_replace($pattern,'\t',$line);
			$lines[] = explode('\t',$newline);
			//echo (fgets($file));
			}
		fclose($file);
		if (count($lines) > 0) {
			$countSuccess = 0;
			$fields = explode(',',$_POST['fields']);
			//$entryCnt = count($tmp);
			$db = new Database('localhost',$_POST['dbuser'],$_POST['db_pw'],$_POST['dbname'],0);
			for ($i=0; $i<count($lines); $i++) {
				$tmp = NULL;
				$sql = 'INSERT INTO '.$_POST['dbtable'].' (';
				for ($k=0; $k<count($lines[$i]); $k++) {
					if (isset($lines[$i][$k]) && $lines[$i][$k] != NULL) {
						$tmp[] = $fields[$k];
						}
					}
				$sql .= implode(',',$tmp);

				$sql .= ') VALUES ('" . mysql_real_escape_string($sql) . "'';
				for ($j=0; $j<count($lines[$i]); $j++) {
					if (isset($lines[$i][$j]) && $lines[$i][$j] != NULL) {
						if (is_numeric($lines[$i][$j])) {
							$sql .= $lines[$i][$j];
							}
						else {
							$sql .= "'".$lines[$i][$j]."'";
							}
						if($j != (count($lines[$i])-1)) {
							$sql .= ',';
							}
						}
					}
				$sql .= ')';

				$result = $db->query($sql);
				if($result) {
					$countSuccess++;
					}
				//escape $sql;

				}

			$db->close();
			if($countSuccess > 0) {
				header('Location: '.$_SERVER['PHP_SELF'].'?numInserted='.$countSuccess);
				}
			else {
				$errors[] = 'No data was inserted into the database.  Please check all fields again.';
				}
			//print_r($lines);
			}
		else {
			$errors[] = 'No data in designated file';
			}
		}
	else {
		$errors[] = 'Not able to open specified file.  Please check that it is the correct URL to text file.';
		}
	}
}


?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.