davidjmorin Posted March 30, 2020 Share Posted March 30, 2020 I am tyring to figure out how to allow the use of ' in the name field. I have tried string replace but that does not work. I also tried single and double quotes around value. Any help is appreciated. if(isset($_POST['upsubmit'])){ // Allowed mime types $csvMimes = array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'application/x-csv', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel', 'text/plain'); // Validate whether selected file is a CSV file if(!empty($_FILES['file']['name']) && in_array($_FILES['file']['type'], $csvMimes)){ if(is_uploaded_file($_FILES['file']['tmp_name'])){ // Open uploaded CSV file with read-only mode $csvFile = fopen($_FILES['file']['tmp_name'], 'r'); // Skip the first line fgetcsv($csvFile); while(($line = fgetcsv($csvFile)) !== FALSE){ $Agent_ID =$line[0]; $Agent_Name =$line[1]; $Tran_Year =$line[2]; $Tran_Period =$line[3]; $Original_Mobile_ID =$line[4]; $Mobile_ID =$line[5]; $Device_Category =$line[6]; $Device_ID =$line[7]; $Account_Number =$line[8]; $Price_Plan =$line[9]; $Customer_Name =$line[10]; $Device_Change_Date =$line[11]; $New_Device_Contract_Begin_Date =$line[12]; $New_Device_Contract_End_Date =$line[13]; $Access_Charge =$line[14]; $Contract_Term =$line[15]; $Model =$line[16]; $Alt_Mobile_ID =$line[17]; $VZW_Provided_Equip =$line[18]; $Previously_Activated_Equip =$line[19]; $Installment_Contract =$line[20]; $Purchased_Receivable =$line[21]; $DPA_Service_Fee =$line[22]; $Agent_SSO_ID =$line[23]; $Customer_Type =$line[24]; $Previous_Price_Plan =$line[25]; $Previous_Access_Charge =$line[26]; $prevQuery = "SELECT ID FROM disc_Upgrades WHERE Device_ID = '".$line[7]."' AND Customer_Name = '".$line[10]."'"; $prevResult = $db->query($prevQuery); if($prevResult->num_rows > 0){ }else{ $db->query("INSERT INTO `disc_Upgrades(Agent_ID`, `Agent_Name`, `Tran_Year`, `Tran_Period`, `Original_Mobile_ID`, `Mobile_ID`, `Device_Category`, `Device_ID`, `Account_Number`, `Price_Plan`, `Customer_Name`, `Device_Change_Date`, `New_Device_Contract_Begin_Date`, `New_Device_Contract_End_Date`, `Access_Charge`, `Contract_Term`, `Model`, `Alt_Mobile_ID`, `VZW_Provided_Equip`, `Previously_Activated_Equip`, `Installment_Contract`, `Purchased_Receivable`, `DPA_Service_Fee`, `Agent_SSO_ID`, `Customer_Type`, `Previous_Price_Plan`, `Previous_Access_Charge`) VALUES ( '$Agent_ID', '$Agent_Name', '$Tran_Year', '$Tran_Period', '$Original_Mobile_ID', '$Mobile_ID', '$Device_Category', '$Device_ID', '$Account_Number', '$Price_Plan', '$Customer_Name', '$Device_Change_Date', '$New_Device_Contract_Begin_Date', '$New_Device_Contract_End_Date', '$Access_Charge', '$Contract_Term', '$Model', '$Alt_Mobile_ID', '$VZW_Provided_Equip', '$Previously_Activated_Equip', '$Installment_Contract', '$Purchased_Receivable', '$DPA_Service_Fee', '$Agent_SSO_ID', '$Customer_Type', '$Previous_Price_Plan', '$Previous_Access_Charge')"); } } // Close opened CSV file fclose($csvFile); $qstring = '?status=succ'; }else{ $qstring = '?status=err'; } }else{ $qstring = '?status=invalid_file'; } } // Redirect to the listing page header("Location: ../index.php".$qstring); Quote Link to comment Share on other sites More sharing options...
kicken Posted March 30, 2020 Share Posted March 30, 2020 You need to use parameter binding rather than variable interpolation. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.