所以这是我在过滤字符的csv内容的问题,如撇号我尝试使用str_replace,但它似乎不影响任何东西。下面的代码在上传没有特殊字符的数据时可以完美地工作,特别是撇号,你能修改一下我下面的代码,这样系统就不会因为特殊字符而出错了吗?
下面是代码: if ($_FILES[csv][size] > 0) {
//get the csv file
$file = str_replace("'","",$_FILES[csv][tmp_name]);
$handle = fopen($file,"r");
//loop through the csv file and insert into database
do {
if (str_replace("'","",$data[0])) {
mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]','$data[10]','$data[11]','$currentDate')") or die ("LOL" .mysql_error());
}
} while ($data = fgetcsv($handle,1000,",","'"));
这里是样例csv文件的图片https://i.stack.imgur.com/zcJ6T.jpg
尝试mysql_real_escape_string();
mysql_query("INSERT IGNORE INTO faculty(FCode) values('mysql_real_escape_string($data[0])')") or die ("LOL" .mysql_error());
mysql_query("INSERT IGNORE INTO faculty(FCode,FName,MName,LName,Gender,image_name,BDate,Title,Service,EmpStat,CollegeID,DepartmentID,dateCreated) values('".mysql_real_escape_string($data[0])."','".mysql_real_escape_string($data[1])."、"。mysql_real_escape_string ($ data[2])。"、"。mysql_real_escape_string ($ data[3])。"、"。mysql_real_escape_string ($ data[4])。"、"。mysql_real_escape_string ($ data[5])。"、"。mysql_real_escape_string ($ data[6])。"、"。mysql_real_escape_string ($ data[7])。"、"。mysql_real_escape_string ($ data[8])。"、"。mysql_real_escape_string ($ data[9])。"、"。mysql_real_escape_string ($ data[10])。"、"。mysql_real_escape_string($data[11])."','$currentDate')")或die (" sql语法错误" .mysql_error());