我的主机刚刚贬值了mysql连接,转而支持mysqli
这个特定的脚本是一个示例,但在我尝试过渡到 Mysqli 之前运行良好。不幸的是,我从另一个工作地点的 php 编程工作了 4 年,并且已经有一段时间没有看过这个了。所以请温柔一点:-)
我能够连接到数据库,但输出如下所示:错误:插入到文章中(名称、引用)值(",")
我一定对$data变量做错了什么,但由于它适用于以前的版本,因此一无所知。
我感谢任何帮助
<?php
ini_set('auto_detect_line_endings',TRUE);
function clean($str, $default = '') {
if (!isset($str)) $str = $default;
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$host_name = "some host";
$database = "some database";
$user_name = "someusername";
$password = "some password";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
if (mysqli_connect_errno()){ echo "Failed to connect to MySQL: " . mysqli_connect_error(); } else {echo 'connected to DB<br />';}
$lines = $value1 = $value2 = $data = 0;
if ($_FILES["csv"]["size"] > 0) {
//get the csv file
$file = $_FILES["csv"]["tmp_name"];
$handle = fopen($file,"r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
if ($data[0]) {
$sql = "INSERT INTO articles (name, reference) VALUES ('".clean($data[0])."','".clean($data[1])."')";
if (mysqli_query($conn, $sql)) { } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); }
$lines++;
}
}
header('Location: <?php echo $_SERVER["PHP_SELF"]; ?>?success=1&lines='.$lines.''); die;
}
if ( isset($_GET['success']) )
{
$success = $_GET['success'];
$lines = $_GET['lines'];
} else {
$success = 0;
}
mysqli_close($conn);
if ($success != 0 ) {
echo "<b>Your file has been imported.</b><br>";
echo "Found a total of ".$lines." records in this csv file.<br />";
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1">
Choose your file: <br />
<input name="csv" type="file" id="csv" />
<input type="submit" name="Submit" value="Submit" />
</form>
问题出在clean函数中,最后一行:
function clean($str, $default = '') {
if (!isset($str)) $str = $default;
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
由于您没有mysql_*连接,mysql_real_escape_string将返回false转换为空字符串。您应该为 mysqli 使用正确的函数,但准备好的语句会更好,这样您就不必清理任何东西。当然,除了定期验证。
请注意,如果选择使用转义函数,则需要根据需要将数据库连接作为参数发送到函数:
function clean($db, $str, $default = '') {
...
return mysqli_real_escape_string($db, $str);
}
现在
效果很好......感谢您的帮助
<?php
ini_set('auto_detect_line_endings',TRUE);
function clean($link, $str, $default ='') {
if (!isset($str)) $str = $default;
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysqli_real_escape_string($link, $str);
}
$host_name = "somehost";
$database = "somedb";
$user_name = "someusername";
$password = "somepassword";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {}
if (isset($_GET['success'])) {
$success = $_GET['success'];
$lines = $_GET['lines'];
} else {
$success = 0;
}
if ($success != 0 ) {
echo "<b>Your file has been imported.</b><br>";
echo "Found a total of ".$lines." records in this csv file.<br />";
}
$lines = $value1 = $value2 = $data = 0;
if ($_FILES["csv"]["size"] > 0) {
//get the csv file
$file = $_FILES["csv"]["tmp_name"];
$handle = fopen($file,"r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
//print_r($data).'<br />';
if ($data[0]) {
$sql = "INSERT INTO `articles` (`name`, `reference`) VALUES ('".clean($connect, $data[0])."','".clean($connect, $data[1])."')";
//echo $sql.'<br />';
if (mysqli_query($connect, $sql)) { } else { echo "Error: " . $sql . "<br>" . mysqli_error($connect); }
$lines++;
}
}
header('Location: index.php?success=1&lines='.$lines.'');die;
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1">
Choose your file: <br />
<input name="csv" type="file" id="csv" />
<input type="submit" name="Submit" value="Submit" />
</form>