需要帮助以CSV格式转义撇号 - >使用PHP的SQL

时间:2014-03-10 15:17:03

标签: php csv escaping

好的我知道我可能需要使用str_replace而且我已经尝试了$thequery = str_replace("'", "''", $thequery);但它没有用。请不要把我的代码告诉我...我没有写它。每周我们都会得到一个像我们所有课程产品一样的txt文件,然后我们将其复制并粘贴到一个带有以下代码的网页中,并将其发布到MSSQL表中...但是有时我们会有一个带有'然后它没有加载,我们必须手动删除'。我需要逃避'并且可以使用一些帮助。

if ($_POST) {

    if(isset($_POST['semester'])) {
        # Table name to upload to
        $tablename = $_POST['semester'];
    } else {
        die("No table to use");
    }

    # Parsing of the text
    $thequery = $_POST['sql'];
    $thequery = str_replace("\"", "'", $thequery);
    $thequery = str_replace(".00", "", $thequery);
    $thequery = str_replace(".50", "", $thequery);
    $thequery = str_replace("'Brien", " Brien", $thequery);
    $thequery = str_replace("'Shaughnessy", " Shaughnessy", $thequery);
    $thequery = str_replace("--", "10-01-01", $thequery);
    $thequery = str_replace("WEB", "Online", $thequery);
    $squery = explode("\n", $thequery);

    $names = array();
    $equery = array();
    $i = 0;

    foreach($squery as $newquery) {
        $a = split('[*]', $newquery);
        $final = substr($a[0], 0, -2); 
        $newid = $a[1];
        $names[$i] = $newid;
        $equery[$i] = $final;
        $i++;
    }

    $scount = 0;

    # Easiest way to redo the course list was to drop the table and re-insert it with the new values

    mssql_query("DROP TABLE [dbo].[$tablename]") or die(mysql_error());

    mssql_query("CREATE TABLE [dbo].[$tablename] (division CHAR(4) NULL, cid CHAR(11) NULL, cname CHAR(45) NULL, credits TINYINT NULL, days CHAR(7) NULL, day_M TINYINT NULL, day_T TINYINT NULL, day_W TINYINT NULL, day_R TINYINT NULL, day_F TINYINT NULL, day_S TINYINT NULL, sdate DATETIME NULL, edate DATETIME NULL, stime DATETIME NULL, etime DATETIME NULL, duration CHAR(5) NULL, building CHAR(3) NULL, room CHAR(4) NULL, method CHAR(12) NULL, instructor CHAR(40) NULL, secsyn INT NULL)") or die(mysql_error());

    # Inserts the courses

    while ($scount < count($equery)) {

        mssql_query("INSERT INTO [dbo].[$tablename] (division, cid, cname, credits, days, day_M, day_T, day_W, day_R, day_F, day_S, sdate, edate, stime, etime, duration, building, room, method, instructor, secsyn) VALUES ($equery[$scount])") or die(mysql_error());
        print($equery[$scount] . " has been entered.<br>");


        $scount++;

    }

    # Quick hack to update the "Last Updated" with the current date
    $date = date("M j Y g:iA");
    mssql_query("UPDATE courses SET updated='$date' WHERE id='ABED140'") or die(mysql_error());

    $nq = mssql_query("SELECT * FROM [dbo].[$tablename] WHERE method='Online'") or die(mysql_error());
    $tnum = 0;

    print("<br /><br />");

    # Sets courses to Hybrids if they have a 'H' in the course ID
    while($tnum < mssql_num_rows($nq)) {
        $tcourse = mssql_result($nq,$tnum,"cid");

        $ccode = explode(" ",$tcourse);

        if(isset($ccode[1])) {
            if (strpos($ccode[1], 'H') !== false) {
                mssql_query("UPDATE [dbo].[$tablename] SET method='Hybrid' WHERE cid='$tcourse'") or die(mysql_error());
                print("Updated " . $tcourse . " to be a Hybrid course.<br />");
            }
        }

        $tnum++;
    }

    # Special cases for certain classes that need to be set as a Hybrid
    # Simply add $sq[NEXT NUMBER] = "COURSE ID"; and it will set it to a Hybrid

    $sq = array();
    $sq[0] = "BIOL101 WH";
    $sq[1] = "BIOL140 WH";

    foreach ($sq as $nq) {
        if(mssql_num_rows(mssql_query("SELECT * FROM [dbo].[$tablename] WHERE cid='$nq'")) > 0) {
            mssql_query("UPDATE [dbo].[$tablename] SET method='Hybrid' WHERE cid='$nq'") or die(mysql_error());
            print("Updated " . $nq . " to be a Hybrid course.<br />");
        }
    }

    # Checking to make sure the online classes have a special_online table link

    $cq = mssql_query("SELECT * FROM [dbo].[$tablename] WHERE method='Online' OR method='Hybrid'");
    $cn = 0;

    while($cn < mssql_num_rows($cq)) {

        $ccid = mssql_result($cq,$cn,"cid");
        $ncq = mssql_query("SELECT * FROM [dbo].[special_online] WHERE cid='$ccid'");

        if(mssql_num_rows($ncq) == 0) {
            mssql_query("INSERT INTO [dbo].[special_online] (cid,url) VALUES ('$ccid','http://dacc.blackboard.com')") or die(mysql_error());
            print("Updated " . $ccid . " to have a online course link.<br />");
        }

        $cn++;
    }

} else {    
    # Prints our form that shows when page is first loaded
    print("<form action='' method='post'><select name='semester'>
    <option value='2011SP'>2011SP</optoin>
    <option value='2011SU'>2011SU</option>
    <option value='2011FA'>2011FA</option>
    <option value='2011FA'>2011WI</option>
    <option value='2012SP'>2012SP</option>
    <option value='2012SU'>2012SU</option>
    <option value='2012FA'>2012FA</option>
    <option value='2013SP'>2013SP</option>
    <option value='2013SU'>2013SU</option>
    <option value='2013FA'>2013FA</option>  
    <option value='2013WI'>2013WI</option>
    <option value='2014SP'>2014SP</option>
    <option value='2014SU'>2014SU</option>
    <option value='2014FA'>2014FA</option>
    </select><br><br>Insert the statement:<br><textarea name='sql' rows='10' cols='100'></textarea><br><input type='submit' value='Submit'></form>");
}

1 个答案:

答案 0 :(得分:0)

尝试将'替换为\,然后再将其放入数据库:

更改此行:

$thequery = str_replace("\"", "'", $thequery);

为:

$thequery = str_replace("'", "\\", $thequery);

DEMO