如果有人可以提供帮助,我会非常感激,我已经在这里搜索过谷歌并且无法找到错误的内容,我怎么说这些行被终止了?继承人代码..
<?php if (isset($_POST['submitbulk'])) {
if (is_uploaded_file($_FILES['filename']['tmp_name'])) {
echo "<h2>Orders Updated:</h2>";
readfile($_FILES['filename']['tmp_name']);
}
//Import uploaded file to Database
$handle = fopen($_FILES['filename']['tmp_name'], "r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
if ($data[2] != 0) {
$shipdate = $data[2];
}else{
$shipdate = date('Y-m-d');
}
if (isset($data[1])) {
$vendor_invoice = $data[1];
}else{
$vendor_invoice = 0;
}
if (isset($data[3])) {
$shipping_cost = $data[3];
}else{
$shipping_cost = "";
}
if (isset($data[4])) {
$fedex_tracking = $data[4];
$fedex_notify_order[] = $data[0];
$fedex_notify_tracking[] = $data[4];
}else{
$fedex_trackoing = "";
}
if (isset($data[5])) {
$ups_tracking = $data[5];
$ups_notify_order[] = $data[0];
$ups_notify_tracking[] = $data[5];
}else{
$ups_trackoing = "";
}
if (isset($data[6])) {
$ontrac_tracking = $data[6];
$ontrac_notify_order[] = $data[0];
$ontrac_notify_tracking[] = $data[6];
}else{
$ontrac_trackoing = "";
}
if (isset($fedex_tracking, $ups_tracking, $ontrac_tracking)) {
$array3[] = $data[0];
}else{
echo "";
}
$import = sprintf("UPDATE orders SET ".
"vendor_invoice_number='%s', ".
"ship_date='%s', ".
"ship_cost='%s', ".
"fedex_track_num='%s', ".
"ups_track_num='%s', ".
"ontrac_track_num='%s' ".
"WHERE orders_id=%s",
mysql_real_escape_string($vendor_invoice),
mysql_real_escape_string($shipdate),
mysql_real_escape_string($shipping_cost),
mysql_real_escape_string($fedex_tracking),
mysql_real_escape_string($ups_trackoing),
mysql_real_escape_string($ontrac_tracking),
(int)$data[0]);
mysql_query($import) or die(mysql_error());
}
fclose($handle);
print "</br>Updated Successfully";
//view upload form
}else { ?>
Import Vendor Invoice Numbers<br />
<form enctype='multipart/form-data' action='submit.php' method='post'>
<input size='50' type='file' name='filename'><br />
<input type='submit' name='submitbulk' value='Upload'></form>
<?php }
?>
问题在于它只导入了第一行,我尝试用/ n / r / n等结束行,但似乎无法找出最新情况。关于如何解决这个问题的任何想法?
更新了代码,它现在工作得很好但是当我不想要它时它会覆盖数据库中的数据。我想如果我把它设置为&#34;&#34;它不会改变任何东西,但它仍在改变它。关于如何制作它的任何想法只有在有东西时才更新?
编辑 - 会像
$query = <<<eof
LOAD DATA INFILE '$_FILES['filename']['tmp_name']'
INTO TABLE orders
FIELDS TERMINATED BY '|' OPTIONALLY ENCLOSED BY '"'
LINES TERMINATED BY '\n'
(orders_id,vendor_invoice_number,ship_date,ship_cost,fedex_track_num,ups_track_num,ontrac_track_num)
eof;
$db->query($query);
?>
在这样的情况下工作?
答案 0 :(得分:0)
构造查询的方式是错误的。你当前的代码有点令人困惑,我想这就是你要找的东西:
$import = sprintf("UPDATE orders SET ".
"vendor_invoice_number='%s', ".
"ship_date='%s', ".
"shipping_costs='%s', ".
"fedex_trackoing='%s', ".
"ups_trackoing='%s', ".
"ontrac_trackoing='%s' ".
"WHERE orders_id=%s",
mysql_real_escape_string($data[1]),
mysql_real_escape_string($shipdate),
mysql_real_escape_string($shipping_cost),
mysql_real_escape_string($fedex_trackoing),
mysql_real_escape_string($ups_trackoing),
mysql_real_escape_string($ontrac_trackoing),
(int)$data[0]);
基本问题是,您尝试在内部使用'$data[1]' 双引号字符串初始化,这根本不起作用。
但请注意,这是值得怀疑的。您不应盲目信任发布到服务器的数据。任何东西都可以在其中,并且以您当前的方式使用此类数据会打开巨大的安全问题。阅读一下&#34; sql注入&#34;,考虑切换到高级mysqli扩展名(您当前使用的mysql扩展名已弃用),并了解&#34;的优点。准备好的陈述&#34;。
更新以解释此处的其他评论/更新后的问题:
为了防止基于csv文件的内容执行此类更新查询,最简单的方法是将执行命令包含在条件结构中:
if ( ! empty($data[1])
&& ! empty($shipdate)
&& ! empty($shipping_cost) )
&& ! empty($fedex_trackoing) )
&& ! empty($ups_trackoing) )
&& ! empty($ontrac_trackoing) ) {
mysql_query($import) or die(mysql_error());
}
显然,您需要的实际情况取决于您决定不更新数据库中现有条目的情况。当将其与问题内部发布的原始循环内容相结合时,很明显代码现在有些混乱。重新实现这肯定是有意义的,这是一种更简化的方式......