我的主机只是贬低了mysql连接,转而支持mysqli
这个特殊的脚本是一个例子,但在我尝试过渡到Mysqli之前工作得很好。不幸的是,我从另一个职位安排的PHP编程4年,并没有看了很长一段时间。所以请温柔: - )
我能够连接到数据库,但输出如下所示: 错误:INSERT INTO文章(名称,参考)VALUES('','')
我必须对$ data变量做错了,但是因为它适用于以前的版本而没有线索。
我感谢任何帮助
<?php
ini_set('auto_detect_line_endings',TRUE);
function clean($str, $default = '') {
if (!isset($str)) $str = $default;
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$host_name = "some host";
$database = "some database";
$user_name = "someusername";
$password = "some password";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
if (mysqli_connect_errno()){ echo "Failed to connect to MySQL: " . mysqli_connect_error(); } else {echo 'connected to DB<br />';}
$lines = $value1 = $value2 = $data = 0;
if ($_FILES["csv"]["size"] > 0) {
//get the csv file
$file = $_FILES["csv"]["tmp_name"];
$handle = fopen($file,"r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
if ($data[0]) {
$sql = "INSERT INTO articles (name, reference) VALUES ('".clean($data[0])."','".clean($data[1])."')";
if (mysqli_query($conn, $sql)) { } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); }
$lines++;
}
}
header('Location: <?php echo $_SERVER["PHP_SELF"]; ?>?success=1&lines='.$lines.''); die;
}
if ( isset($_GET['success']) )
{
$success = $_GET['success'];
$lines = $_GET['lines'];
} else {
$success = 0;
}
mysqli_close($conn);
if ($success != 0 ) {
echo "<b>Your file has been imported.</b><br>";
echo "Found a total of ".$lines." records in this csv file.<br />";
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1">
Choose your file: <br />
<input name="csv" type="file" id="csv" />
<input type="submit" name="Submit" value="Submit" />
</form>
答案 0 :(得分:0)
问题出在clean函数中,最后一行:
function clean($str, $default = '') {
if (!isset($str)) $str = $default;
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
由于您没有mysql_*连接,mysql_real_escape_string将返回false,后者将转换为空字符串。您应该使用mysqli的正确函数,但准备好的语句会更好,那么您不必清理任何东西。除了定期验证课程外。
请注意,如果您选择使用转义功能,则需要根据需要将数据库连接作为参数发送到您的函数:
function clean($db, $str, $default = '') {
...
return mysqli_real_escape_string($db, $str);
}
答案 1 :(得分:0)
现在效果很好......感谢您的帮助
<?php
ini_set('auto_detect_line_endings',TRUE);
function clean($link, $str, $default ='') {
if (!isset($str)) $str = $default;
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysqli_real_escape_string($link, $str);
}
$host_name = "somehost";
$database = "somedb";
$user_name = "someusername";
$password = "somepassword";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {}
if (isset($_GET['success'])) {
$success = $_GET['success'];
$lines = $_GET['lines'];
} else {
$success = 0;
}
if ($success != 0 ) {
echo "<b>Your file has been imported.</b><br>";
echo "Found a total of ".$lines." records in this csv file.<br />";
}
$lines = $value1 = $value2 = $data = 0;
if ($_FILES["csv"]["size"] > 0) {
//get the csv file
$file = $_FILES["csv"]["tmp_name"];
$handle = fopen($file,"r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
//print_r($data).'<br />';
if ($data[0]) {
$sql = "INSERT INTO `articles` (`name`, `reference`) VALUES ('".clean($connect, $data[0])."','".clean($connect, $data[1])."')";
//echo $sql.'<br />';
if (mysqli_query($connect, $sql)) { } else { echo "Error: " . $sql . "<br>" . mysqli_error($connect); }
$lines++;
}
}
header('Location: index.php?success=1&lines='.$lines.'');die;
}
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1">
Choose your file: <br />
<input name="csv" type="file" id="csv" />
<input type="submit" name="Submit" value="Submit" />
</form>