使用 PHP 将 CSV 上传到 MySQL 表 - 忽略 CSV 中的标题

Question

我正在使用以下方法将 CSV 上传到 MYSQL 数据库中的表中。

问题：如何绕过第一个字段？ - 就像忽略标题一样 - 当前保存在我的表中？

代码：

<?php

 /********************************/
 /* Code at http://legend.ws/blog/tips-tricks/csv-php-mysql-import/
 /* Edit the entries below to reflect the appropriate values
 /********************************/
$databasehost = "localhost";
$databasename = "test";
$databasetable = "sample";
$databaseusername ="test";
$databasepassword = "";
$fieldseparator = ",";
$lineseparator = "\n";
 $csvfile = "filename.csv";
/********************************/
/* Would you like to add an ampty field at the beginning of these records?
/* This is useful if you have a table with the first field being an auto_increment integer
/* and the csv file does not have such as empty field before the records.
/* Set 1 for yes and 0 for no. ATTENTION: don't set to 1 if you are not sure.
/* This can dump data in the wrong fields if this extra field does not exist in the table
/********************************/
$addauto = 0;
/********************************/
/* Would you like to save the mysql queries in a file? If yes set $save to 1.
/* Permission on the file should be set to 777. Either upload a sample file through ftp and
/* change the permissions, or execute at the prompt: touch output.sql && chmod 777 output.sql
/********************************/
$save = 1;
$outputfile = "output.sql";
/********************************/


 if(!file_exists($csvfile)) {
echo "File not found. Make sure you specified the correct path.\n";
exit;
 }

$file = fopen($csvfile,"r");

if(!$file) {
echo "Error opening data file.\n";
exit;
 }

 $size = filesize($csvfile);

 if(!$size) {
echo "File is empty.\n";
exit;
 }

 $csvcontent = fread($file,$size);

 fclose($file);

 $con = @mysql_connect($databasehost,$databaseusername,$databasepassword) or die(mysql_error());
 @mysql_select_db($databasename) or die(mysql_error());

 $lines = 0;
 $queries = "";
 $linearray = array();

 foreach(split($lineseparator,$csvcontent) as $line) {

$lines++;

$line = trim($line," \t");

$line = str_replace("\r","",$line);

/************************************
This line escapes the special character. remove it if entries are already escaped in the csv file
************************************/
$line = str_replace("'","\'",$line);
/*************************************/

$linearray = explode($fieldseparator,$line);

$linemysql = implode("','",$linearray);

if($addauto)
    $query = "insert into $databasetable values('','$linemysql');";
else
    $query = "insert into $databasetable values('$linemysql');";

$queries .= $query . "\n";

@mysql_query($query);
 }

 @mysql_close($con);

 if($save) {

if(!is_writable($outputfile)) {
    echo "File is not writable, check permissions.\n";
}

else {
    $file2 = fopen($outputfile,"w");

    if(!$file2) {
        echo "Error writing to the output file.\n";
    }
    else {
        fwrite($file2,$queries);
        fclose($file2);
    }
}

 }

  echo "Found a total of $lines records in this csv file.\n";


   ?>

Answer 1

上周我也做了同样的事情。请参考此代码。可能对你有帮助。

if (isset($_POST['submit'])) {
    //Path of Uploading file
    $target = "upload_files/results/";
    $filename = $_FILES['upload_result']['name'];
    if(file_exists($target.$filename)) {
    unlink($target.$filename);
}
    move_uploaded_file($_FILES['upload_result']['tmp_name'], $target.$filename);
//Store the Detail into the Master table...[class_master]
    $new_master = mysql_query("INSERT INTO result_master(classname,sectionname,examname,filename) Values('$class','$section','$examname','$filename')");

    $filename1 = explode(".",$filename);
    $file = preg_replace("/[^a-zA-Z0-9]+/", "", $filename1[0]);
    // get structure from csv and insert db
    ini_set('auto_detect_line_endings',TRUE);
    $handle = fopen($target.$filename,'r');
    // first row, structure
    if ( ($data = fgetcsv($handle) ) === FALSE ) {
        echo "Cannot read from csv $file";die();
    }
    $fields = array();
    $field_count = 0;
    for($i=0;$i<count($data); $i++) {

    $f = trim($data[$i]);

    if ($f) {
    // normalize the field name, strip to 20 chars if too long
    $f = substr(preg_replace ('/[^0-9a-z]/', '_', $f), 0, 20);
    $field_count++;
    $fields[] = $f.' VARCHAR(50)';
    }
    }
    $drop = mysql_query("Drop table IF EXISTS $file;");

    $sql = "CREATE TABLE $file (" . implode(', ', $fields) . ')';
    echo $sql . "<br /><br />";
    $db = mysql_query($sql);
    while ( ($data = fgetcsv($handle) ) !== FALSE ) {
    $fields = array();
    for($i=0;$i<$field_count; $i++) {
        $fields[] = '\''.addslashes($data[$i]).'\'';
    }
    $sql = "Insert into $file values(" . implode(', ', $fields) . ')';
    echo $sql; 
    $db = mysql_query($sql);
    }

    fclose($handle);
    ini_set('auto_detect_line_endings',FALSE);
    }

Answer 2

您要么假设总是有一个标题，要么假设任何标题都会被某个字符注释，我将首先向您展示。您只需将插入行包装在条件块中即可进行检查。

if( $lines != 0 ) // or $linemysql[0][0] == '#' (assuming # is a "comment")
{
  if($addauto)
      $query = "insert into $databasetable values('','$linemysql');";
  else
      $query = "insert into $databasetable values('$linemysql');";
}

话虽如此，请！永远不要使用您在任何面向互联网的应用程序中发布的代码，您将用户提供的数据直接放入数据库中，因此制作包含 SQL 注入攻击的 csv 文件并更改您的 mysql 密码、窃取您的数据是微不足道的，杀死你的猫或删除一切。您还应该检查字段数等，如果 csv 包含没有正确字段数的行会怎样？

阅读http://en.wikipedia.org/wiki/SQL_injection 还有http://php.net/PDO

Answer 3

使用此代码删除 csv 文件中的标头并上传数据库中的数据：

$header= 1;
if (($handle = fopen("data.csv", "r")) !== FALSE) {
    while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
        if($header== 1)
        {
            $header++;
            continue;
        }
//do your code here saving into the database
    }
    fclose($handle);
}