|
| Domain Name Sales | Domain Software | Calculate UK Domain Drop Dates | Domain Registration | NameDrive | Domain Parking | Subscribe to our Domains For Sale newsletter |
|  | ||||||
| Home | Register | Rules | Membership Upgrade | Domains For Sale | Domain Name Escrow | Mark Forums Read | Domain Classified | Chat Room |
| Scripts and Coding PHP, MySQL, scripts |
 |
| | LinkBack | Thread Tools | Display Modes |
05-04-2009, 10:01:21 PM
| #1 (permalink) |
 | php validate csv upload to mysql
I've kind of got this working but I think I need to make it a lot more secure and have been looking on G the last few days but nothing that really helps. So far I have a form which allows a user to upload a csv file. It is checked that it has a csv extension and then that it is under a filesize limit. If so it is uploaded to a temp folder and the sql query to insert the contents into a table on the db is run. When running this query any items that are not a-zA-Z0-9 or . or - are replaced with a blank. The values are then trimmed for whitespace at the beginning and end. One issue that I'm having is that each line in the csv should have 4 values (ie. 3 commas) but if it only has 2 commas the data is screwed up when inserted. Also blank lines have an affect. Do you know of a simple way to check the format of each value and of each line either before copying to the temp folder or befor input to the db? Is checking the file extension adequate to prevent against malicious files? Also would be great to see if any row with the first value is already contained in the table and to ignore that row... Anyone have any idea about some of this... I'm stumped
__________________ Connect with me @ TW:LI:FB | MyWeb | D/L domains4sale | Morecambe London Student Forums Student Books UK promotions agencies |
|
|
06-04-2009, 12:35:34 AM
| #2 (permalink) |
| |
Checking the ext is pointless as I can rename any file.csv, at least test that the file is text not binary, and cleanse it. A quick fix method would be write a loop to check the data. Read one line at a time, ignore empty lines. Explode that data into an array, trim the array elements for white space, as a space will still fill an element. Test each element, to make sure 0-3 exist, then loop to the next line. Write The results either to the database or to a file. This isnt a nice way of doing it and I can think of 2-3 ways to check it, my regex sucks ass, but you could just regex each line to make sure it looks like it should, and discard code that doesnt look right, which is nicest code method, but you'd need someone good with regex.
__________________ Browse: |
|
|
|
06-04-2009, 05:15:53 AM
| #3 (permalink) |
| |
Thanks skinner, I have the thing looping and the codes working to insert but am still too novice to fully figure out the rest. Have put it out to tender on a programmer website, maybe someone will be able to tweak my code for $30!
__________________ Connect with me @ TW:LI:FB | MyWeb | D/L domains4sale | Morecambe London Student Forums Student Books UK promotions agencies |
|
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Domain Name Community | Replies | Last Post |
| PHP / MySQL data in a Smarty template | admin | Scripts and Coding | 0 | 21-03-2009 05:52:59 PM |
| PHP / MySQL Developer | admin | Services Wanted | 5 | 11-02-2009 10:41:40 AM |
| php mysql select query question | woopwoop | Scripts and Coding | 6 | 06-02-2009 02:03:49 AM |
Linear Mode
