Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Daily Diamond

php validate csv upload to mysql

Status
Not open for further replies.
woopwoop

woopwoop

Joined
Jan 19, 2007
Posts
2,208
Reaction score
47
I've kind of got this working but I think I need to make it a lot more secure and have been looking on G the last few days but nothing that really helps.

So far I have a form which allows a user to upload a csv file.
It is checked that it has a csv extension and then that it is under a filesize limit.

If so it is uploaded to a temp folder and the sql query to insert the contents into a table on the db is run.


When running this query any items that are not a-zA-Z0-9 or . or - are replaced with a blank. The values are then trimmed for whitespace at the beginning and end.

One issue that I'm having is that each line in the csv should have 4 values (ie. 3 commas) but if it only has 2 commas the data is screwed up when inserted.

Also blank lines have an affect.

Do you know of a simple way to check the format of each value and of each line either before copying to the temp folder or befor input to the db?

Is checking the file extension adequate to prevent against malicious files?

Also would be great to see if any row with the first value is already contained in the table and to ignore that row...

Anyone have any idea about some of this... I'm stumped
 
Domain Summit 2024
Checking the ext is pointless as I can rename any file.csv, at least test that the file is text not binary, and cleanse it.

A quick fix method would be write a loop to check the data.

Read one line at a time, ignore empty lines.

Explode that data into an array, trim the array elements for white space, as a space will still fill an element.

Test each element, to make sure 0-3 exist, then loop to the next line.

Write The results either to the database or to a file.

This isnt a nice way of doing it and I can think of 2-3 ways to check it, my regex sucks ass, but you could just regex each line to make sure it looks like it should, and discard code that doesnt look right, which is nicest code method, but you'd need someone good with regex.
 
Thanks skinner, I have the thing looping and the codes working to insert but am still too novice to fully figure out the rest. Have put it out to tender on a programmer website, maybe someone will be able to tweak my code for $30!
 
Status
Not open for further replies.

Similar threads

Transcom ISP
CSV Bulk Upload added
Replies
0
Views
156
Transcom ISP
Transcom ISP
Acorn Newsbot
UK public sector protected from up to £223 million annual loss by PDNS cyber security solution
Replies
0
Views
477
Acorn Newsbot
Acorn Newsbot
Acorn Newsbot
Integrating Nominet NTXsecure into your technical environment
Replies
0
Views
426
Acorn Newsbot
Acorn Newsbot
Acorn Newsbot
Nominet invests in the nation’s digital talent to address digital skills gap
Replies
0
Views
332
Acorn Newsbot
Acorn Newsbot
woopwoop
  • Locked
php/mysql bulk convert (1) date and (2) md5 passwords
Replies
8
Views
2K
alex
alex

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 260 (members: 9, guests: 251)

Featured Services

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel

Latest Comments

Spread the Word!

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Service
Laskos
*the exceptional businesses of our esteemed moderators
Top Bottom