csv - Prevent PHP from attempting to perform mathematical calculations on a string -
so i'm using php take contents of csv file, put string array , use sql add database on ibm iseries.
however php keeps trying treat contents of string (which contains special characters "*" , "-") mathematical computation.
how prevent this?
here code in question
if (($handle = fopen($_files['uploadcsv']['tmp_name'], "r")) !== false) { while (($data = fgetcsv($handle, 1000, ",")) !== false) { $length = count($data); $s_data = implode(',', $data); if($length > $maxcol) { // echo $length; // die; $uploadmsg = "data error: not ($maxcol) columns: ($s_data) <br>"; } else { if($data[0] <> '') { $recda[0] = trim($data[0]); // qty = 1 roll // prepare sql statement (possibly faster, safer, better practice) $insertsql = "insert mikelib/pallets (pallet) values($recda[0]) nc"; $stmt = db2_prepare($db2conn, $insertsql); //$result = db2_exec($db2conn, "insert file ...$data[0]" $result = db2_execute($stmt, $data[0]); if(!$result) { $uploadmsg .= "result code: " . $result . "data error: " . db2_stmt_error() . " msg: " . db2_stmt_errormsg() . "data: ($s_data)<br>"; } else { $s_data = implode(',', $recda); $uploadmsg .= "added row ($s_data)<br>"; } } } } fclose($handle); } here example output of error "result code: data error: 42604 msg: numeric constant 5d09c not valid. sqlcode=-103data: (a2501-0044*970*5d09c*034)"
actually, it's database parsing data math.
take @ line:
$insertsql = "insert mikelib/pallets (pallet) values($recda[0]) nc"; $stmt = db2_prepare($db2conn, $insertsql); you're putting values directly query, if query has math, or invalid symbols, it'll break query.
what should is:
$insertsql = "insert `mikelib/pallets` (pallet) values(?) nc"; $stmt = db2_prepare($db2conn, $insertsql); $recda0 = $recda[0]; db2_bind_param($stmt, 1, "recda0", db2_param_in); that way, there's nothing in $recda[0] break query, or parsed part of query.
Comments
Post a Comment