I have faced a problem whenever exporting a CSV file with PHP. I have a MYSQL query like
SELECT `interest_id`,`interest_name`,`interested_user_id` FROM `interest_list` WHERE `interest_name` LIKE '%fashion%'
But whenever I am trying to export one PHP file by making use of the above MySQL Query then my query is turning to
SELECT `interest_id`,`interest_name`,`interested_user_id` FROM `interest_list` WHERE `interest_name` LIKE 'úshion%'
SO that it returns no record.
Please tell me how can I solve the issue.
In the export file, I have written the code like:
header('Content-Type: text/csv; charset=utf-8');
header('Content-Disposition: attachment; filename=data.csv');
$output = fopen('php://output', 'w');
//executed code
fputcsv($output, $blankArray);
Now please help me.
Actually, I make the query in one file like:
$search_sql = "SELECT `interest_id`,`interest_name`,`interested_user_id` FROM `interest_list`";
if(isset($_REQUEST['search_user_btn'])){
if($_REQUEST['search_intr'] != '')
$search_sql .= " WHERE `interest_name` LIKE '%".$_REQUEST['search_intr']."%' ";
}
Then in the same file I write like:
<a href="export.php?report=interest&qur=<?php echo $search_sql; ?>"><button>Export to CSV</button></a>
Finally In the export.php
header('Content-Type: text/csv; charset=utf-8');
header('Content-Disposition: attachment; filename=data.csv');
$output = fopen('php://output', 'w');
I am trying to get the value of $_REQUEST[‘qur’]. But unable to get the original value of $_REQUEST[‘qur’].
I think Now it is making sense.
Please help….
You can’t insert random strings in a URL because there’re some characters that have a special meaning in URLs. In PHP, you can encode the value of a URL parameter with rawurlencode(). Similarly, you can’t insert random characters in a HTML string for the same reason.
Whatever, passing SQL in the URL is call to get hacked.