Home/ Questions/Q 7730829
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T06:19:32+00:00

ok all I want to do is give the user a simple form where

  • 0

ok all I want to do is give the user a simple form where they can upload a CSV file which contains fares. The data should then upload into the database.

Here’s the code…

<?php
 require_once('includes/connection.php');
 if(isset($_POST['submit']))
   {
     $filename=$_POST['filename'];
     $handle = fopen("$filename", "r");
     while (($data = fgetcsv($handle, 100000, ",")) !== FALSE)
     {

       $import="INSERT into fares_usa(cruise_id, active, type, category, placement, deck, fare, offered, status, sortorder)          values('$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[7]','$data[8]','$data[9]')";
       mysql_query($import, $connection) or die(mysql_error());
     }
     fclose($handle);
     print "Import done";
   }
   else
   {

      print "<form enctype='multipart/form-data' action='fileupload.php' method='POST'>";
      print "Select file to import:";
      print "<input type='file' name='filename' size='20'>";
      print "<input type='submit' name='submit' value='submit'></form>";
   }
   ?>

Any help is greatly appreciated !

Thanks

Rich 🙂

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You seem to be using $_POST and not $_FILES

    <?php
 require_once('includes/connection.php');
 if(isset($_POST['submit']))
   {
     $filename=$_FILES['filename']['tmp_name'];
     $handle = fopen("$filename", "r");
     while (($data = fgetcsv($handle, 100000, ",")) !== FALSE)
     {

       $import="INSERT into fares_usa(cruise_id, active, type, category, placement, deck, fare, offered, status, sortorder) 
       values('".mysql_real_escape_string($data[0])."',
       '".mysql_real_escape_string($data[1])."',
       '".mysql_real_escape_string($data[2])."',
       '".mysql_real_escape_string($data[3])."',
       '".mysql_real_escape_string($data[4])."',
       '".mysql_real_escape_string($data[5])."',
       '".mysql_real_escape_string($data[6])."',
       '".mysql_real_escape_string($data[7])."',
       '".mysql_real_escape_string($data[8])."',
       '".mysql_real_escape_string($data[9])."')";
       mysql_query($import, $connection) or die(mysql_error());
     }
     fclose($handle);
     print "Import done";
   }
   else
   {

      print "<form enctype='multipart/form-data' action='fileupload.php' method='POST'>";
      print "Select file to import:";
      print "<input type='file' name='filename' size='20'>";
      print "<input type='submit' name='submit' value='submit'></form>";
   }
   ?>

    Also added mysql_real_escape_string to escape your input before adding it to the database. This is the bare minimum "cleaning" that you should be doing for user input.

    • 0