Membership is FREE, giving all registered users unlimited access to every Acorn Domains feature, resource, and tool! Optional membership upgrades unlock exclusive benefits like profile signatures with links, banner placements, appearances in the weekly newsletter, and much more - customized to your membership level!
Sedo - GreatDomains Auction - February 20-27

php validate csv upload to mysql

Status
Not open for further replies.
woopwoop

woopwoop

Joined
Jan 19, 2007
Posts
2,207
Reaction score
47
I've kind of got this working but I think I need to make it a lot more secure and have been looking on G the last few days but nothing that really helps.

So far I have a form which allows a user to upload a csv file.
It is checked that it has a csv extension and then that it is under a filesize limit.

If so it is uploaded to a temp folder and the sql query to insert the contents into a table on the db is run.


When running this query any items that are not a-zA-Z0-9 or . or - are replaced with a blank. The values are then trimmed for whitespace at the beginning and end.

One issue that I'm having is that each line in the csv should have 4 values (ie. 3 commas) but if it only has 2 commas the data is screwed up when inserted.

Also blank lines have an affect.

Do you know of a simple way to check the format of each value and of each line either before copying to the temp folder or befor input to the db?

Is checking the file extension adequate to prevent against malicious files?

Also would be great to see if any row with the first value is already contained in the table and to ignore that row...

Anyone have any idea about some of this... I'm stumped
 
Checking the ext is pointless as I can rename any file.csv, at least test that the file is text not binary, and cleanse it.

A quick fix method would be write a loop to check the data.

Read one line at a time, ignore empty lines.

Explode that data into an array, trim the array elements for white space, as a space will still fill an element.

Test each element, to make sure 0-3 exist, then loop to the next line.

Write The results either to the database or to a file.

This isnt a nice way of doing it and I can think of 2-3 ways to check it, my regex sucks ass, but you could just regex each line to make sure it looks like it should, and discard code that doesnt look right, which is nicest code method, but you'd need someone good with regex.
 
Thanks skinner, I have the thing looping and the codes working to insert but am still too novice to fully figure out the rest. Have put it out to tender on a programmer website, maybe someone will be able to tweak my code for $30!
 
Status
Not open for further replies.

Similar threads

Transcom ISP
Transcom.uk CSV Bulk Upload added
Replies
0
Views
425
Transcom ISP
Transcom ISP
it.com
it.com How to Optimize Information Displayed about a Website in Google Search Results
Replies
0
Views
226
it.com
it.com
it.com
it.com DNS Abuse: Types and Countermeasures
Replies
0
Views
175
it.com
it.com
Acorn Newsbot
UK public sector protected from up to £223 million annual loss by PDNS cyber security solution
Replies
0
Views
633
Acorn Newsbot
Acorn Newsbot
Acorn Newsbot
Integrating Nominet NTXsecure into your technical environment
Replies
0
Views
649
Acorn Newsbot
Acorn Newsbot

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

No members online now.
Total: 2,995 (members: 1, guests: 2,994)
IT.com

Premium Members

Sedo
Aucdom Auctions
dot Hiphop

Latest Comments

Upcoming events

New Threads

Domain Forum Friends

DNForum
ConsultDomain.de
Domaineforum.fr
Domainforum.ro
DN.ca
DomainFragen.de
Inforum.in

Our Mods' Businesses

DomainUI Mod
*the exceptional businesses of our esteemed moderators
DDCamp Alsace Domain name conference - March 21, 2025 - Strasbourg (France)
General chit-chat
Help Users
  • No one is chatting at the moment.
      There are no messages in the current room.
      Top Bottom