Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by David Palmer
David Palmer
48 Points

Run PHP Script for each row in csv

Hello guys.

Hope everyone is well and safe.

I am currently having an issue with a build I am doing. I have a PHP file to upload csv data into mysql.

What I need help with is how to run a command for each of the lines of data.

I have the csv upload page working and correct, the next step is to generate a pdf document using FPDF (<This also works correctly). What I need to do is read all the lines of data from the csv, get the id from sql and then run the FPDF command line.

Below is my csv upload php script;

<?php if(isset($_POST["Import"])){

$filename=$_FILES["file"]["tmp_name"];    
 if($_FILES["file"]["size"] > 0)
 {
    $file = fopen($filename, "r");
      while (($getData = fgetcsv($file, 10000, ",")) !== FALSE)
       {
          require('../config.php');
            $conn = new mysqli(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
                  if ($conn->connect_error) {
                      die("Database connection failed: " . $conn->connect_error);
                  }
         $sql = "INSERT INTO `cases` (`case_id`, `clt_title`, `clt_first`, `clt_last`, `clt_add`, `clt_add2`, `clt_add3`, `clt_town`, `clt_county`, `clt_postcode`, `clt_ni`, `clt_dob`, `clt_tel`, `clt_email`, `case_type`, `case_cost`, `case_premium`, `case_term`, `case_source`, `case_drawdown`, `case_redemption`, `case_status`, `case_claim`, `case_incident`, `opp_name`, `opp_add`, `opp_add2`, `opp_add3`, `opp_town`, `opp_county`, `opp_post`, `sol_id`, `sol_ref`, `fund_id`, `invest_id`, `loan_balance`, `prem_charge`, `prem_start`, `up_prem`, `def_prem`, `capcov_prem`, `case_owner`, `received`)
               values ('".$getData[0]."',   '".$getData[1]."',  '".$getData[2]."',  '".$getData[3]."',  '".$getData[4]."',  '".$getData[5]."',  '".$getData[6]."',  '".$getData[7]."',  '".$getData[8]."',  '".$getData[9]."',  '".$getData[10]."', '".$getData[11]."', '".$getData[12]."', '".$getData[13]."', '".$getData[14]."', '".$getData[15]."', '".$getData[16]."', '".$getData[17]."', '".$getData[18]."', '".$getData[19]."', '".$getData[20]."', '".$getData[21]."', '".$getData[22]."', '".$getData[23]."', '".$getData[24]."', '".$getData[25]."', '".$getData[26]."', '".$getData[27]."', '".$getData[28]."', '".$getData[29]."', '".$getData[30]."', '".$getData[31]."', '".$getData[32]."', '".$getData[33]."', '".$getData[34]."', '".$getData[35]."', '".$getData[36]."', '".$getData[37]."', '".$getData[38]."', '".$getData[39]."', '".$getData[40]."', '".$getData[41]."', '".$getData[42]."')";

               $result = mysqli_query($conn, $sql);
    if(!isset($result))
    {
        // Echo Result;
      echo "<script type=\"text/javascript\">
          alert(\"Error.\");
          window.location = \"../../admin/cases.php?ct=%\"
          </script>";    
    }

    else {  
            //http://portal.woodville-consultants.co.uk/assets/documents/generatedocs/abof%20%60case_type%60.php?bon=7      

        //echo "<script type=\"text/javascript\">
        //alert(\"CSV File has been successfully Imported.\");
        //window.location = \"../../admin/cases.php?ct=%\"
        //</script>";

        header("Location: https://portal.woodville-consultants.co.uk/admin/cases.php?ct=%");
        die();
    }
       }

       fclose($file);  
 }

}
?>

Thank you for any assistance.

Cheers

1 Answer

Jennifer Nordell
seal-mask
STAFF
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher
Jennifer Nordell
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher

Hi there, David Palmer! First, I would suggest watching at least the second stage of File Handling with PHP. This will show you how to read in CSV as rows and perform the operation on each row.

However, I also want to point out a couple of things. Looking at the code you have now, I don't see any filtering of the input which could create a security nightmare for you. Right now, it looks like you're reading in the CSV and just doing an INSERT of the data found on the row. This has the potential to allow malicious users of the site to upload a CSV and execute a SQL injection that way.

Secondly, I hope that the ids that you are providing are not autoincrementing ids that may be publicly exposed later. This also has its own set of security concerns because it means that malicious users could easily iterate over the database and download everything.

Hope this helps! :sparkles: