PHP插入PostgreSQL

4zcjmb1e  于 2024-01-07  发布在  PostgreSQL
关注(0)|答案(4)|浏览(166)

所以这可能是一个非常愚蠢/基本的问题,但我有这个简单的PHP函数(它可以工作)并将数据插入PostgreSQL DB。
我的问题是当它遇到特定的数据时;

function insertData($pg, $csvfile)
      {
        $x = 0;
        foreach ($csvfile as $data)
        {
          $email = $csvfile[$x]['email'];
          $name = $csvfile[$x]['name'];
          $surname = $csvfile[$x]['surname'];
          $query = "INSERT INTO users (email, name, surname) VALUES ('$email', '$name', '$surname')";
          $result = pg_query($pg, $query);
          $x++;
        }
      }

字符串
虽然这是有效的,但它的福尔斯与姓氏有关,例如:
奥黑尔
很明显,这是因为PHP代码是这样的:
. VALUES(' email protected(https://stackoverflow.com/cdn-cgi/l/email-protection) ','John','O'hare')";
但是我不确定我应该如何构造PHP来实现这一点。

postgresql

4条答案

按热度按时间
ve7v8dk2

ve7v8dk21#

试试这个:

function insertData($pg, $csvfile) {
    $nbr = count(file($csvfile));   
    for($i=0; $i<$nbr; $i++) {
      $email = pg_escape_string( $csvfile[$i]['email'] );
      $name = pg_escape_string( $csvfile[$i]['name'] );
      $surname = pg_escape_string( $csvfile[$i]['surname'] );
      $query = "INSERT INTO users (email, name, surname) VALUES ('$email', '$name', '$surname')";
      $result = pg_query($pg, $query);
      if (!$result) {
        echo "Error while executing the query: " . $query;
        exit;
      }
    }
}

字符串

赞(0)分享  回复(0)举报  2024-01-07
gk7wooem

gk7wooem2#

你需要转义字符串参数。如果你能使用PDO扩展,那就更好了,因为prepared statements可以为你处理转义,也有助于防止SQL注入和其他一些安全问题。

function insertData(PDO $dbh, $csvfile) {
    $x = 0;
    foreach ($csvfile as $data)
    {
        $query = "INSERT INTO users (email, name, surname) VALUES (?, ?, ?)";
        $params = [
             $csvfile[$x]['email'],
             $csvfile[$x]['name'],
             $csvfile[$x]['surname']
        ];
        $statement = $pdo->prepare($query);
        $statement->execute($params);
        $x++;
    }
}

字符串

赞(0)分享  回复(0)举报  2024-01-07
j5fpnvbx

j5fpnvbx3#

使用预处理查询的解决方案

function insertData($dbname, $tbname, $csvfile)
{
  $result = [];
  // Connect to a database named "mary"
  $dbconn = pg_connect("dbname=$dbname");

  // Prepare a query for execution
  $result = pg_prepare($dbconn, "my_query", 'INSERT INTO $1 (email, name, surname) VALUES ($2, $3, $4)');

 // Execute the prepared query.  Note that it is not necessary to escape

  foreach ($csvfile as $data)
  {
    $email = $data['email'];
    $name = $data['name'];
    $surname = $data['surname'];
    $query = "";
    $result[] = pg_execute($dbconn, "my_query", array($tbname, $email, $name, $surname));
   }
  if (in_array(false, $result) )
     return false;
  else
     return true;
}
$dbname = "your dbname";
$tbname = "name of table";
$csvFile = [];
if (insertData($dbname, $tbname, $csvFile))
  echo "Data inserted";
else
   echo "Data not inserted";

字符串

赞(0)分享  回复(0)举报  2024-01-07
6qftjkof

6qftjkof4#

所以我注意到了来自@Karsten Koop和@TOH19的建议,并提出了这段代码,它正在工作;

function insertData($pg, $csvfile)
      {
        $x = 0;
        foreach ($csvfile as $data)
        {
          $email = pg_escape_string($csvfile[$x]['email']);
          $name = pg_escape_string($csvfile[$x]['name']);
          $surname = pg_escape_string($csvfile[$x]['surname']);
          $query = "INSERT INTO users (email, name, surname) VALUES ('".$email."', '".$name."', '".$surname."')";
          $result = pg_query($pg, $query);
          $x++;
        }
      }

字符串

赞(0)分享  回复(0)举报  2024-01-07
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com