PHP插入PostgreSQL

4zcjmb1e 于 5个月前发布在 PostgreSQL

关注(0)|答案(4)|浏览(77)

所以这可能是一个非常愚蠢/基本的问题，但我有这个简单的PHP函数（它可以工作）并将数据插入PostgreSQL DB。
我的问题是当它遇到特定的数据时;

function insertData($pg, $csvfile)
      {
        $x = 0;
        foreach ($csvfile as $data)
        {
          $email = $csvfile[$x]['email'];
          $name = $csvfile[$x]['name'];
          $surname = $csvfile[$x]['surname'];
          $query = "INSERT INTO users (email, name, surname) VALUES ('$email', '$name', '$surname')";
          $result = pg_query($pg, $query);
          $x++;
        }
      }

字符串
虽然这是有效的，但它的福尔斯与姓氏有关，例如：
奥黑尔
很明显，这是因为PHP代码是这样的：
. VALUES（' email protected(https://stackoverflow.com/cdn-cgi/l/email-protection) '，'John'，'O'hare'）";
但是我不确定我应该如何构造PHP来实现这一点。

postgresql

来源：https://stackoverflow.com/questions/54651995/php-insert-into-postgresql

4条答案

按热度按时间

ve7v8dk21#

试试这个：

function insertData($pg, $csvfile) {
    $nbr = count(file($csvfile));   
    for($i=0; $i<$nbr; $i++) {
      $email = pg_escape_string( $csvfile[$i]['email'] );
      $name = pg_escape_string( $csvfile[$i]['name'] );
      $surname = pg_escape_string( $csvfile[$i]['surname'] );
      $query = "INSERT INTO users (email, name, surname) VALUES ('$email', '$name', '$surname')";
      $result = pg_query($pg, $query);
      if (!$result) {
        echo "Error while executing the query: " . $query;
        exit;
      }
    }
}

字符串

赞(0）回复(0）举报 5个月前

gk7wooem2#

你需要转义字符串参数。如果你能使用PDO扩展，那就更好了，因为prepared statements可以为你处理转义，也有助于防止SQL注入和其他一些安全问题。

function insertData(PDO $dbh, $csvfile) {
    $x = 0;
    foreach ($csvfile as $data)
    {
        $query = "INSERT INTO users (email, name, surname) VALUES (?, ?, ?)";
        $params = [
             $csvfile[$x]['email'],
             $csvfile[$x]['name'],
             $csvfile[$x]['surname']
        ];
        $statement = $pdo->prepare($query);
        $statement->execute($params);
        $x++;
    }
}

字符串

赞(0）回复(0）举报 5个月前

j5fpnvbx3#

使用预处理查询的解决方案

function insertData($dbname, $tbname, $csvfile)
{
  $result = [];
  // Connect to a database named "mary"
  $dbconn = pg_connect("dbname=$dbname");

  // Prepare a query for execution
  $result = pg_prepare($dbconn, "my_query", 'INSERT INTO $1 (email, name, surname) VALUES ($2, $3, $4)');

 // Execute the prepared query.  Note that it is not necessary to escape

  foreach ($csvfile as $data)
  {
    $email = $data['email'];
    $name = $data['name'];
    $surname = $data['surname'];
    $query = "";
    $result[] = pg_execute($dbconn, "my_query", array($tbname, $email, $name, $surname));
   }
  if (in_array(false, $result) )
     return false;
  else
     return true;
}
$dbname = "your dbname";
$tbname = "name of table";
$csvFile = [];
if (insertData($dbname, $tbname, $csvFile))
  echo "Data inserted";
else
   echo "Data not inserted";

字符串

赞(0）回复(0）举报 5个月前

6qftjkof4#

所以我注意到了来自@Karsten Koop和@TOH19的建议，并提出了这段代码，它正在工作;

function insertData($pg, $csvfile)
      {
        $x = 0;
        foreach ($csvfile as $data)
        {
          $email = pg_escape_string($csvfile[$x]['email']);
          $name = pg_escape_string($csvfile[$x]['name']);
          $surname = pg_escape_string($csvfile[$x]['surname']);
          $query = "INSERT INTO users (email, name, surname) VALUES ('".$email."', '".$name."', '".$surname."')";
          $result = pg_query($pg, $query);
          $x++;
        }
      }

字符串

赞(0）回复(0）举报 5个月前

我来回答

PHP插入PostgreSQL

4条答案

相关问题

热门标签

最新问答