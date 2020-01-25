Well, fopen is a good starting point. However I would look into
fgetcsv instead of
fread
PHP PDO Import CSV file into MySQL Database
What’s the difference? Better and more secure, I guess?
So, what about this?
<?php
$file = fopen("demo.csv","r");
print_r(fgetcsv($file));
fclose($file);
?>
I created another folder in my
htdocs directory(because I use XAMPP) so I can see what’s happening and it shows the following array:
Array ( [0] => Name [1] => Residential Address [2] => Mailing Address [3] => Precinct [4] => Age [5] => Ethnicity [6] => Gender [7] => Party [8] => Race [9] => Phone )
I would probably start with parsing CSV, but only because I like working with data more than the file system. But yes, that’s a good place to start. It can take some guesswork to not paint yourself into a corner, but learning how to work with files is a worthwhile skill no matter how far things go.
EDIT
I don’t know what you did, but anyway
https://www.php.net/manual/en/function.fread.php
fread ( resource $handle , int $length ) : string
https://www.php.net/manual/en/function.fgetcsv.php
fgetcsv ( resource $handle [, int $length = 0 [, string $delimiter = "," [, string $enclosure = '"' [, string $escape = "\\" ]]]] ) : array
One returns a string, the other an array. True, you could parse the string into an array. But why when you can get the array directly?
You make a good point there. Okay, so I use
fgetcsv, but why isn’t my data returning in the array? It only shows the header row?
I guess we would need to see the code involved with that “other folder”. I usually start with everything in one file at first and move portions out later. You don’t need to also do this, it works for me for my “pre-alpha” beginning code.
My guess would be the array isn’t being looped through for some reason, maybe choking on an unrecognized line terminator.
I use XAMPP to host my application locally. Because I use XAMPP, there is a folder called
htdocs that basically acts like an Apache server.
So, inside the
htdocs folder, I have another folder called
csv where I am making the csv import to make sure I understand the code as I work through it.
Inside the
csv folder, I have the
demo.csv file and the
index.php file which looks like this:
<!DOCTYPE html>
<html>
<body>
<?php
$file = fopen("demo.csv","r");
print_r(fgetcsv($file));
fclose($file);
?>
</body>
</html>
The output of the
index.php file is this:
And I have a row of data in the csv file that isn’t shown in the array. Do I need a
while or
foreach loop in here?
Yes
You know that if you follow the link that @Mittineague posted in post #29, that goes to the PHP documentation for the
fgetcsv() function which contains some sample code that shows you exactly what you need to do to read through the entire file?
Are the array indexes the same as the table columns?
Also add more user data, say ten users.
What about this?
<?php
$file = fopen("demo.csv","r");
while(! feof($file))
{
print_r(fgetcsv($file));
}
fclose($file);
?>
I get this array as an output:
Array ( [0] => Name [1] => Residential Address [2] => Mailing Address [3] => Precinct [4] => Age [5] => Ethnicity [6] => Gender [7] => Party [8] => Race [9] => Phone ) Array ( [0] => MYRTLE, JEREMY ALLEN [1] => 1234 ALEXANDER BLVD. RICHMOND, VA 39568 [2] => 1234 ALEXANDER BLVD. RICHMOND, VA 39568 [3] => 02-03 [4] => 22 [5] => NL [6] => M [7] => REP [8] => W [9] => 123-456-7890 )
It’s a good start. I’d change it a little bit:
<?php
$file = fopen("demo.csv","r");
// Read and throw away the header row
fgetcsv($file);
while (! feof($file)) {
print_r(fgetcsv($file));
}
fclose($file);
So now the next step is to create a query for each row
Would this work?
$stmt = $pdo->prepare("INSERT INTO members (name, residential_address, mailing_address, precinct, age, ethnicity, gender, party, race, phone) VALUES (:name, :residential_address, :mailing_address, :precinct, :age, :ethnicity, :gender, :party, :race, :phone)");
$stmt->execute();
You need to pass values to
execute()
… or use
bindParam(). And don’t forget you can
prepare() before the loop (and
bindParam() if you go that way) and
execute() inside the loop.
What value would that be? I don’t think I’ve ever had to do that before… what typically goes there?
I’ve heard that
bindParam is very useful in preventing SQL Injection. Is this true?
The concept of prepared statements, of which
bindParam is a part, can help in that regard, yes. It also helps by not making you do all the work if your data might contain quotes, for example.
The values that you want to insert in place of all the parameters that you put into your query.
Well, I know I have to perform a
bindParam() for
:name, :residential_address, :mailing_address, :precinct, :age, :ethnicity, :gender, :party, :race, :phone, but what goes in
execute()?
For example, if I load my user edit api from a different file, I have it coded like this:
// Update
$stmt = $pdo->prepare("UPDATE users SET role_id = :role_id, first_name = :first_name, last_name = :last_name, email = :email, username = :username, status = :status WHERE id = :id");
$stmt->bindParam(':role_id', $role_id);
$stmt->bindParam(':first_name', $first_name);
$stmt->bindParam(':last_name', $last_name);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':username', $username);
$stmt->bindParam(':status', $status);
$stmt->bindParam(':id', $id);
// Update User Info
if(isset($_POST['btn_save'])) {
$role_id = $_POST["role_id"];
$first_name = $_POST["first_name"];
$last_name = $_POST["last_name"];
$email = $_POST["email"];
$username = $_POST["username"];
$status = $_POST["status"];
$id = $_POST["id"];
$stmt->execute();
header('Location: ../../users.php');
}
So, obviously, I’m binding the parameters in the statement to the variable that is created later when the user clicks the
Save button, but notice
execute() is blank…
You can use
bindParam() as in your code, or you can specify an array of values in execute:
$stmt->execute(array("role_id"=>1, "first_name"=>"Hugh"));
and so on. Obviously it’d be easier for you to build your array separately with the correct index names.
But seriously,
execute() has full documentation that you can read, links provided further up the thread.
So it’s easier to use this:
$stmt->execute(array("role_id"=>1, "first_name"=>"Hugh"));
rather than this?
$stmt = $pdo->prepare("UPDATE users SET role_id = :role_id, first_name = :first_name, last_name = :last_name, email = :email, username = :username, status = :status WHERE id = :id");
$stmt->bindParam(':role_id', $role_id);
$stmt->bindParam(':first_name', $first_name);
$stmt->bindParam(':last_name', $last_name);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':username', $username);
$stmt->bindParam(':status', $status);
$stmt->bindParam(':id', $id);
Well, it is a lot less typing