【发布时间】:2014-03-21 12:24:50
【问题描述】:
<?php
//connection to database
include("sql/connect2DB.php");
if (isset($_POST['submit'])) {
if (is_uploaded_file($_FILES['filename']['tmp_name'])) {
echo "<h1>" . "File ". $_FILES['filename']['name'] ." uploaded successfully." . "</h1>";
echo "<h2>Displaying contents:</h2>";
readfile($_FILES['filename']['tmp_name']);
}
//Import uploaded file to Database
$handle = fopen($_FILES['filename']['tmp_name'], "r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$import="INSERT into user(username,password, user_type) values('$data[0]','$data[1]', '$data[2]')";
mysql_query($import) or die(mysql_error());
}
fclose($handle);
print "Import done";
//view upload form
}
else {
print "Upload new csv by browsing to file and clicking on Upload<br />\n";
print "<form enctype='multipart/form-data' action='test.php' method='post'>";
print "File name to import:<br />\n";
print "<input size='50' type='file' name='filename'><br />\n";
print "<input type='submit' name='submit' value='Upload'></form>";
}
?>
【问题讨论】:
-
该死,是的,什么会产生错误“未选择数据库”..让我考虑一下..嗯..
-
危险:您使用的是an obsolete database API,应该使用modern replacement。您也容易受到SQL injection attacks的影响,现代 API 可以让您更轻松地从 defend 中获得。
-
...更不用说您忘记在问题中包含连接代码了。