Now I'm working on a script to upload a .csv file and insert it into the database.
All seemed well until we get to the insert command, but it comes up with a strange error and I can't figure out what if wrong with the line. I echo'ed out all the variables and they matched up, so the problem is with the INSERT command, but it's exactly the same as the first script you guys helped on.
I'll post all code just in-case.
Here is the error-
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(account_number, contactid, organization_title, account_name, organizationDBA, n' at line 1
The next one should be network_representative. Why is is cutting it off like that?
$table_name="users";
function is_valid_email_address($email)
{
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return false;
return true;
}
function is_valid_username($contactid)
{
if (!ereg("^[A-Za-z0-9._]{3,32}$", $contactid))
return false;
return true;
}
function check_bulk_user_upload($contactid)
{
include('config.php');
$query = "SELECT contactid from $table_name WHERE contactid='$contactid'";
$results = mysql_query($query);
if ($db->num_rows)
return true;
return false;
}
function process_user_csv($filename, $delim =",")
{
include "dbconfig.php";
$f = fopen($filename, "r");
$size = filesize($filename)+1;
$count = 0;
while ($data = fgetcsv($f, $size, $delim))
{
$contactid = $data[1];
if (check_bulk_user_upload($contactid) == true)
{
echo "<span class=\"error\">Error: User '$data[1]' already exists</span><br>\n";
}
else if (!is_valid_username($contactid))
{
echo "<span class=\"error\">Error: Invalid ContactID '$data[1]'</span><br>\n";
}
else if (is_valid_email_address($data[19]) == false)
{
echo "<span class=\"error\">Error: Invalid email address for '$data[1]'</span><br>\n";
}
else
{
$accountnumber= mysql_real_escape_string((addcslashes($data[0], "%_")));
$contactid= mysql_real_escape_string((addcslashes($data[1], "%_")));
$organization= mysql_real_escape_string((addcslashes($data[2], "%_")));
$accountname = mysql_real_escape_string((addcslashes($data[3], "%_")));
$dba= mysql_real_escape_string((addcslashes($data[4], "%_")));
$rep= mysql_real_escape_string((addcslashes($data[5], "%_")));
$network= mysql_real_escape_string((addcslashes($data[6], "%_")));
$login= mysql_real_escape_string((addcslashes($data[7], "%_")));
$password= sha1($data[8]);
$title= mysql_real_escape_string((addcslashes($data[9], "%_")));
$salutation= mysql_real_escape_string((addcslashes($data[10], "%_")));
$firstname= mysql_real_escape_string((addcslashes($data[11], "%_")));
$lastname= mysql_real_escape_string((addcslashes($data[12], "%_")));
$commethod= mysql_real_escape_string((addcslashes($data[13], "%_")));
$phone= mysql_real_escape_string((addcslashes($data[14], "%_")));
$mobile= mysql_real_escape_string((addcslashes($data[15], "%_")));
$other= mysql_real_escape_string((addcslashes($data[16], "%_")));
$fax= mysql_real_escape_string((addcslashes($data[17], "%_")));
$emailopt= mysql_real_escape_string((addcslashes($data[18], "%_")));
$email= mysql_real_escape_string((addcslashes($data[19], "%_")));
$query="INSERT INTO $table_name (account_number, contactid, organization_title, account_name, organizationDBA, network_representative, network, member_login, member_password, title, salutation, firstname, lastname, communication_method, phone, mobile, otherphone, fax, email_opt_out, email) VALUES ('$data[0]', '$data[1]', '$data[2]', '$data[3]', '$data[4]', '$data[5]', '$data[6]', '$data[7]', '$data[8]', '$data[9]', '$data[10]', '$data[11]', '$data[12]', '$data[13]', '$data[14]', '$data[15]', '$data[16]', '$data[17]', '$data[18]', '$data[19]')";
//Don't mind the array elements, I wanted to make sure they were not the problem.
$result = @mysql_query($query) or die(mysql_error());
echo "Success: User '$data[0]' added<br>\n";
$message = "A new user account has been created for you.\n";
$message .= "\n";
$message .= "Username: $data[7]\n";
$message .= "Password: $data[8]\n";
mail($email, "New User Account", $message);
}
}
fclose ($f);
return true;
}
$focus_field = "userfile";
if (($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_POST['csv_upload_form_posted'])))
{
if (is_uploaded_file($_FILES['userfile']['tmp_name']))
{
$file = $_FILES['userfile']['tmp_name'];
process_user_csv($file);
}
else
{
switch($HTTP_POST_FILES['userfile']['error'])
{
case 0: //no error; possible file attack!
echo "There was a problem with your upload.";
break;
case 1: //uploaded file exceeds the upload_max_filesize directive in php.ini
echo "The file you are trying to upload is too big.";
break;
case 2: //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form
echo "The file you are trying to upload is too big.";
break;
case 3: //uploaded file was only partially uploaded
echo "The file you are trying upload was only partially uploaded.";
break;
case 4: //no file was uploaded
echo "You must select a file for upload.";
break;
default: //a default error, just in case! :)
echo "There was a problem with your upload.";
break;
}
}
}
else
{
?>
<form enctype="multipart/form-data" action="<?=$_SERVER['PHP_SELF'];?>" method="post">
<fieldset>
<input type="hidden" name="csv_upload_form_posted" value="true" />
<input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
<table>
<tr></td> ("Select File To Upload")</td>
<td colspan="2">Upload this file: <input type="file" name="userfile" id="userfile" /></td>
</tr>
<tr>
<td class="prompt"> </td>
<td>
<table>
<tr>
<td><input type="submit" name="submit" value="Submit"/></td>
</tr>
</table>
</td>
<td class="error"></td>
</tr>
</table>
</fieldset>
</form>
<?php
}
?>
Thanks for the help guys! I REALLY appreciate it!
