我现在导入我的CSV很好,除了一件事情,我如何获得导入忽略第一行中的数据?员工将上传第一行中具有列名称的相同格式。导入CSV,排除第一行
if (isset($_POST['submit'])) {
if (is_uploaded_file($_FILES['filename']['tmp_name'])) {
echo "<h1>" . "File " . $_FILES['filename']['name'] . " uploaded successfully." . "</h1>";
echo "<h2>Displaying contents:</h2>";
readfile($_FILES['filename']['tmp_name']);
}
//Import uploaded file to Database
$handle = fopen($_FILES['filename']['tmp_name'], "r");
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$import = "INSERT into tictoc(employee,taskname,tasktime,sessiontime,sessionstart,sessionend,sessionnotes) values('" . $userinfo['first_name'] . " " . $userinfo['last_name'] . "','$data[0]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]')";
mysql_query($import) or die(mysql_error());
}
fclose($handle);
print "Import done";
}
**你的代码很容易受到SQL注射**你*真的*应该使用[准备好的陈述](http:// stacko verflow。com/a/60496/623041),将您的变量作为参数传递到其中,而这些参数不针对SQL进行评估。如果你不知道我在说什么,或者如何解决它,请阅读[Bobby Tables]的故事(http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain) 。特别是,上传的文件可能包含将被注入到你的INSERT语句中的SQL。 – eggyal