0

我编写了这段代码,用于使用脚本将 Excel (.xml) 文件插入MySQL 数据库。PHP但它不能插入包含MS.WORD(TABLE、PICTURES等)的数据,插入的是空格而不是Word文档。  上传问题

             <div style="float: left;">
            <table>
                    <form enctype="multipart/form-data" action="" method="post">
                      <input type="hidden" name="MAX_FILE_SIZE" value="2000000" />
                            <tr>
                            <td><h5><b>Select Standared</b></h5></td>
                            <td><select name="chap_sel_std" id="chap_sel_std">
                                                        <option>Select Standared</option>
                                                <?php
                                                    $exe_sel_std = mysql_query("SELECT * from s_standared");
                                                    while($r_sel_std = mysql_fetch_array($exe_sel_std)){
                                                        $sel_stdid = $r_sel_std['std_id'];
                                                        $sel_std = $r_sel_std['std'];?>

                                                        <option value="<?php echo $sel_stdid; ?>"><?php echo $sel_std;?></option>
                                                        <?php } ?>
                                </select></td>
                            </tr>
                            <tr>
                                <td><h5><b>Select Font</b></h5></td>
                                <td><select name="sel_f_gn_que">
                                    <option>Select Font</option>
                                        <?php
                                            $xf = mysql_query("SELECT * from s_font");
                                            while($rquef = mysql_fetch_array($xf)){
                                                $f_id = $rquef['f_id'];
                                                $f_name = $rquef['f_name'];  ?>
                                    <option value="<?php echo $f_id; ?>"><?php echo $f_name; }?>  </option>
                                </select></td>
                            </tr>
                            <tr>
                                <td><h5><b>Upload Question<h5><b></td>
                                <td>
                                    <input type="file" name="file" id="file" class="">
                                </td>
                            </tr>
                            <tr>
                                <td></td>
                                <td colspan="2"><input type="submit" class="btn btn-green big" name="add_que" value="Add Questions"></td>
                                <td><input type="submit" name="saveandexit" class="btn btn-blue" value="Finish and close Me" onclick="close();"></td>
                            </tr>
                    </form>
                    </table>
                    </div>                   

    <?php

            $data = array();

    //$db =& DB::connect("mysql://root@localhost/names", array());
    //if (PEAR::isError($db)) { die($db->getMessage()); }
      //quetype    difficulty    standard    subject    chap    que    marks

    function add_person($quetype,$dif, $subject,$chap_name,$que,$marks)
    {
     global $data, $db;

     //$sth = $db->prepare( "INSERT INTO names VALUES( 0, ?, ?, ?, ? )" );
    // $db->execute( $sth, array( $first, $middle, $last, $email ) );

     $data []= array(
       'quetype' => $quetype, 
       'difficulty' => $dif,
       'subject' => $subject,
       'chap' => $chap_name,
       'que' => $que,
       //'ans' => $ans,
       'marks' => $marks

     );
    }

    if(!isset($_FILES['file']['tmp_name'])){
        echo "";
    }elseif($_FILES['file']['tmp_name'])
    {
     $dom = DOMDocument::load( $_FILES['file']['tmp_name'] );
     $rows = $dom->getElementsByTagName( 'Row' );
     $first_row = true;
     foreach ($rows as $row)
     {
       if ( !$first_row )
       {
         $quetype = "";
         $dif = "";
         $subject = "";
         $chap_name = "";
         $que = "";
         //$ans = "";
         $marks = "";

         $index = 1;
         $cells = $row->getElementsByTagName( 'Cell' );
         foreach( $cells as $cell )
         {
           $ind = $cell->getAttribute( 'Index' );
           if ( $ind != null ) $index = $ind;

           if ( $index == 1 ) $quetype = $cell->nodeValue;
           if ( $index == 2 ) $dif = $cell->nodeValue;
           if ( $index == 4 ) $subject = $cell->nodeValue;
           if ( $index == 6 ) $chap_name = $cell->nodeValue;
           if ( $index == 8) $que = $cell->nodeValue;
           //if ( $index == 9) $ans = $cell->nodeValue;
           if ( $index == 9) $marks = $cell->nodeValue;

           $index += 1;
         }
         add_person($quetype,$dif, $subject,$chap_name,$que,$marks);

         if(isset($_POST['add_que'])){    

                 $chap_sel_std = $_POST['chap_sel_std'];
                 echo $simquefnt = $_POST['sel_f_gn_que'];

                    //que_id    quetype_id    chap_id    sub_id    std_id    que    dif_id    marks    que_cdate
             //$chap_sel_std = $_POST['chap_sel_std']; //que_id    quetype_id    chap_id    sub_id    std_id    que    dif_id    marks    que_cdate
             mysql_query("INSERT INTO 
                          s_question
                          VALUES (null,'$quetype','$chap_name','$subject','$chap_sel_std',N'$que','NO IMAGE','$dif','$marks','$simquefnt','$current')");                                                        
    //         header("location:../admin/quetionaris.php#tabs-que"); 
         echo "Successfully Added";
          }
       }
       $first_row = false;
     }
    }
    ?>
    </body>                 
</html>
4

1 回答 1

1

在将数据放入 SQL 查询时,您确实需要学习如何对数据进行转义。

了解 SQL 注入。它们使任何人都可以公开访问您的数据库和应用程序。

然后最后使用mysql_escape_string.

于 2013-06-10T08:24:33.863 回答