Upload CSV to MySQL table using PHP - Ignoring the header in the CSV

Question

I am using the following to upload CSV to a table in MYSQL database.

Question: How do I bypass the 1st field? - as in ignore the header - which is currently being saved in my table?

Code:

<?php

 /********************************/
 /* Code at http://legend.ws/blog/tips-tricks/csv-php-mysql-import/
 /* Edit the entries below to reflect the appropriate values
 /********************************/
$databasehost = "localhost";
$databasename = "test";
$databasetable = "sample";
$databaseusername ="test";
$databasepassword = "";
$fieldseparator = ",";
$lineseparator = "\n";
 $csvfile = "filename.csv";
/********************************/
/* Would you like to add an ampty field at the beginning of these records?
/* This is useful if you have a table with the first field being an auto_increment integer
/* and the csv file does not have such as empty field before the records.
/* Set 1 for yes and 0 for no. ATTENTION: don't set to 1 if you are not sure.
/* This can dump data in the wrong fields if this extra field does not exist in the table
/********************************/
$addauto = 0;
/********************************/
/* Would you like to save the mysql queries in a file? If yes set $save to 1.
/* Permission on the file should be set to 777. Either upload a sample file through ftp and
/* change the permissions, or execute at the prompt: touch output.sql && chmod 777 output.sql
/********************************/
$save = 1;
$outputfile = "output.sql";
/********************************/


 if(!file_exists($csvfile)) {
echo "File not found. Make sure you specified the correct path.\n";
exit;
 }

$file = fopen($csvfile,"r");

if(!$file) {
echo "Error opening data file.\n";
exit;
 }

 $size = filesize($csvfile);

 if(!$size) {
echo "File is empty.\n";
exit;
 }

 $csvcontent = fread($file,$size);

 fclose($file);

 $con = @mysql_connect($databasehost,$databaseusername,$databasepassword) or die(mysql_error());
 @mysql_select_db($databasename) or die(mysql_error());

 $lines = 0;
 $queries = "";
 $linearray = array();

 foreach(split($lineseparator,$csvcontent) as $line) {

$lines++;

$line = trim($line," \t");

$line = str_replace("\r","",$line);

/************************************
This line escapes the special character. remove it if entries are already escaped in the csv file
************************************/
$line = str_replace("'","\'",$line);
/*************************************/

$linearray = explode($fieldseparator,$line);

$linemysql = implode("','",$linearray);

if($addauto)
    $query = "insert into $databasetable values('','$linemysql');";
else
    $query = "insert into $databasetable values('$linemysql');";

$queries .= $query . "\n";

@mysql_query($query);
 }

 @mysql_close($con);

 if($save) {

if(!is_writable($outputfile)) {
    echo "File is not writable, check permissions.\n";
}

else {
    $file2 = fopen($outputfile,"w");

    if(!$file2) {
        echo "Error writing to the output file.\n";
    }
    else {
        fwrite($file2,$queries);
        fclose($file2);
    }
}

 }

  echo "Found a total of $lines records in this csv file.\n";


   ?>

Answer 1

You either assume that there is ALWAYS a header, or that any header will be commented by some character, I will show you the first. You can just wrap the insertion lines in a conditional block to check for this.

if( $lines != 0 ) // or $linemysql[0][0] == '#' (assuming # is a "comment")
{
  if($addauto)
      $query = "insert into $databasetable values('','$linemysql');";
  else
      $query = "insert into $databasetable values('$linemysql');";
}

That being said, PLEASE! Do not ever use the code you posted in any internet facing application, you are putting user-provided data directly into the database, so it would be trivial to make a csv file containing SQL injection attack and change your mysql password, steal your data, kill your cat or delete everything. You should also check the number of fields and such, what happens if the csv contains lines without the correct number of fields ?

Read up on http://en.wikipedia.org/wiki/SQL_injection and also http://php.net/PDO

Answer 2

I has been did the same purpose at last week. Please refer this code. It may be help you.

if (isset($_POST['submit'])) {
    //Path of Uploading file
    $target = "upload_files/results/";
    $filename = $_FILES['upload_result']['name'];
    if(file_exists($target.$filename)) {
    unlink($target.$filename);
}
    move_uploaded_file($_FILES['upload_result']['tmp_name'], $target.$filename);
//Store the Detail into the Master table...[class_master]
    $new_master = mysql_query("INSERT INTO result_master(classname,sectionname,examname,filename) Values('$class','$section','$examname','$filename')");

    $filename1 = explode(".",$filename);
    $file = preg_replace("/[^a-zA-Z0-9]+/", "", $filename1[0]);
    // get structure from csv and insert db
    ini_set('auto_detect_line_endings',TRUE);
    $handle = fopen($target.$filename,'r');
    // first row, structure
    if ( ($data = fgetcsv($handle) ) === FALSE ) {
        echo "Cannot read from csv $file";die();
    }
    $fields = array();
    $field_count = 0;
    for($i=0;$i<count($data); $i++) {

    $f = trim($data[$i]);

    if ($f) {
    // normalize the field name, strip to 20 chars if too long
    $f = substr(preg_replace ('/[^0-9a-z]/', '_', $f), 0, 20);
    $field_count++;
    $fields[] = $f.' VARCHAR(50)';
    }
    }
    $drop = mysql_query("Drop table IF EXISTS $file;");

    $sql = "CREATE TABLE $file (" . implode(', ', $fields) . ')';
    echo $sql . "<br /><br />";
    $db = mysql_query($sql);
    while ( ($data = fgetcsv($handle) ) !== FALSE ) {
    $fields = array();
    for($i=0;$i<$field_count; $i++) {
        $fields[] = '\''.addslashes($data[$i]).'\'';
    }
    $sql = "Insert into $file values(" . implode(', ', $fields) . ')';
    echo $sql; 
    $db = mysql_query($sql);
    }

    fclose($handle);
    ini_set('auto_detect_line_endings',FALSE);
    }

Answer 3

Use this code in removing the header in the csv file and upload the data in the database:

$header= 1;
if (($handle = fopen("data.csv", "r")) !== FALSE) {
    while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
        if($header== 1)
        {
            $header++;
            continue;
        }
//do your code here saving into the database
    }
    fclose($handle);
}