I am trying to insert the text (UTF-8 Encoded) from an excel file that has 48 rows into a MySQL table. Only 38 of the rows get inserted. Some of the rows do have special characters like "/", "?", ":", ",", ".", "()", "'", """, "!".
foreach ($ret as $rec) {
if($count == 0) {
$count++;
continue;
}
$insert = "INSERT INTO chall (description, time, coin, mode, kids, teens, adults, theme_id, type_id) VALUES ('{$rec['A']}', '{$rec['B']}', '{$rec['C']}', '{$rec['D']}', '{$rec['E']}', '{$rec['F']}', '{$rec['G']}', '{$_REQUEST['theme_id']}', 1)";
$ins_query = mysql_query($insert) or mysql_error();
if(0)
{
die("Error! Can Not Upload Data...");
}
}
Now below is an example of text that has succesfuly inserted into the db: Pretend to for E! News. This is an example. Ask two people to give you a quick answer to this question: "Which of these are not colors—black, brown, gum, blue, Jim, blue, or green?"
Below is an example that did not get inserted into the db: Zig-a-zig-ah! Get a group of buds to reenact this test and remake a video by the Spice Girls in a public setting. Get strangers to join in on the fun!
I have researched as much as I could and have not found any answers. 10 of the rows are not inserting into the db table. Is there anything that I am missing? Thanks a lot for the help.
This is incorrect:
$ins_query= mysql_query($insert) or mysql_error();
^^^^^^^^^^^^^^
mysql_error() returns a string. That means if mysql_query() fails (and returns a boolean false, you assign the error string to $ins_query. That means $ins_string cannot ever be a boolean false, which is what you should be testing for to detect a failure.
And then
if(0)
will always evaluate to false and not execute the die anyways, so there's NO way for you to detect when an error occurred.
You should have
$result = mysql_query(...);
if($result === false) {
die(mysql_error());
}
And note that you are vulnerable to sql injection attacks.
You should fix your mysql_error as @Marc recommended
Also you should use the fgetcsv function to parse your file and check if you have the right number of fields on each line.
Because of this
$_REQUEST['theme_id']
a malicious user can inject whatever he wants in your query (sql injection).
Never trust what the user send