top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Best Secure practice for uploading a csv file to import using PHP

+1 vote
744 views

I just wanted to see the best way to securely accomplish this task. When we want to update a DB we upload to a writable directory instead of writing it directly to MySQL, I don't like having writable directories if possible.
Is there a right or better way to accomplish this?

posted Oct 19, 2013 by Naveena Garg

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

There's nothing inherently wrong with having a directory writeable on your web server, but you should ensure it's running with the least privileges it requires to complete your task.

So, make sure that the Apache user is also the owner of the directory, then you only need to give it 755 permissions (it's always unwise to use 777 on a production server).

Another thing you can do is to place the upload directory outside your web root so that it's not accessible via a browser.

I can see why you wouldn't want to import it directly into the database though. I recently had to "fix" a script of mine because someone thought it would be a good idea to change the order of a bunch of fields in a
CSV, and added a new field in the middle rather than at the end. Having a script in between the CSV and the database can ensure some sort of data quality check is in-place before importing bad data.

answer Oct 19, 2013 by Abhay Kulkarni
I'd like to mention that because this is user input make sure any database access is escaped correctly (prepared statements are good) and when/if you output it should all be HTML escaped.
commented Oct 20, 2013 by Salil Agrawal
Similar Questions
0 votes
I want to parse the csv contents into an array using php?

The output is in this form

Array (
     [0] => name
     [1] => email
     [2] => contact
     [3] => address 
    ) 
Array (
     [0] => sant
     [1] => sant@gmail.com
     [2] => **********
     [3] => haryana )

But I want the output in this form

  Array[1] (
     [0] => name
     [1] => email
     [2] => contact
     [3] => address 
    ) 
Array[2] (
     [0] => sant
     [1] => sant@gmail.com
     [2] => **********
     [3] => haryana
    )
0 votes
How to export certain fields from PHP to CSV in Wordpress?

I am trying to export certain data from my PHP form to CSV. I can echo out to screen during testing and I can also export to CSV the static test data (stored in the $contents array) you see below. But I am stuck trying to export the certain fields that I only need to export.
This is my code

// How do I get this info into the CSV?
/*foreach ( $entries as $entry ) :  
    echo $entry['2'];
    echo $entry['3'];
    echo $entry['6'];
endforeach;*/

$csv_headers = [
    'Organisation Name',
    'Registered Charity Number',
    'Address',
    'Phone',
];

$contents = [
  [2014, 6, '1st half', 'roland@fsjinvestor.com', 0, 0],
  [2014, 6, '1st half', 'steve@neocodesoftware.com', 0, 0],
  [2014, 6, '1st half', 'susanne@casamanager.com', 0, 0],
  [2014, 6, '1st half', 'tim', 0, 0]
];

fputcsv($output_handle, $csv_headers);

foreach ( $contents as $content) :
    fputcsv($output_handle, $content);
endforeach;
0 votes
Problems sorting a CSV file with sort in Linux

The problem is that some of the fields contain commas, but they are inside double quotes.

Example:

sort -t, -k1,1 -k3,3 -k2,2 SomeFile.csv > OutputFile.csv

A line could look something like this:
This is the first field,"This is, well, the second field",The third field could look like this

That line has three fields:
1: This is the first field
2: "This is, well, the second field"
3: The third field could look like this

But sort consider it to have five fields:
1: This is the first field
2: "This is
3: well
4: the second field
5: The third field could look like this

How would you solve this?

...