top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration

Best Secure practice for uploading a csv file to import using PHP

+1 vote
365 views

I just wanted to see the best way to securely accomplish this task. When we want to update a DB we upload to a writable directory instead of writing it directly to MySQL, I don't like having writable directories if possible.
Is there a right or better way to accomplish this?

posted Oct 19, 2013 by Naveena Garg

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

There's nothing inherently wrong with having a directory writeable on your web server, but you should ensure it's running with the least privileges it requires to complete your task.

So, make sure that the Apache user is also the owner of the directory, then you only need to give it 755 permissions (it's always unwise to use 777 on a production server).

Another thing you can do is to place the upload directory outside your web root so that it's not accessible via a browser.

I can see why you wouldn't want to import it directly into the database though. I recently had to "fix" a script of mine because someone thought it would be a good idea to change the order of a bunch of fields in a
CSV, and added a new field in the middle rather than at the end. Having a script in between the CSV and the database can ensure some sort of data quality check is in-place before importing bad data.

answer Oct 19, 2013 by Abhay Kulkarni
I'd like to mention that because this is user input make sure any database access is escaped correctly (prepared statements are good) and when/if you output it should all be HTML escaped.
Similar Questions
0 votes

The output is in this form

Array (
     [0] => name
     [1] => email
     [2] => contact
     [3] => address 
    ) 
Array (
     [0] => sant
     [1] => sant@gmail.com
     [2] => 1684218942
     [3] => haryana ) 

But I want the output in this form

  Array[1] (
     [0] => name
     [1] => email
     [2] => contact
     [3] => address 
    ) 
Array[2] (
     [0] => sant
     [1] => sant@gmail.com
     [2] => 99999999999
     [3] => haryana
    ) 
0 votes

I am trying to export certain data from my PHP form to CSV. I can echo out to screen during testing and I can also export to CSV the static test data (stored in the $contents array) you see below. But I am stuck trying to export the certain fields that I only need to export.
This is my code

// How do I get this info into the CSV?
/*foreach ( $entries as $entry ) :  
    echo $entry['2'];
    echo $entry['3'];
    echo $entry['6'];
endforeach;*/

$csv_headers = [
    'Organisation Name',
    'Registered Charity Number',
    'Address',
    'Phone',
];

$contents = [
  [2014, 6, '1st half', 'roland@fsjinvestor.com', 0, 0],
  [2014, 6, '1st half', 'steve@neocodesoftware.com', 0, 0],
  [2014, 6, '1st half', 'susanne@casamanager.com', 0, 0],
  [2014, 6, '1st half', 'tim', 0, 0]
];

fputcsv($output_handle, $csv_headers);

foreach ( $contents as $content) :
    fputcsv($output_handle, $content);
endforeach;
0 votes

The problem is that some of the fields contain commas, but they are inside double quotes.

Example:

sort -t, -k1,1 -k3,3 -k2,2 SomeFile.csv > OutputFile.csv

A line could look something like this:
This is the first field,"This is, well, the second field",The third field could look like this

That line has three fields:
1: This is the first field
2: "This is, well, the second field"
3: The third field could look like this

But sort consider it to have five fields:
1: This is the first field
2: "This is
3: well
4: the second field
5: The third field could look like this

How would you solve this?

Contact Us
+91 9880187415
sales@queryhome.net
support@queryhome.net
#280, 3rd floor, 5th Main
6th Sector, HSR Layout
Bangalore-560102
Karnataka INDIA.
QUERY HOME
...