[RESOLVED] help with foreach and str_replace

mpar612

Hi everyone,

I am having a small problem with the code below. I am trying to escape all of the single quotes (') from all of the values in an array before it is entered into the database.

The code works well except for the foreach statement. I keep getting "Uninitialized string offset" errors whenever I execute the code with the foreach.

Any thoughts would be greatly appreciated. Thanks in advance!

while (($data1 = fgetcsv($handle, 100000, "|")) !== FALSE) {
			foreach ($data1 as $data){
			str_replace("'", "/'", $data);
			}
	    $import="INSERT INTO commercial(Transaction_Type, MLSNumber, ListOfficeId, ListOfficeAddress1) VALUES('$data[0]', '$data[1]', '$data[2]', '$data[3]', '$data[4]')";
		 mysql_query($import) or die(mysql_error());
       }

laserlight

Use [man]mysql_real_escape_string[/man] to escape string input with the MySQL extension, e.g.,

while (($data = fgetcsv($handle, 100000, "|")) !== FALSE) {
    $import = sprintf("INSERT INTO commercial
                       (Transaction_Type, MLSNumber, ListOfficeId, ListOfficeAddress1)
                       VALUES('%s', '%s', '%s', '%s')",
                      mysql_real_escape_string($data[0]),
                      mysql_real_escape_string($data[1]),
                      mysql_real_escape_string($data[2]),
                      mysql_real_escape_string($data[3]));
    mysql_query($import) or die(mysql_error());
}

If feasible, I suggest switching to either the MySQLi extension or PDO extension, and perhaps using prepared statements with these extensions instead.

mpar612

Worked perfectly. Thanks!

I would switch to MySQLi or PDO, but I'm still in PHP 4.