Derokorian;11041919 wrote:As long as you use fputcsv it will escape everything for you. Someone at work didn't do that, and the file was all messed up when fields contained commas.
Agreed. Perhaps the biggest risk you run is that you'll 'break' your CSV file by trying to enter data that contains commas or quotes. fputcsv should eliminate this problem if used properly.
I think character encoding might also be a consideration. When you collect data from your users, you should be aware of the character encoding that you are receiving. I recommend collecting your form input with a utf-8 charset. This should preserve weird chars like accents and umlauts and curly quotes and m-dashes and stuff that people tend to paste from other places
I don't recall all the things you need to consider, but I believe the page that hosts the form will have its own charset and then the form can declare an accept-charset attribute that differs from your page's encoding. If you use utf-8 as your charset for submitted data, then you would need to use the mb_* functions to do any string parsing.
And then any program that transfers, opens, or interprets your CSV file may also be affected by the character encoding. Basically, from the user submission to your final use of the data, there is a custody chain and you should be sure that your character encoding doesn't switch or become ambiguous in this custody chain.
