3
\$\begingroup\$ 
<?php 
 // Read all lines of the CSV file into an array
 // The "file" function in PHP returns an array of all the lines in the file listed
 $lines = file('passes.csv',FILE_IGNORE_NEW_LINES);
 // Counter variable for line number
 $i = 0;
 //Iterate over the array of lines
 foreach($lines as $line) {
 $parts = explode(',',$line);
 $type = $parts[0];
 $site_name = $parts[1];
 $site_address = $parts[2];
 $contact_no = $parts[3];
 $customer_no = $parts[4];
 $details = $parts[5];
 $email = $parts[6];
 $phone = $parts[7];
 $tech = $parts[8];
 echo '<tr>';
 echo "<td>$type</td>";
 echo "<td>$site_name</td>";
 echo "<td>$site_address</td>";
 echo "<td>$contact_no</td>";
 echo "<td>$customer_no</td>";
 echo "<td>$details</td>";
 echo "<td>$email</td>";
 echo "<td>$phone</td>";
 echo "<td>$tech</td>";
 echo "<td><a class=\"btn btn-warning\" href=\"./?p=form_edit_band&band=$i\"><i class=\"icon-edit icon-white\"></i></a> <a class=\"btn btn-danger\" href=\"actions/delete_band.php?linenum=$i\"><i class=\"icon-trash icon-white\"></i></a></td>";
 echo '</tr>';
 $i++; // increment line number
 }
 ?>

This is slow. also it would be awesome if someone could tell me how to do this dynamically with different csv file.

200_success
145k22 gold badges190 silver badges478 bronze badges
asked Oct 6, 2016 at 6:32
\$\endgroup\$

2 Answers 2

1
\$\begingroup\$

The biggest problem with this code is not so much the CSV formatting, but the fact that you have a "Delete" link like this:

<a class="btn btn-danger" href="actions/delete_band.php?linenum=$i">

The fact that a deletion can be triggered by an HTTP GET request exposes you to a Spider of Doom situation:

Things went pretty well for a few days after going live. But, on day six, things went not-so-well: all of the content on the website had completely vanished and all pages led to the default "please enter content" page. [...]

A user [had] copied and pasted some content from one page to another, including an "edit" hyperlink to edit the content on the page. Normally, this wouldn't be an issue, since an outside user would need to enter a name and password. But, the CMS authentication subsystem didn't take into account the sophisticated hacking techniques of Google's spider. Whoops.

Moreover, GET requests are generally cacheable, so clicking on the link might not reliably cause the row to be deleted.

For requests that trigger a state change on the server, what you want is an HTTP POST. POSTs are not cacheable, and will not be triggered by web crawlers. To change the link to perform a POST, you could either make it a button in a form or do something using JavaScript.

answered Oct 6, 2016 at 7:04
\$\endgroup\$
1
  • 1
    \$\begingroup\$ also, clicking the link and then reloading the page will delete the next line of the file. \$\endgroup\$ Commented Oct 6, 2016 at 15:31
1
\$\begingroup\$

in addition to what @200_success mentioned, where is the information in your csv file coming from? It looks like it can be (at least partially) from the user (you have an edit link), in which case you need to escape using htmlspecialchars() or htmlentities(). If it would happen to be that your csv file is known to be safe (difficult to know, because even legitimate information could cause problems), then you probably don't need to rename all the variables before you use them.

In addition, it is not necessary to echo at the beginning of every line. one multiline statement works just as well.

answered Oct 6, 2016 at 15:38
\$\endgroup\$

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.