Skip to content

Commit

Permalink
Use prepared statement for table insertion
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mstrodl
Mstrodl committed Mar 19, 2024
1 parent 68fd7c0 commit 66e7e59
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions tools/Parser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,8 +238,9 @@ function fileToTempTable(string $tableName, $file, $fields, $fileSize, string $p
}

// Build a query
$insQuery = "INSERT INTO {$tableName} VALUES('" . implode("', '", $lineSplit) . "')";
if (!mysqli_query($this->dbConn, $insQuery)) {
$stmt = $this->dbConn->prepare("INSERT INTO {$tableName} VALUES(" . implode(", ", array_fill(0, $fields, "?")) . ")");
$stmt->bind_param(str_repeat("s", $fields), ...$lineSplit);
if (!$stmt->execute()) {
echo("*** Failed to insert {$tableName}\n");
echo(" " . mysqli_error($this->dbConn) . "\n");
continue;
Expand Down

0 comments on commit 66e7e59

Please sign in to comment.