1

I'm trying to insert data that I select from my database into a csv file. I got stuck here and don't know why it doesn't work. It keeps me giving a file like this: enter image description here

For some reason it put the column names into 1 field (A1) I'm using this code now:

<?php
include "includes/connection.php";

if(isset($_POST['submit'])){

$tabel = $_POST['tabel'];
$date1 = $_POST['date1'];
$date2 = $_POST['date2'];

      header('Content-Type: text/csv; charset=utf-8');  
      header('Content-Disposition: attachment; filename="data.csv";');  
      $output = fopen("php://output", "w");  
      fputcsv($output, array('Dev_ID', 'Barcode', 'Naam', 'Ip_adres', 'Merk', 'Model', 'CPU', 'Memory', 'Moederbord', 'Serialnummer', 'Aanschaf_dat', 'Aanschaf_waarde', 'Opmerkingen', 'Picture_dev'));  
      $sql = "SELECT * FROM ".$tabel." WHERE Aanschaf_dat BETWEEN ".$date1." AND ".$date2."";  
      $query = $conn->prepare($sql); 
      while($row = $query->fetch(PDO::FETCH_ASSOC))  
      {  
           fputcsv($output, $row);  
      }  
      fclose($output);      
}
?>

Does anyone know what I'm doing wrong?

Improve this question
15
  • Add error reporting to the top of your file(s) while testing right after your opening PHP tag for example <?php error_reporting(E_ALL); ini_set('display_errors', 1); And you will be able to solve your own issues Commented Jun 19, 2018 at 9:32
  • Your script is wide open to SQL Injection Attack Even if you are escaping inputs, its not safe! Use prepared parameterized statements properly in either the MYSQLI_ or PDO API's Commented Jun 19, 2018 at 9:33
  • @RiggsFolly Yes I tried and thanks for your help but at the moment this aint the problem of my question Commented Jun 19, 2018 at 9:34
  • You do know that $variables will get expanded automatically in a double quoted string literal dont you? Commented Jun 19, 2018 at 9:36
  • And that dates should be wrapped in single quotes Commented Jun 19, 2018 at 9:36

1 Answer 1

Reset to default
1

Check below code and notice change in SQL statement. Also need to do data sanitization to prevent SQL injection,

<?php

include "includes/connection.php";

if (isset($_POST['submit'])) {
    $tabel = $_POST['tabel'];
    $date1 = $_POST['date1'];
    $date2 = $_POST['date2'];

    header('Content-Type: text/csv; charset=utf-8');
    header('Content-Disposition: attachment; filename="data.csv";');
    $output = fopen("php://output", "w");
    fputcsv($output, array('Dev_ID', 'Barcode', 'Naam', 'Ip_adres', 'Merk', 'Model', 'CPU', 'Memory', 'Moederbord', 'Serialnummer', 'Aanschaf_dat', 'Aanschaf_waarde', 'Opmerkingen', 'Picture_dev'));
    $sql = "SELECT * FROM $tabel  WHERE Aanschaf_dat BETWEEN ? AND ?";
    $query = $conn->prepare($sql);
    $query->execute([$date1, $date2]);
    foreach ($query as $row) {
        fputcsv($output, $row);
    }
    fclose($output);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.