StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
2077392
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2010-01-16T12:58:35.807
FavoriteCount
0
LastActivityDate
2010-01-16T12:58:35.807
LastEditDate
LastEditorUserId
0
OwnerUserId
250259
ParentId
2077341
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
That is not secure. At the very least you need to verify that the file was indeed an uploaded file and not a file already on the server like /etc/passwd. To do that you need to use <code>is_uploaded_file()</code>. Example: <pre><code><?php if (is_uploaded_file($_FILES['file1']['tmp_name'])) { $tmp_name1 = $_FILES['file1']['tmp_name']; if (($handle = fopen($tmp_name1, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); // SQL insert statement } fclose($handle); } } </code></pre> ?> You also should rename any file uploaded to your server as leaving the name of the file unchanged could lead to remote file attack where someone executes the file on your server. Finally, if the file upload is only supposed to accept certain file type, like images, then you should definitely check to make sure the file is actually an image. At the very least check the file extension to make sure it is a .png, .gif, .jpg, etc. If it is a .exe then reject it immediately as it is obviously is not an image and thus of no use to you. <pre><code><?php if (is_uploaded_file($_FILES['file1']['tmp_name'])) { $allowedExtensions = array("txt","csv","htm","html","xml","css","doc","xls","rtf","ppt","pdf","swf","flv","avi","wmv","mov","jpg","jpeg","gif","png"); if (!in_array(end(explode(".", strtolower($_FILES['file1']['name']))), $allowedExtensions)) { // Bad file type. Error! } else { $tmp_name1 = $_FILES['file1']['tmp_name']; if (($handle = fopen($tmp_name1, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); // SQL insert statement } fclose($handle); } } } ?> </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POfile import security issue
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USJohn Conde
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POfile import security issue
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.