* * This file is part of CHD Gestion. * * CHD Gestion is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * CHD Gestion is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with CHD Gestion. If not, see . **/ // Undefined | Multiple Files | $_FILES Corruption Attack // If this request falls under any of them, treat it invalid. if ( !isset($_FILES['upfile']['error']) || is_array($_FILES['upfile']['error']) ) { ?>

Envoi de l'export CSV de l'échéancier Crédit Coop

set_charset("utf8") or die($mysqli->error); // Check $_FILES['upfile']['error'] value. switch ($_FILES['upfile']['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: die('No file sent.'); case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: die('Exceeded filesize limit.'); default: die('Unknown errors.'); } // You should also check filesize here. if ($_FILES['upfile']['size'] > 1000000) { die('Exceeded filesize limit.'); } // DO NOT TRUST $_FILES['upfile']['mime'] VALUE !! // Check MIME Type by yourself. $finfo = finfo_open(FILEINFO_MIME_TYPE); $mtype = finfo_file($finfo, $_FILES['upfile']['tmp_name']); if ( $mtype !== 'text/plain' ) { die('Invalid file format.'.$mtype); } $fhcsv = fopen($_FILES['upfile']['tmp_name'], "r") or die('Can\'t read CSV'); $headers = fgetcsv($fhcsv, 1200, ";"); if ( $headers === FALSE ) { die('Can\'t read CSV headers'); } $numcol = count($headers); echo "CSV $numcol colonnes\n"; $res = $mysqli->query("SELECT * FROM v_rapprochement_compta WHERE actif2016='oui'"); if ( $res === FALSE ) { die("Wrong query"); } $sqldata = array(); $sqlidx_adt_svctype = array(); $row = 0; while ( ($data = $res->fetch_assoc()) !== NULL ) { $row++; $sqldata[$row] = $data; $k = $data['adt'] . '_' . ($data['service_type']==='Adhésion'?'adh':'abo'); if ( !isset($sqlidx_adt_svctype[$k])) { $sqlidx_adt_svctype[$k] = array(); } $sqlidx_adt_svctype[$k][] = $row; } //print_r($sqlidx_adt_svctype); echo "SQL " . ($row) . " lignes\n"; $row = 1; while (($data = fgetcsv($fhcsv, 1200, ";")) !== FALSE ) { $row++; if ( count($data) !== $numcol ) { echo "CSV skipping line $row : bad col count\n"; continue; } // } fclose($fhcsv); echo "CSV " . ($row-1) . " lignes\n";