Im am learning / Training MySQL , PHP I`m beginner at PHP
So i was trying to make a CRUD, so i was trying to save Date in database . so i used input type "DATE" in form. but id didn't worked quite well it just doesn't insert date just saves it as 0000-00-00 (MySQL datatype DATE)
In form:
<input type="date" name="release">
And here.
if (isset($_GET['submit'])) {
$ename= $_GET['name'];
$edate= $_GET['release'];
$eseas= $_GET['season'];
$insert= "INSERT into episodes (name, date, season) values($ename,$edate,$eseas) ";
I am just learning PHP, if there is a better way to do that please recommend me
Thanks in advance :-)
Bug #1: You are vulnerable to sql injection attacks. Go to this link and read and UNDERSTAND the problem before you go any farther
Bug #2: You haven't quoted your values, so your PHP
$sql = "INSERT ... VALUES(...,$edate,...)"
is going to produce this SQL:
INSERT ... VALUES (...,2015-08-20,...)
Since you have no quotes around your date value, it's not really a date. It's a mathematical subtraction, and you're really doing 2015-8-20 => 1987, and the query is extecuted as
INSERT ... VALUES (...,1987,...)
Since 1987 isn't a valid date string (mysql expects yyyy-mm-dd), you get the all-zeroes date in your db.
Ignoring the injection problem, you need:
$insert= "INSERT into episodes (name, date, season) values($ename,'$edate',$eseas) ";
^------^
And similarly for any other field value that isn't a plain number. If you don't quote strings, the strings are interpreted as field/table names, which probably don't exist.
Related
For work, i have to make an oracle database and mysql one communicate.
On Oracle, i have a vrp table with (among others) a DATECREATION column, in DATE format (alas, it's what SQL developer tells me when i click it). It stores dates in the DD/MON. /YY format.
I have to copy these values over to a mysql database. At first, i tried to ignore them and used them as strings; but i will have to manipulate them so i need to have them as date.
So in PHP, i do date('Y-m-d', strtotime($row[26])) and it works fine, turning '24-OCT-19' into 2019-10-24
I then try to insert this in my Mysql database, doing the following :
$stmt = $conn->prepare("INSERT INTO [...] VALUES (?, ? [...]);
$stmt->bindValue(27, date('Y-m-d', strtotime($row[26]))); (yes there are a lot of columns)
$stmt->execute($row);
if i echo the data it looks fine, i didn't mixed up my indexes since the adjacents columns don't get the date inserted. However, the 27th column receives a 0000-00-00.
No errors or warning are raised, so i don't even know how to debug this.
Thank you.
Rewrite your oracle select statement.
And use a following text conversion, to get a mysql date format as string
TO_CHAR( SYSDATE, 'YYYY-MM-DD HH24:MI:SS' )
I have a problem in storing the $date variable in the database column called data of type varchar(50)
This is the code of the date variable
$date = date("Y-m-d");
echo $date;
and this is the code that stores it into the database (notice that the date is the same one)
what is the problem with my code
$sql="INSERT INTO
Students(FirstName, LastName,gender,Major,Favorite_courses,GPA,date)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[sex]','$_POST[major]',
'$_POST[favorite]','$_POST[GPA]','$date')";
Change the column type to DATE and then use SYSDATE as the value to input the current date/time on the SQL server.
Also, read up on SQL injection!
Technically your code should work, but in practice it will undoubtedly fail.
For starters you should never put POST data directly into your database. Depending on what's in that data, it will at the least break your SQL statement. It could also destroy your database if someone entered some SQL into a POST variable.
Don't do it that way. You need to sanitize any data coming from the outside world before inserting it into the database. There are several PHP database classes that do this for you. I like PDO.
Also, write better PHP by using $_POST['favorite'] instead of $_POST[favorite]. What happens if you do this in your code somewhere define('favorite', 'foobar')?
What happens is that your code will than look for $_POST['foobar'] instead of $_POST['favorite'].
You really need to work on your knowledge of PHP and SQL before rolling anything out into the wild, or you're going to have problems. But keep plugging along, you'll get it.
Aside from the, already several times mentioned, SQL injection: use date('c') (or more specifically: ISO8601 notation). That will result in code like:
$query = "insert into mytable (myfield) values ('" . date('c') . "')";
Which will result in a query like:
insert into mytable (myfield) values ('2013-06-03T22:20:32+02:00')
This is an unambigious notation and should always work (Y-m-d will work fine too, as per your question, it only stores a date without any time). When using any other notation there's always the problem for the RDBMS that it has to know wether it has to interpret 02/12/1977 as February 12th 1977 or December 2nd 1977. Also, make sure that myfield (in my example) is of type DateTime or Date and not varchar and that you correctly escape reserved words like date in querystrings:
select foo, bar, `date`, foobar from mytable....
However, MySQL seems to 'allow' date (because of "MySQL permits some keywords to be used as unquoted identifiers because many people previously used them." wich is a stupid reason). It's best to just stick to escaping always:
select `foo`, `bar`, `date`, `foobar` from `mytable` ....
Please note that I did not use any sort of MySQLi or PDO prepared statements in this example; you should go read up on SQL injection and then on those topics and then go back to your code.
You can use the php class Date and use his format function
I am using the p4a application framework and I have build several databases one of which needs to gather the date of a booking, I understand that there Isn't a way to do this through MySQL but I haven't found anything useful on the p4a forums on this so anyone that uses the p4a framework that could help, I would be grateful,
I have my local set as en_GB which sets the date within the p4a field as dd-mm-yyyy but I need it to be yyyy-mm-dd to actually write the data into the database,
the present code for this operation is:
$this->build("p4a_field","date")
->setlabel("Date")
->setType('date')
$location = $this->AreaName->getNewValue();
$date = $this->date->getNewValue();
$merono = $this->merono->getNewValue();
$p4a = p4a::singleton();
$p4a->i18n->autoUnformat($date, "shortdate");
p4a_db::singleton()->query("INSERT INTO meetingrooms(location, date, merono)
VALUES
('$location', '$date', '$merono')");
Any help would be appreciated, I was planning on intercepting the function using afterClick but I need to know the syntax required first.
Thanks,
Steve
If I understand correctly, you have some dates in a non-MySQL-friendly format, but you want to use them for INSERTs, right?
How about letting MySQL convert them for you?
SELECT STR_TO_DATE('31-12-2012','%d-%m-%Y');
-> '2012-12-31'
EDITS:
It looks like you have the date:
$date = $this->date->getNewValue();
so you need to use the formula in your SQL:
p4a_db::singleton()->query("INSERT INTO meetingrooms(location, date, merono)
VALUES
('$location', STR_TO_DATE('$date','%d-%m-%Y'), '$merono')");
I'm not a p4a guy, so hopefully that'll work.
Note that, in most languages, you'll be exposed to SQL injection with code like that. Does p4a cover that for you, or provide for positional parameters?
Good luck.
i've set a field as date in xammp server. but when i'm inserting a values, its saving like 0000-00-00.. i've even input it manually like 2010-10-10 but still saveing 000... is the problem with my code or the xammp server??? or is there any way to configure the date format in xammp???
$today = date('Y-m-d');
"/>
update.php
$date = $_GET['datee'];
$qry = "INSERT INTO course_detail(userid, course_id, hours_complete, week_no, date) VALUES('$member_id','$fname','$hour','$week', '$date')";
$result = #mysql_query($qry);
It's probably with your code. Have you quoted the date string when inserting?
INSERT INTO mytable SET datefield='2010-10-10'
This is definitely not a XAMPP issue. I highly recommend you take a look at this link MySQL Documentation on Datetime
MySQL Date has a fixed syntax and it generally falls along the lines of YYYY-MM-DD or YYYYMMDD. I'm sure you're using a presentation layer over MySQL such as *.NET (ASP,winforms), you can reformat the date generated by MySQL to match your locale. Here's how you do it on the Microsoft stack MSDN Globalization Step-by-Step, similar methods are available for whatever else technology you may be using.
I am having an issue with a simple insert query into a table.
I have this PHP Code
$T_MEMBER = "INSERT INTO T_MEMBER (MEMBER_IDENTIFIER,LAST_NAME,FIRST_NAME,BIRTH_DATE) VALUES ('$memberID','$last','$first','$birthdate')";
mysql_query($T_MEMBER) or die(mysql_error());
Here are a few examples of what the query looks like if i echo it:
INSERT INTO T_MEMBER
(MEMBER_IDENTIFIER,LAST_NAME,FIRST_NAME,BIRTH_DATE)
VALUES
('2007','Hayes','Karin','1958-30-10')
INSERT INTO T_MEMBER
(MEMBER_IDENTIFIER,LAST_NAME,FIRST_NAME,BIRTH_DATE)
VALUES
('2020','Long','Peggy','1968-29-5')
INSERT INTO T_MEMBER
(MEMBER_IDENTIFIER,LAST_NAME,FIRST_NAME,BIRTH_DATE)
VALUES
('2021','Torres','Diane','1968-30-8')
BIRTH_DATE is a date type column.
The problem is, after i do any of these queries, the date shows up as 000-00-00!!!! I have been wracking my brain and i cannot seem to find the issue.
Thanks,
Ian
The date needs to be in YYYY-MM-DD format. Yours is in YYYY-DD-M(thanks juliano) format by the way.
So instead of 1958-29-05, use 1968-05-29
You might also want to consider passing in the date as a variable, and first formatting it using mktime() and date().