1. 首頁
  2. 問答
  3. PHP不顯示來自MYSQL時間戳的結果搜索

PHP不顯示來自MYSQL時間戳的結果搜索

2012-09-12 64 views
0

以下是我從MYSQL數據庫中搜索日期範圍的代碼。 我可以搜索日期,它會顯示錶格標題(Product Desc,New或Own和Date),但它不顯示數據庫中的任何結果?PHP不顯示來自MYSQL時間戳的結果搜索

任何想法,我需要如何編輯我的代碼,以便它顯示所選日期範圍的結果?

<?php 
if(!isset($_POST['find'])) 
{ 
?> 
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF'];?>"> 
<table width = "450" align = "center"> 
    <tr> 
    <td><b><i>Please enter date in the field below (i.e. 11-09-2012)</i></b></td> 
</tr> 
<tr> 
    <td> 
    From&nbsp;:&nbsp; 
    <input type = "text" name = "small"> 
    To&nbsp;:&nbsp; 
    <input type = "text" name = "large"></td> 
</tr> 
<tr> 
    <td align = "center"> 
     <input type = "submit" name = "find" value = "SEARCH"> 
     <input type = "reset" value = "CLEAR FORM"> 
     </td> 
    </tr> 
</table> 
</form> 
<?php 
} 
else 
{ 
$small = trim($_POST['small']); 
$large = trim($_POST['large']); 

$connection = mysql_pconnect("localhost", "user_name", "password") or die("Connection failed. ".myslq_error()); 
mysql_select_db("stock") or die("Unable to select db. ".mysql_error()); 
//Add 1 to the upper range, $large, else it won't make it inclusive 
$query = "SELECT * FROM main_stock WHERE curr_timestamp BETWEEN DATE_FORMAT(curr_timestamp,'%".$small."') AND DATE_FORMAT(curr_timestamp, '%".($large+1)."') ORDER BY curr_timestamp"; 
$result = mysql_query($query) or die(mysql_error()); 

echo "<table width = '500' align = 'center'>"; 
echo "<tr><b>"; 
    echo "<td>Product Description</td>"; 
    echo "<td>New or Own?</td>"; 
    echo "<td>Date</td>"; 
echo "</b></tr>"; 
while($record = mysql_fetch_object($result)) 
{ 
    echo "<tr>"; 
     echo "<td>".$record->product_desc."</td>"; 
     echo "<td>".$record->newown."</td>"; 
     $year_part_of_date = explode('-', $record->curr_timestamp); 
    echo "<td>".$year_part_of_date[0]."</td>"; 
     //if you want the full date replace the $year_part_of_date[0] with $record->date 
    echo "</tr>"; 
} 
echo "</table>"; 

} 

?>

來源

2012-09-12 Sarah HSL

+0

你檢查,查詢您產生的作品,那你得到的結果回來? – andrewsi

+2

直接在數據庫上運行查詢會發生什麼?您使用$ small和$ large值來設置日期字符串的格式似乎沒有任何意義。 –

+1

您尚未轉義您的受用戶干擾的變量,因此您可能在此腳本中存在SQL注入漏洞。 – halfer

回答

0

我猜你的查詢是無效的。

假設curr_timestamp是格式爲YYYY-MM-DD HH:MM:SS格式的MySQL日期時間字段,您需要將輸入更改爲此格式以便於比較。如果您可以詳細說明$small$large的格式,那將會有所幫助。

你可能想查詢要在這種格式

SELECT * FROM main_stock 
WHERE curr_timestamp BETWEEN '$small_formatted' AND '$large_formatted' 
ORDER BY curr_timestamp ASC

$small_formatted$large_formatted的格式正確使用的東西幾次都是date('Y-m-d H:i:s', $input_timestamp)

來源

2012-09-12 15:06:02

0
  1. 切換你的邏輯順序。你不想讓你的流程成爲else
  2. 看起來好像你在結合程序和對象樣式。選一個。
  3. 您應該避免選擇全部(SELECT *)。始終指定一個列列表。
  4. 日期格式不正確。您應該格式化輸入日期以匹配數據庫格式(YYYY-MM-DD)。我假設curr_timestampYYYY-MM-DD
  5. 您需要停止使用mysql_函數,因爲它們是deprecated
  6. 使用預準備語句來防止SQL注入。

我沒有測試過這一點,但這個解決我上面列出的問題:

<?php 
if(isset($_POST['find'])) 
{ 
    $link = mysqli_connect("localhost", "user_name", "password", "stock"); 

    if (mysqli_connect_error()) { 
    die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); 
    } 

    $stmt = mysqli_prepare($link, 'SELECT * FROM main_stock WHERE curr_timestamp ' . 
    "BETWEEN DATE_FORMAT(?, '%m-%d-%Y') " . 
    "AND DATE_FORMAT(?, '%m-%d-%Y') ORDER BY curr_timestamp"); 

    mysqli_bind_param($stmt, 'ss', $_POST['small'], $_POST['large']) or die(mysqli_error($dbh)); 

    $result = mysqli_stmt_execute($stmt) or die(mysqli_error($link)); 

    echo "<table width = '500' align = 'center'>"; 
    echo "<tr><b>"; 
    echo "<td>Product Description</td>"; 
    echo "<td>New or Own?</td>"; 
    echo "<td>Date</td>"; 
    echo "</b></tr>"; 

    while($record = mysqli_fetch_assoc($result)) { 
    echo "<tr>"; 
    echo "<td>" . $record[product_desc] . "</td>"; 
    echo "<td>" . $record[newown] . "</td>"; 

     $year_part_of_date = explode('-', $record[curr_timestamp]); 

    echo "<td>".$year_part_of_date[0]."</td>"; 

     //if you want the full date replace the $year_part_of_date[0] with $record->date 
    echo "</tr>"; 
    } 

    echo "</table>"; 

    mysqli_close($link); 
} 
else 
{ 
?> 
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF'];?>"> 
<table width = "450" align = "center"> 
    <tr> 
    <td><b><i>Please enter date in the field below (i.e. 11-09-2012)</i></b></td> 
</tr> 
<tr> 
    <td> 
    From&nbsp;:&nbsp; 
    <input type = "text" name = "small"> 
    To&nbsp;:&nbsp; 
    <input type = "text" name = "large"></td> 
</tr> 
<tr> 
    <td align = "center"> 
     <input type = "submit" name = "find" value = "SEARCH"> 
     <input type = "reset" value = "CLEAR FORM"> 
     </td> 
    </tr> 
</table> 
</form> 
<?php 
} 

?>

來源

2012-09-12 15:13:36 Kermit

相關問題

 相關問題