我有mysql表的search.php。 但是当我按日期搜索我得到这样mysql表按日期搜索
---request "Could not execute SQL query" SELECT * from pricelist WHERE date = '2017-08-07' AND
---
错误我想它,因为日期格式,但我不能排序了这一点?
输入日期格式为dd.mm.yyyy 但MySQL的日期格式YYYY.MM.DD
<?php
error_reporting(0);
include("config2.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>MySQL table search</title>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js"></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js"></script>
<link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" rel="stylesheet" type="text/css"/>
<style>
BODY, TD {
font-family:Arial, Helvetica, sans-serif;
font-size:12px;
}
</style>
</head>
<body>
<form id="form1" name="form1" method="post" action="search.php">
<label for="date">date</label>
<input name="date" type="date" id="date" size="10" value="<?php echo $_REQUEST["date"]; ?>" />
<label>Name or definition:</label>
<input type="text" name="string" id="string" value="<?php echo stripcslashes($_REQUEST["string"]); ?>" />
<label>customername</label>
<select name="customername">
<option value="">--</option>
<?php
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." GROUP BY customername ORDER BY customername";
$sql_result = mysql_query ($sql, $connection) or die ('request "Could not execute SQL query" '.$sql);
while ($row = mysql_fetch_assoc($sql_result)) {
echo "<option value='".$row["customername"]."'".($row["customername"]==$_REQUEST["customername"] ? " selected" : "").">".$row["customername"]."</option>";
}
?>
</select>
<input type="submit" name="button" id="button" value="Filter" />
</label>
<a href="search.php">
reset</a>
</form>
<br /><br />
<table width="700" border="1" cellspacing="0" cellpadding="4">
<tr>
<td width="90" bgcolor="#CCCCCC"><strong>customername</strong></td>
<td width="95" bgcolor="#CCCCCC"><strong>definition</strong></td>
<td width="159" bgcolor="#CCCCCC"><strong>kgprice</strong></td>
<td width="191" bgcolor="#CCCCCC"><strong>mtprice</strong></td>
<td width="113" bgcolor="#CCCCCC"><strong>date</strong></td>
</tr>
<?php
if ($_REQUEST["string"]<>'') {
$search_string = " AND (customername LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR definition LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%')";
}
if ($_REQUEST["customername"]<>'') {
$search_customername = " AND customername='".mysql_real_escape_string($_REQUEST["customername"])."'";
}
if ($_REQUEST["date"]<>'') {
$sql = "SELECT * from ".$SETTINGS["data_table"]." WHERE date = '".mysql_real_escape_string($_REQUEST["date"])."' AND ".$search_string.$search_customername;
} else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE id>0".$search_string.$search_customername;
}
$sql_result = mysql_query ($sql, $connection) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
?>
<tr>
<td><?php echo $row["customername"]; ?></td>
<td><?php echo $row["definition"]; ?></td>
<td><?php echo $row["kgprice"]; ?></td>
<td><?php echo $row["mtprice"]; ?></td>
<td><?php echo $row["date"]; ?></td>
</tr>
<?php
}
} else {
?>
<tr><td colspan="5">No results found.</td>
<?php
}
?>
</table>
</body>
</html>
'。$ search_string。$ search_customername'的值是否为空? –
'mysql_ *'api被弃用尝试使用'mysqli_ *' – JYoThI
**停止**使用不推荐使用的'mysql_ *'API使用'mysqli_ *'或'PDO'。了解准备好的语句以防止SQL注入 – Jens