1. 首页
  2. 问答
  3. PHP不显示来自MYSQL时间戳的结果搜索

PHP不显示来自MYSQL时间戳的结果搜索

2012-09-12 70 views
0

以下是我从MYSQL数据库中搜索日期范围的代码。 我可以搜索日期,它会显示表格标题(Product Desc,New或Own和Date),但它不显示数据库中的任何结果?PHP不显示来自MYSQL时间戳的结果搜索

任何想法,我需要如何编辑我的代码,以便它显示所选日期范围的结果?

<?php 
if(!isset($_POST['find'])) 
{ 
?> 
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF'];?>"> 
<table width = "450" align = "center"> 
    <tr> 
    <td><b><i>Please enter date in the field below (i.e. 11-09-2012)</i></b></td> 
</tr> 
<tr> 
    <td> 
    From&nbsp;:&nbsp; 
    <input type = "text" name = "small"> 
    To&nbsp;:&nbsp; 
    <input type = "text" name = "large"></td> 
</tr> 
<tr> 
    <td align = "center"> 
     <input type = "submit" name = "find" value = "SEARCH"> 
     <input type = "reset" value = "CLEAR FORM"> 
     </td> 
    </tr> 
</table> 
</form> 
<?php 
} 
else 
{ 
$small = trim($_POST['small']); 
$large = trim($_POST['large']); 

$connection = mysql_pconnect("localhost", "user_name", "password") or die("Connection failed. ".myslq_error()); 
mysql_select_db("stock") or die("Unable to select db. ".mysql_error()); 
//Add 1 to the upper range, $large, else it won't make it inclusive 
$query = "SELECT * FROM main_stock WHERE curr_timestamp BETWEEN DATE_FORMAT(curr_timestamp,'%".$small."') AND DATE_FORMAT(curr_timestamp, '%".($large+1)."') ORDER BY curr_timestamp"; 
$result = mysql_query($query) or die(mysql_error()); 

echo "<table width = '500' align = 'center'>"; 
echo "<tr><b>"; 
    echo "<td>Product Description</td>"; 
    echo "<td>New or Own?</td>"; 
    echo "<td>Date</td>"; 
echo "</b></tr>"; 
while($record = mysql_fetch_object($result)) 
{ 
    echo "<tr>"; 
     echo "<td>".$record->product_desc."</td>"; 
     echo "<td>".$record->newown."</td>"; 
     $year_part_of_date = explode('-', $record->curr_timestamp); 
    echo "<td>".$year_part_of_date[0]."</td>"; 
     //if you want the full date replace the $year_part_of_date[0] with $record->date 
    echo "</tr>"; 
} 
echo "</table>"; 

} 

?>

来源

2012-09-12 Sarah HSL

+0

你检查,查询您产生的作品,那你得到的结果回来? – andrewsi

+2

直接在数据库上运行查询会发生什么?您使用$ small和$ large值来设置日期字符串的格式似乎没有任何意义。 –

+1

您尚未转义您的受用户干扰的变量,因此您可能在此脚本中存在SQL注入漏洞。 – halfer

回答

0

我猜你的查询是无效的。

假设curr_timestamp是格式为YYYY-MM-DD HH:MM:SS格式的MySQL日期时间字段,您需要将输入更改为此格式以便于比较。如果您可以详细说明$small$large的格式,那将会有所帮助。

你可能想查询要在这种格式

SELECT * FROM main_stock 
WHERE curr_timestamp BETWEEN '$small_formatted' AND '$large_formatted' 
ORDER BY curr_timestamp ASC

$small_formatted$large_formatted的格式正确使用的东西几次都是date('Y-m-d H:i:s', $input_timestamp)

来源

2012-09-12 15:06:02

0
  1. 切换你的逻辑顺序。你不想让你的流程成为else
  2. 看起来好像你在结合程序和对象样式。选一个。
  3. 您应该避免选择全部(SELECT *)。始终指定一个列列表。
  4. 日期格式不正确。您应该格式化输入日期以匹配数据库格式(YYYY-MM-DD)。我假设curr_timestampYYYY-MM-DD
  5. 您需要停止使用mysql_函数,因为它们是deprecated
  6. 使用预准备语句来防止SQL注入。

我没有测试过这一点,但这个解决我上面列出的问题:

<?php 
if(isset($_POST['find'])) 
{ 
    $link = mysqli_connect("localhost", "user_name", "password", "stock"); 

    if (mysqli_connect_error()) { 
    die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); 
    } 

    $stmt = mysqli_prepare($link, 'SELECT * FROM main_stock WHERE curr_timestamp ' . 
    "BETWEEN DATE_FORMAT(?, '%m-%d-%Y') " . 
    "AND DATE_FORMAT(?, '%m-%d-%Y') ORDER BY curr_timestamp"); 

    mysqli_bind_param($stmt, 'ss', $_POST['small'], $_POST['large']) or die(mysqli_error($dbh)); 

    $result = mysqli_stmt_execute($stmt) or die(mysqli_error($link)); 

    echo "<table width = '500' align = 'center'>"; 
    echo "<tr><b>"; 
    echo "<td>Product Description</td>"; 
    echo "<td>New or Own?</td>"; 
    echo "<td>Date</td>"; 
    echo "</b></tr>"; 

    while($record = mysqli_fetch_assoc($result)) { 
    echo "<tr>"; 
    echo "<td>" . $record[product_desc] . "</td>"; 
    echo "<td>" . $record[newown] . "</td>"; 

     $year_part_of_date = explode('-', $record[curr_timestamp]); 

    echo "<td>".$year_part_of_date[0]."</td>"; 

     //if you want the full date replace the $year_part_of_date[0] with $record->date 
    echo "</tr>"; 
    } 

    echo "</table>"; 

    mysqli_close($link); 
} 
else 
{ 
?> 
<form method = "post" action = "<?php echo $_SERVER['PHP_SELF'];?>"> 
<table width = "450" align = "center"> 
    <tr> 
    <td><b><i>Please enter date in the field below (i.e. 11-09-2012)</i></b></td> 
</tr> 
<tr> 
    <td> 
    From&nbsp;:&nbsp; 
    <input type = "text" name = "small"> 
    To&nbsp;:&nbsp; 
    <input type = "text" name = "large"></td> 
</tr> 
<tr> 
    <td align = "center"> 
     <input type = "submit" name = "find" value = "SEARCH"> 
     <input type = "reset" value = "CLEAR FORM"> 
     </td> 
    </tr> 
</table> 
</form> 
<?php 
} 

?>

来源

2012-09-12 15:13:36 Kermit

相关问题

 相关问题