0

I am working on something to manage my finances with a Database and with PHP. From my homepage I want to select a month and make it execute a query so only the records in the database from this month are displayed.

Now I have this:

if (isset($_GET['january2013'])) 
{
//Select the incomes
try
    {
        $sql = 'SELECT id, type, date, amount, description, category FROM `transactions`
        WHERE type = "income"
        AND month(date) = ' . $monthselect . '
        ORDER BY `transactions`.`id` DESC
        LIMIT 0,50';
        $result2 = $pdo->query($sql);
    }
//Error handling.
catch (PDOException $e)
    {
        $output3 = 'Error fetching records: ' . $e->getMessage();
        include '/errors/output.html.php';
        exit();
    }
//Display the records.
foreach ($result2 as $row)
    {
    $incomesJan2013[] = array(
            'id' => $row['id'],
            'type' => $row['type'],
            'date' => $row['date'],
            'amount' => $row['amount'],
            'description' => $row['description'],
            'category' => $row['category']
        );
    }

Instead of making this code for every month, how can I make this more universal? I want to use the $monthselect variable, but I have no idea where to start.

SunSparc
  • 1,812
  • 2
  • 23
  • 47
user2502755
  • 33
  • 1
  • 5
  • How do you select the month? Do you use the html ` – Mackie Jun 20 '13 at 18:37
  • but then i'd still have to make multiple code right? i actually use a list, with a href, for example href="?january2013" – user2502755 Jun 20 '13 at 18:39
  • what happens when you get 2+ years' worth of records in there? you'd get Jan 2013, Jan 2013, Jan 2014, etc... might want to slap in a year check as well. – Marc B Jun 20 '13 at 18:39
  • You are right, but it only complicates the matter more. how can i sent those 2 variables in a link? – user2502755 Jun 20 '13 at 18:41
  • 1
    I don't get it. If you use the select-element and choose a month and put this chosen month in a variable, why is it still not variable? I miss the problem here... – Mackie Jun 20 '13 at 18:48
  • Noticed, you are only using PDO partially, your queries are still open to SQL injection.Here is a good example of PDO or mysqli http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php?rq=1 – pal4life Jun 20 '13 at 19:59

2 Answers2

0

If I understand your question correctly, I think this is what you want to do:

if (isset($_GET['date'])) {
    $monthselect = $_GET['date']
}

You'll need to send your $_GET parameter over as ?date=youDateHere

Then $monthselect will equal whatever date is set to.

Paul Dessert
  • 6,363
  • 8
  • 47
  • 74
  • And you can do it similarly for post as well, incase you do not want to send the URL as a parameter. Just substitue POST instead of GET and pass the month date via forms – pal4life Jun 20 '13 at 20:05
0

On your webpage, have something like 

<form action="where_you_handle_your_requests.php" method="POST">
    <select name="mo">
      <option value="january">January</option>
      <option value="february">February</option>
      <option value="march">March</option>
    </select> 
    <select name="yr">
      <option value="2010">2010</option>
      <option value="2011">2011</option>
    </select>
</form>

and so forth. You could save time and write a script to generate the HTML for you.

Next, on your php script, do 

if(isset($_POST['yr']) && isset($_POST['mo'])){
    $monthselect=$_POST['mo'].$_POST['yr'];
}else{
    //no input passed to script
}

If the user chose January 2013, monthselect would be set to january2013

wonton
  • 7,568
  • 9
  • 56
  • 93