1

Apologies for the exceptionally vague title, I'm not sure of the exact terminology to use here.

I've written some PHP to store a variable for the current year and then another variable to store the current year minus 4 (four years ago). As a note I do want it to be the whole year, hence appending 1 Jan.

// Get current date
$date = date_create('now');

// Store two digit version of current year
$yearnow = date_format($date, 'y') . "-01-01";

// Reduce the year count by two
$yearminusfour = $yearnow - 4 . "-01-01";

No problems there, although maybe there's a more efficient way to do this. However, I'm then using this to dynamically grab posts from the last four years in WordPress.

This line of code that's responsible for returning the right posts works fine when static:

$where .= " AND post_date >= '2010-01-01' AND post_date < '2014-01-01'";

What I'm struggling with is combining the two to make it dynamic. I've tried:

$where .= " AND post_date >= $yearnow AND post_date < $yearminusfour";
$where .= " AND post_date >= '.$yearnow.' AND post_date < '.$yearminusfour.'";
$where .= " AND post_date >= '".$twentyten."' AND post_date < '".$yearminusfour."'";

I'm stuck and I'm sure I'm being slow.

Kieranmv95
  • 828
  • 4
  • 14
  • 31
lotech
  • 65
  • 1
  • 2
  • 9
  • 1
    You put concatenation dots there: `'.` but didn't stopped the string with: `"` (e.g. `'".`) – Rizier123 Jan 07 '15 at 15:23
  • The 3rd is good syntactically (the $twenteen should be $yearnow isn't it?). The first 2 one is bad. Dates need to wrapped by single quote, in 2nd the dots `.` are unnecessary. – vaso123 Jan 07 '15 at 15:24
  • 1
    Or you know, you could just read up on PDO and parameter binding. – mario Jan 07 '15 at 15:25

7 Answers7

1
$where .= " AND post_date >= '$yearnow' AND post_date < '$yearminusfour'";

That is the correct version. You don't need those periods in there.

But, as you know yourself. That's an unnecessarily complicated computation of dates which results in incorrect values. You can for example get first date of this year by using

echo date("Y-m-d",strtotime("1st January this year"));  // 2015-01-01

How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Hanky Panky
  • 46,730
  • 8
  • 72
  • 95
1
$where .= " AND post_date >= '".$twentyten."' AND post_date < '".$yearminusfour."'";

This will work but you have to reverse comparisons :)

$where .= " AND post_date <= '".$twentyten."' AND post_date >= '".$yearminusfour."'";

Also, you should use prepared statements. It's recommended when you are using user input.

Elon Than
  • 9,603
  • 4
  • 27
  • 37
  • 1
    Revert: Change back to a previous version. Reverse: Switch order. I think reverse is correct since OP didn't have a different order to begin with :P – Tim Lewis Jan 07 '15 at 15:31
  • Oh, lesson for me: don't trust google translate, always check in dictionary.. ;) – Elon Than Jan 07 '15 at 15:36
0

I think the range you are searching for is not feasable. According to the code you have posted, it searches for posts >= the current year and less than the date 4 years ago. So you need to change the comparisons.

$where .= " AND post_date <= '".$twentyten."' AND post_date > '".$yearminusfour."'";
bluefog
  • 1,894
  • 24
  • 28
0

$yearnow is something like 2015-01-01. Then what would $yearnow-4 be?
Anyway, you can use the DateTime class (of which you already used the alias date_create) to perform the necessary manipulations: 

<?php
$date = new DateTime('first day of January');


$clause = sprintf('WHERE x BETWEEN %s AND %s',
    $date->format('Y-m-d'),
    $date->modify('- 4 year')->format('Y-m-d')
);

echo $clause;

prints (this year)

WHERE x BETWEEN 2015-01-01 AND 2011-01-01
VolkerK
  • 95,432
  • 20
  • 163
  • 226
  • why not SQL functions like DATE_SUB – Royal Bg Jan 07 '15 at 15:48
  • Ah, you're absolutely right, I changed some of my code around and now it doesn't make any sense. I previously had each variable as just the year before appending -01-01 and then added the day and month on later. Tried to simplify but obviously messed up! I'll give you're answer a go. – lotech Jan 07 '15 at 15:55
  • Royal Bg, because wordpress doesn't _have to_ be used with MySQL, and the impact isn't big enough for me to deviate even more from the actual question ;-) – VolkerK Jan 07 '15 at 16:07
0

I'd recommend to use BETWEEN condition of mysql (I assume you use mysql) and date subtraction.

That will look like this: 

$where .= " AND post_date BETWEEN '$yearnow' AND '$yearnow' - INTERVAL 4 YEAR";
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
lexabug
  • 191
  • 1
  • 3
0

How about?

$yearStart = date('Y-m-d', strtotime('Jan 01'));
$yearEnd = date('Y-m-d',strtotime("$yearStart -4 year")); 

$where .=  "AND (date_field BETWEEN '".$yearStart."' AND '".$yearEnd."')";
raidenace
  • 12,789
  • 1
  • 32
  • 35
  • This doesn't seem to be working for me although I'm now wondering if my issue runs deeper? However, my original code works fine if I use static dates ie: $where .= " AND post_date >= '2010-01-01' AND post_date < '2014-01-01'"; – lotech Jan 07 '15 at 16:01
0

1) To get your dates try:

$currentdate = date('Y-m-d',time());
$yearminus4 = date('Y-m-d',strtotime("-4 years", time()));

2) I think you have your select criteria backwards in your sql statement

$where = " AND post_date >= '" . $yearminus4 . "'  
           AND post_date <= '" . $currentdate . "'";
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
trogers1884
  • 172
  • 8