Saving Date in MySQL? (PHP)

Question

Im am learning / Training MySQL , PHP I`m beginner at PHP So i was trying to make a CRUD, so i was trying to save Date in database . so i used input type "DATE" in form. but id didn't worked quite well it just doesn't insert date just saves it as 0000-00-00 (MySQL datatype DATE) In form:

    <input type="date" name="release">

And here.

if (isset($_GET['submit'])) {
 $ename= $_GET['name'];
 $edate= $_GET['release'];
 $eseas= $_GET['season'];

 $insert= "INSERT into episodes (name, date, season) values($ename,$edate,$eseas) ";

I am just learning PHP, if there is a better way to do that please recommend me Thanks in advance :-)

Answer 1

Bug #1: You are vulnerable to sql injection attacks. Go to this link and read and UNDERSTAND the problem before you go any farther

Bug #2: You haven't quoted your values, so your PHP

$sql = "INSERT ... VALUES(...,$edate,...)"

is going to produce this SQL:

INSERT ... VALUES (...,2015-08-20,...)

Since you have no quotes around your date value, it's not really a date. It's a mathematical subtraction, and you're really doing 2015-8-20 => 1987, and the query is extecuted as

INSERT ... VALUES (...,1987,...)

Since 1987 isn't a valid date string (mysql expects yyyy-mm-dd), you get the all-zeroes date in your db.

Ignoring the injection problem, you need:

$insert= "INSERT into episodes (name, date, season) values($ename,'$edate',$eseas) ";
                                                                  ^------^

And similarly for any other field value that isn't a plain number. If you don't quote strings, the strings are interpreted as field/table names, which probably don't exist.