How should I filter date in MySQL

Question

I have to filter some row by date from one web page to another :

This is the first page

<?php while($row = mysql_fetch_array($result)){ ?>      
    <tr>
        <td><a href="meeting_view.php?meet=<?php echo $row[2];?>" target = '_blank' ><?php echo date("d-m-Y", strtotime($row[2]));?></a>
</td><?php}?>

This is meeting_view.php

$meet = $_GET['meet'];
$result = mysql_query("SELECT * FROM meeting WHERE meeting_date=$meet");

It's not working, what's wrong in my script ?

here $meet will be a string so you must need to take in single or double quotes with the select query — Krishna Gupta, Dec 02 '15 at 08:14

score 2 · Accepted Answer · answered Dec 02 '15 at 08:08

2

Change

$result = mysql_query("SELECT * FROM meeting WHERE meeting_date=$meet");

To

$result = mysql_query("SELECT * FROM meeting WHERE meeting_date='$meet'");

answered Dec 02 '15 at 08:08

William Madede

727
4
8

Always a pleasure mate...For future ref, please start learning more about mysqli and pdo to be safe when coming to database vulnerabilities...done – William Madede Dec 02 '15 at 08:24

score 2 · Answer 2 · edited May 23 '17 at 11:59

2

Although William's answer is correct and will help you fix your immediate issue I would like to mention a couple more problems I notice:

You should avoid using the mysql extension because it's been deprecated since PHP 5.5 see here
Your code is currently vulnerable to SQL Injection. Please take a look here to check out how you can protect your database.

Cheers

edited May 23 '17 at 11:59

Community

1
1

answered Dec 02 '15 at 08:19

mrun

744
6
19
24

Shahzad Barkati · Answer 3 · 2015-12-02T08:16:58.067

1

Just make some change as below:

<td> <a href="meeting_view.php?meet='<?php echo $row[2];?>'"   // add quotes
        target = '_blank' >
        <?php echo date("d-m-Y", strtotime($row[2]));?>
     </a>
</td>

Also change :

$result = mysql_query("SELECT * FROM meeting WHERE meeting_date='".$meet."')";

edited Dec 02 '15 at 08:16

answered Dec 02 '15 at 08:10

Shahzad Barkati

2,532
6
25
33

1

`?meet='"' // add quotes` The final quotes are in the wrong order... and not necessary! – Hasse Björk Dec 02 '15 at 08:16

Hasse Björk · Answer 4 · 2015-12-02T08:40:47.440

You might have two meetings at the same time. To select the correct one, you should use id's instead of the time.
To make the script faster and easier, let MySQL do the date conversion.
Using associative arrays makes the script easier to debug and read!
Another important view is to use Mysqli insted of Mysql! It is just as simple, but works in future updates of PHP.
Make sure the input is what you want. Convert the sent id to an integer with intval( $_REQUEST['id'] ). Otherwise someone might insert this id through an url: "0; DROP TABLE meeting;" which would select row with id 0 and delete the whole table. This is called SQL-injection as mrun said in his answer!

I would rewrite everything like this:

// $sql = 'SELECT *, DATE_FORMAT("%d-%m-%Y", meeting_date) AS date FROM meeting';
<?php while($row = mysqli_fetch_assoc($result)){ ?>      
    <tr>
        <td><a href="meeting_view.php?id=<?= $row['id'] ?>" 
               target='_blank' ><?= $row['date'] ?></a>
</td><?php}?>

And:

$result = mysqli_query('SELECT * FROM meeting WHERE id=' 
        . intval( $_REQUEST['id'] ) );

How should I filter date in MySQL

4 Answers4