1

I am trying to figure it out and and I'm stuck at a stand still. I am creating a portal in which phone numbers are stored inside of a table called: fusionnationweb_callrecordings . The table stores an ai, recordingdate, recordingid, caller, receiver, time, and duration. I am trying to create a searchable PHP form in which you enter a phone number in (which is stored in caller and receiver) and you enter a start date and end date. The form will then display a table that shows all entrys for the specified phone number between the start and end date. This is what I have so far; please help!

    <form action="" method="post">  
    Phone Number: <input type="text" name="phonenumber" /><br />
    Start Date: <input type="text" name="startdate" /><br />
    End Date: <input type="text" name="enddate" /><br />                    

    <input type="submit" value="Submit" />  
    </form>  
    <?php 
    if (!empty($_REQUEST['term'])) {

    $term = mysql_real_escape_string($_REQUEST['term']);     

    $sql = "SELECT * FROM fusionnationweb_callrecordings WHERE `recordingdate` BETWEEN '%".$startdate."%' AND '%".$enddate."%'"; 
    $r_query = mysql_query($sql); 

            while ($row = mysql_fetch_array($r_query)){  
    echo 'Table ID: ' .$row['tableid'];  
    echo '<br /> Recording Date: ' .$row['recordingdate'];  
    echo '<br /> Recording ID: '.$row['recordingid'];  
    echo '<br /> Caller: '.$row['caller'];  
    echo '<br /> Receiver: '.$row['receiver'];
    echo '<br /> Time of Call: '.$row['time'];  
    echo '<br /> Call Duration: '.$row['callduration']; 
    }  

    }
    ?>
Cory Funniest Goodwin
  • 21
  • 5
  • 1
    `%` is used in `LIKE` queries / is a wildcard for when searching data. Searching for a date of `%2016-03-01%` is different than searching for a date of `2016-03-01` in MySQL. – skrilled Mar 30 '16 at 23:37
  • Also before everyone else bombards you, `mysql_*` functions are deprecated and removed as of PHP7. Also your query is injectable and could lead to a compromise of your database and/or software. You should use mysqli or PDO, and/or [sanitize your input](http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php). – skrilled Mar 30 '16 at 23:38
  • You've also got an extra double quote near you `AND` – Qirel Mar 30 '16 at 23:44
  • @ Skrilled: This wont be used for the public; this is being used as an internal website. No one from the outside will be having access. – Cory Funniest Goodwin Mar 30 '16 at 23:51
  • @ Qirel: I fixed that thank you. – Cory Funniest Goodwin Mar 30 '16 at 23:52

0 Answers0