4

here's I have a java string epoch date and i want to compare and add data to SQL it's giving a parse error don't know why any solution..

<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
//Getting values
$number = $_POST['number'];
$type = $_POST['type'];
$date = $_POST['date'];
$content = $_POST['content'];
$start = strtotime("now");
$end = strtotime("-7 days");
while($start->format('U') > $date->format('U') > $end->format('U')){

$sql = "INSERT INTO message_detail (number,type,date,content) VALUES  ('$number','$type','$date','$content')";

//Importing our db connection script
require_once('connect.php');

//Executing query to database
if(mysqli_query($con,$sql)){
echo 'Entry Added Successfully';
}else{
echo 'Could Not Add Entry';
}
}
//Closing the database 
mysqli_close($con);
}
?>
Hiren Gujarati
  • 55
  • 1
  • 10
  • There are a few issues with your code as I see it. Firstly you are including the db connection script in a loop, secondly you are directly embedding variables in the sql thus leaving it open to sql injection attacks. – Professor Abronsius Sep 03 '16 at 09:33

1 Answers1

0

There are few issues with your code, such as:

  • strtotime() function returns an integer timestamp, not a DateTime object, so you can't call format() method like this way.

    $start = strtotime("now");
$start->format('U');
// etc. are wrong

    Instead, create a DateTime object and then call it's format() method, like this:

    $start = new DateTime("now");
$start->format('U');
// etc.

  • Now comes to your issue,

    it's giving a parse error

    That's because of your while condition,

    while($start->format('U') > $date->format('U') > $end->format('U')){ ...
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    May be, you want to do something like this:

    while($start->format('U') < $date->format('U') &&  $date->format('U') > $end->format('U')){

    // your code

}

Sidenotes:

  • There's no point including the connection handler in each iteration of the loop, so take this statement, require_once('connect.php'); outside of your while loop.

  • Learn about prepared statements because right now your query is susceptible to SQL injection. Also see how you can prevent SQL injection in PHP.

Edited:

i want to enter a data of only last 7 days from entry time...

If that's your requirement, then you can do this using either strtotime() function or DateTime class,

(1) Using strtotime() function

// your code

$content = $_POST['content'];
$start = strtotime("-7 days");
$date = strtotime($date);
$end = strtotime("now");

And there's no point using a while loop, a simple if condition will do just fine,

if($start <= $date &&  $end >= $date){

    // your code

}

(2) Using DateTime class

// your code

$content = $_POST['content'];
$start = new DateTime("-7 days");
$date = new DateTime($date);
$end = new DateTime("now");

And there's no point using a while loop, a simple if condition will do just fine,

if($start->format('U') <= $date->format('U') &&  $end->format('U') >= $date->format('U')){

    // your code

}
Community
  • 1
  • 1
Rajdeep Paul
  • 16,887
  • 3
  • 18
  • 37
  • Thanks for your answer Rajdeep but i want to enter a data of only last 7 days from entry time so i have to use strtotime() is there any other method available...?? – Hiren Gujarati Sep 03 '16 at 10:07
  • @HirenGujarati I've edited my answer. Please see the **Edited** section of my answer. – Rajdeep Paul Sep 03 '16 at 10:35
  • hey @rajdeep it's giving error if(mysqli_query($con,$sql)){ at this line called mysqli_query(): Empty query in /home/u336100496/public_html/call_detail/insert.php on line 19
    Could Not Add EntryConnected successfully
     – Hiren Gujarati Sep 03 '16 at 11:22
  • @HirenGujarati Have you constructed the query inside `if` block,like this: `$sql = "INSERT INTO message_detail ...`? I don't think so. – Rajdeep Paul Sep 03 '16 at 20:52