How to use function value in query

Question

I am trying to use time function in one of my query...I have query like below for add custom timezone time in one of my DATETIME field.

$upd_qry = "update tbl_quotes 
                set qu_status='".$_GET['status']."', qu_time= $getDatetimeNow  
                where _quid='".$_GET['quotes_id']."'";
        $result=mysqli_query($mysqli,$upd_qry);

and functions for get time with custom timezone is like below

function getDatetimeNow() {
        $tz_object = new DateTimeZone('Brazil/East');
        //date_default_timezone_set('Brazil/East');

     $datetime = new DateTime();
        $datetime->setTimezone($tz_object);
        return $datetime->format('Y\-m\-d\ h:i:s');
        }

but my query is not working...what is wrong in this ?

Thanks

Add the query to a hidden html element like the call the element with jquery — Schnecke, May 21 '17 at 08:38

score 1 · Accepted Answer · edited May 23 '17 at 12:34

you need to assign you returned function value to another variable :

$getDatetimeNow = getDatetimeNow();

$upd_qry = "update tbl_quotes 
set qu_status='".$_GET['status']."', qu_time=".$getDatetimeNow." 
where _quid='".$_GET['quotes_id']."'";
$result=mysqli_query($mysqli,$upd_qry);

or directly call it - if you know that you don't need to use it's value in another place - like following :

"update tbl_quotes
set qu_status='".$_GET['status']."', qu_time=".getDatetimeNow()." 
where _quid='".$_GET['quotes_id']."'"

Update :

you need badly to use prepared statement because your code is vulnerable to SQL injection attacks :

$getDatetimeNow = getDatetimeNow();
$upd_qry = "update tbl_quotes 
set qu_status=?, qu_time=? 
where _quid=?";
$stmt = mysqli_prepare($mysqli, $upd_qry);
mysqli_stmt_bind_param($stmt, "isi", $_GET['status'], $getDatetimeNow, $_GET['quotes_id']);
$result = mysqli_stmt_execute($stmt);

You are Right...Thanks a lot :) – Richa Sharma May 21 '17 at 08:50 — Richa Sharma, May 21 '17 at 08:50

Mehmet S. · Answer 2 · 2017-05-21T09:31:01.077

0

You can't use functions like variables. Functions use with their arguments.It means they have to use with a variable container like ($variable, $anotherVariable)

This notation is need for all functions include without arguments.

$updateQuery = "UPDATE table_name SET field_name = " . functionName() . " WHERE id='" . (int) $_GET['id'] . "'";

$result = mysqli_query($mysqli, $updateQuery);

edited May 21 '17 at 09:31

answered May 21 '17 at 08:38

Mehmet S.

394
3
18

While this answer may solve the OP's issue, simply posting code-only answers may prove unhelpful to the OP or future users. Please elaborate on your answer and provide a clear explanation as to how it may help the OP achieve the solution they're after. – Geoff James May 21 '17 at 09:01

How to use function value in query

2 Answers2

Update :