Method POST not working with datetime-local fields

Question

I am trying to get two datetime-local fields from a HTML form and insert them in a SQL database and they're not getting inserted. user-stardate and user-enddate are the datetime-local fields, and I cannot get neither user-totalhours which is the difference between enddate - startdate.

<form role="form" action="sendFdata.php" method="POST">
  <div class="row">
    <input type="text" name="username">
    <input type="text" name="user-role">            
  </div>
  <div class="row">
    <input type="text" name="user-pm">  
    <select name="user-project">
      <option>Text1</option>    
      <option>Text2</option>
      <option>Text3</option>                        
    </select>
  </div>
  <div class="row">
    <input type="text" name="user-agroup">
    <input type="text" name="user-task">
  </div>
  <div class="row">
   <input type="datetime-local" name="user-startdate">
   <input id="end-time" type="datetime-local" name="user-enddate">
   <input type="text" name="user-totalhours" placeholder="Total Hours">             
  </div>
  <div class="rule"></div>
  <div class="form-footer">
    <button type="submit" name="button-submit">Submit</button>
    <button type="button">Reset</button>
  </div>
</form>

PHP:

<?php
$link = mysqli_connect("localhost","admin","")  or die("failed to connect to 
server !!");
mysqli_select_db($link,"test");

$username=$_POST['username'];
$userRole=$_POST['user-role'];
$userPM=$_POST['user-pm'];
$userProject=$_POST['user-project'];
$useraGroup=$_POST['user-agroup'];
$userTask=$_POST['user-task'];
$userStartDate=$POST['user-startdate'];
$userEndDate=$POST['user-enddate'];
$userTotalHours=$POST['user-totalhours'];

$insqDbtb="INSERT INTO `test`.`persons`
(`UserName`, `Role`, `PM`, `Product`, `ActivityGroup`, `Task`, `StartDate`, 
`EndDate`, `TotalHours`) VALUES ('$username', '$userRole', '$userPM', 
'$userProject', '$useraGroup', '$userTask', '$userStartDate', '$userEndDate', 
'$userTotalHours')";
mysqli_query($link,$insqDbtb) or die(mysqli_error($link));

?>

score 1 · Answer 1 · answered Sep 24 '17 at 14:10

1

You have $POST['user-startdate'], where it should be $_POST['user-startdate'].

But aside from that, you should definitly use prepared statements to make sql queries. How can I prevent SQL injection in PHP?

answered Sep 24 '17 at 14:10

Fabian N.

1,221
10
18

score 0 · Answer 2 · answered Sep 24 '17 at 13:44

0

First datetime-local is not a correct HTML attribute for type, you should use date or time.

see it there : https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input

Then your mysql statements are a security risk since you are not using prepared statement. You should look into it.

Finally, you should debug de the request before sending it to your database.

answered Sep 24 '17 at 13:44

hyptos

160
1
3
10

`datetime-local` is a type for input in HTML5. Even your link says that... – Fabian N. Sep 24 '17 at 14:04
oh well I knew about date and time but not datetime TIL. I think you have the correct answer with the $POST. – hyptos Sep 24 '17 at 15:57

score 0 · Answer 3 · answered Sep 24 '17 at 13:56

The attribute for the elements type "datetime-local" does not create data to be read and inputed. Especially if viewed with Firefox or IE12 (and earlier). It is an input the user on the page must enter a date and time into.

Assuming you are utilizing the input correctly. What data type is your column in your database? It must be able to handle '0000-00-00 00:00:00' as that is the restricted input that must be stored.

Method POST not working with datetime-local fields

3 Answers3