0

I have problem selecting some dates, here is html and php code:

 <div id = "date">

    <form action = "selectdate.php" method = "POST">
        From date: <input type = "date" name = "date" required>
        <input type = "date" name = "referer" style = "display: none" value = "<?=$date?>">
        <br />
        <br />
        To date: <input type = "date" name = "date" required>
        <input type = "date" name = "referer" style = "display: none" value = "<?=$date?>">     
        <input type = "submit" name = "submit" value = "get data">
  <br/>
    </form>

and php

    $result = pg_exec("SELECT kv.ph, kv.date FROM public.kv WHERE date BETWEEN
 '" . $_POST['date'] . "' AND  '" . $_POST['date']. "' ORDER BY date");

Result is only one record, and only shows record from last input date. I want to show records between this two dates. One more question, why WHERE operator don't work with text columns? I am using php 5.5. Big thanks in advance.

ejovrh2
  • 59
  • 9

1 Answers1

1

Your problem is in your HTML form you are re-using the name="date".

I'm not sure which field will actually give the value, but one of them will be overwriting the other. so you're essentially saying

select column from table where date between [date] and [same date]

Rename your fields to have unique names within the form (e.g. <input name="date_from"... <input name="date_to"... and use them as $_POST['date_from'] / $_POST['date_to'])

Beyond that, you also really need to look into using paramaterised queries, as it stands your code is incredibly vulnerable to injection attacks.

The PHP Postgres library comes with the handy pg_query_params function to pretty much deal with this for you.

Scoots
  • 3,048
  • 2
  • 21
  • 33