How to convert datatime-local input to php variable?

Question

I am trying to convert the input string to a data object of php, to use it on sql, but its not working and I can't find the error, the html is

<div class="form-group ">
    <label class="control-label" for="interno">Fecha Limite</label>
    <input name="fechalimite" type="datetime-local" class="form-control" id="fechalimite">
</div>

The post method on php does this

$fecha = getA(strtotime("fechalimite"));
$datetime = date("Y-m-d H:i:s",$fecha);

If I use echo fecha show the datetime right but the $datetime it is just blank, what I am missing?

getA

function getA($campo)
{
    return(htmlspecialchars(antiinjection($_REQUEST[$campo]), ENT_QUOTES));
}

function getA($campo) { return(htmlspecialchars(antiinjection($_REQUEST[$campo]), ENT_QUOTES)); } — pac, Jul 05 '18 at 19:35
Please provide some more details, "its not working" is not very descriptive. What's the content of `$datetime` afterwards, any error message (With all errors enabled: https://stackoverflow.com/questions/5438060/showing-all-errors-and-warnings/13402590)? — Capricorn, Jul 05 '18 at 19:35

score 0 · Answer 1 · answered Jul 05 '18 at 19:37

You're passing a literal string of "fechalimite" to strtotime() which will return false.

Disregard your getA function and just pass the request variable to strtotime:

$fecha = strtotime($_REQUEST['fechalimite']);

There's absolutely no reason to try to encode HTML entities before passing a value to date(). You should only be encoding entities when generating output.

score 0 · Answer 2 · answered Jul 05 '18 at 19:39

This is wrong, its passing a string to strtotime()

$fecha = getA(strtotime("fechalimite"));

Try

$fecha = strtotime(getA("fechalimite"));

although it looks like you are using getA as an anti SQL Injection mechanism.

It is better to use parameterised bound queries for this

How to convert datatime-local input to php variable?

2 Answers2