0
SELECT * FROM attendance 
WHERE grade = '4' 
and date = 2022-10-25

this is the query when I use date in it, it does not work.

The date I am getting is with php function in php

sql query in php look like this

SELECT * 
FROM attendance 
WHERE grade = '".$_POST['grade'][1]."' 
and date = $date`

but if I also hard code date in the query it does not give any result but if I remove the date query works fine. the date type in database is date

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Fahaad Munir
  • 11
  • 4
  • Can you please tell what value you are getting from php in tha form of $date ?? – Umesh Sulakude Oct 25 '22 at 07:46
  • Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should always use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! This will also remove the unescaped character issue like a `'` in a text string. – RiggsFolly Oct 25 '22 at 07:46
  • Thats a really insecure way to write a query, but your problem is that a date needs to be wrapped in quotes as in `date = '$date'` – RiggsFolly Oct 25 '22 at 07:48
  • thank you so much for your suggestion friends but this project only run on local network but i will keep in mind next time – Fahaad Munir Oct 25 '22 at 08:04
  • Without quotes, it is evaluated as an arithmetic expression. `2022-10-25` is `1987`. – Paul Spiegel Oct 25 '22 at 08:06
  • paul speiegel noted – Fahaad Munir Oct 25 '22 at 08:07
  • thanks everyone actually i am new to php thats why i dont know much – Fahaad Munir Oct 25 '22 at 08:07

0 Answers0