需要有关涉及日期范围的 MySQL/PHP 查询的帮助
本质上,我需要从 dbase 表中检索一些帐户信息,其中它们有一个已通过 GET 传递的客户端的客户端,并且帐户放置日期 (dateplaced) 位于再次通过 GET 从日历字段传递的开始日期和结束日期之间。
下面的查询不返回任何行。我已经验证查询的 SELECT 和 FROM 部分按预期工作,并且客户端从 GET 选择工作正常,因此留下了日期问题。 “dateplaced”以“dd/mm/yyyy”格式作为 varchar 存储在数据库中。经过研究,我发现 mysql 需要“yyyy-mm-dd”格式的日期。我已经将 GET 数据之间的比较的两个部分拼凑在一起,并且相当确定它们的格式正确。我尝试简单地使用“dateplaced”而不是 str_to_date() 并且它不起作用,所以我尝试了 str_to_date() 如下所示,但它仍然不起作用。
有人能在这里发现我的问题吗?这让我抓狂。
$query = mysql_query("SELECT accountnumber, firstname, middlename, lastname, currentbalance FROM dbase WHERE clientname = '" . $_GET['client'] . "' AND str_to_date(dateplaced, '%Y-%m-%d') BETWEEN '" . $_GET['calendar_start_year'] . "-" . $_GET['calendar_start_month'] . "-" . $_GET['calendar_start_day'] . "' AND '" . $_GET['calendar_end_year'] . "-" . $_GET['calendar_end_month'] . "-" . $_GET['calendar_end_day'] . "' ORDER BY lastname") or die(mysql_error());
Essentially I need to retrieve some account information from the dbase table where they have a client of the client that has been passed via GET, and the account placement date (dateplaced) is between the start and end dates passed from calendar fields again via GET.
The query below returns no rows. I have verified that the SELECT and FROM portions of the query work as intended, and the client select from GET works fine, so that leaves the date issues. "dateplaced" is stored in the database as a varchar in "dd/mm/yyyy" format. Upon researching I've found that mysql wants dates in "yyyy-mm-dd" format. I have pieced together the two parts of the between comparison from GET data, and am fairly certain they are formatted correctly. I tried just plainly using "dateplaced" instead of str_to_date() and it didn't work, so I tried str_to_date() as shown below, but it still doesn't work.
Can anyone spot my problem here? This is driving me nuts.
$query = mysql_query("SELECT accountnumber, firstname, middlename, lastname, currentbalance FROM dbase WHERE clientname = '" . $_GET['client'] . "' AND str_to_date(dateplaced, '%Y-%m-%d') BETWEEN '" . $_GET['calendar_start_year'] . "-" . $_GET['calendar_start_month'] . "-" . $_GET['calendar_start_day'] . "' AND '" . $_GET['calendar_end_year'] . "-" . $_GET['calendar_end_month'] . "-" . $_GET['calendar_end_day'] . "' ORDER BY lastname") or die(mysql_error());
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
str_to_date ()采用现有字符串的格式,而不是所需的字符串。所以你需要str_to_date(dateplaced, '%d/%m/%Y')获取 Ymd。在查询之外创建日期。调试起来更容易。
PS,清理所有变量。可能存在引号或其他需要转义的字符(或邪恶的黑客尝试)。
mysqli_real_escape_string()是您应该使用的。str_to_date()takes the format of the existing string, not the desired string. So you needstr_to_date(dateplaced, '%d/%m/%Y')to get Y-m-d.Do your date creation outside the query. It's easier to debug.
PS, clean all your variables. There may be quote marks or other characters that need to be escaped (or evil hacker attempts).
mysqli_real_escape_string()is what you should use.首先,在将用户变量插入查询之前,您没有转义用户变量,从而使自己对 SQL 注入敞开了大门(请参阅
mysql_real_escape_string)。您的查询不起作用的原因是因为
STR_TO_DATE的第二个参数需要源字符串的格式,而不是您尝试转换为的格式。First of all, you have left yourself wide-open to SQL injection by not escaping your user variables before inserting them into your query (see
mysql_real_escape_string).The reason your query isn't working is because
STR_TO_DATE's second parameter needs the format of your source string, not the format you are trying to convert to.