需要有关涉及日期范围的 MySQL/PHP 查询的帮助

发布于 2024-08-06 06:34:00 字数 914 浏览 6 评论 0原文

本质上,我需要从 dbase 表中检索一些帐户信息,其中它们有一个已通过 GET 传递的客户端的客户端,并且帐户放置日期 (dateplaced) 位于再次通过 GET 从日历字段传递的开始日期和结束日期之间。

下面的查询不返回任何行。我已经验证查询的 SELECT 和 FROM 部分按预期工作,并且客户端从 GET 选择工作正常,因此留下了日期问题。 “dateplaced”以“dd/mm/yyyy”格式作为 varchar 存储在数据库中。经过研究,我发现 mysql 需要“yyyy-mm-dd”格式的日期。我已经将 GET 数据之间的比较的两个部分拼凑在一起,并且相当确定它们的格式正确。我尝试简单地使用“dateplaced”而不是 str_to_date() 并且它不起作用,所以我尝试了 str_to_date() 如下所示,但它仍然不起作用。

有人能在这里发现我的问题吗?这让我抓狂。

$query = mysql_query("SELECT accountnumber, firstname, middlename, lastname, currentbalance FROM dbase WHERE clientname = '" . $_GET['client'] . "' AND str_to_date(dateplaced, '%Y-%m-%d') BETWEEN '" . $_GET['calendar_start_year'] . "-" . $_GET['calendar_start_month'] . "-" . $_GET['calendar_start_day'] . "' AND '" . $_GET['calendar_end_year'] . "-" . $_GET['calendar_end_month'] . "-" . $_GET['calendar_end_day'] . "' ORDER BY lastname") or die(mysql_error());

Essentially I need to retrieve some account information from the dbase table where they have a client of the client that has been passed via GET, and the account placement date (dateplaced) is between the start and end dates passed from calendar fields again via GET.

The query below returns no rows. I have verified that the SELECT and FROM portions of the query work as intended, and the client select from GET works fine, so that leaves the date issues. "dateplaced" is stored in the database as a varchar in "dd/mm/yyyy" format. Upon researching I've found that mysql wants dates in "yyyy-mm-dd" format. I have pieced together the two parts of the between comparison from GET data, and am fairly certain they are formatted correctly. I tried just plainly using "dateplaced" instead of str_to_date() and it didn't work, so I tried str_to_date() as shown below, but it still doesn't work.

Can anyone spot my problem here? This is driving me nuts.

$query = mysql_query("SELECT accountnumber, firstname, middlename, lastname, currentbalance FROM dbase WHERE clientname = '" . $_GET['client'] . "' AND str_to_date(dateplaced, '%Y-%m-%d') BETWEEN '" . $_GET['calendar_start_year'] . "-" . $_GET['calendar_start_month'] . "-" . $_GET['calendar_start_day'] . "' AND '" . $_GET['calendar_end_year'] . "-" . $_GET['calendar_end_month'] . "-" . $_GET['calendar_end_day'] . "' ORDER BY lastname") or die(mysql_error());

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

淡水深流 2024-08-13 06:34:00

str_to_date () 采用现有字符串的格式,而不是所需的字符串。所以你需要
str_to_date(dateplaced, '%d/%m/%Y') 获取 Ymd。

在查询之外创建日期。调试起来更容易。

$clean_name=mysqli_real_escape_string($_GET['client']);
$start_date=date_create("{$_GET['calendar_start_year']}-{$_GET['calendar_start_month']}-{$_GET['calendar_start_day']}")->format('Y-m-d');
$end_date=date_create("{$_GET['calendar_end_year']}-{$_GET['calendar_end_month']}-{$_GET['calendar_end_day']}")->format('Y-m-d');

$q="SELECT accountnumber, firstname, middlename, lastname, currentbalance 
FROM dbase 
WHERE clientname = '{$clean_name}' 
  AND str_to_date(dateplaced, '%d/%m/%Y') BETWEEN '$start_date' AND '$end_date' 
ORDER BY lastname;

PS,清理所有变量。可能存在引号或其他需要转义的字符(或邪恶的黑客尝试)。 mysqli_real_escape_string() 是您应该使用的。

str_to_date() takes the format of the existing string, not the desired string. So you need
str_to_date(dateplaced, '%d/%m/%Y') to get Y-m-d.

Do your date creation outside the query. It's easier to debug.

$clean_name=mysqli_real_escape_string($_GET['client']);
$start_date=date_create("{$_GET['calendar_start_year']}-{$_GET['calendar_start_month']}-{$_GET['calendar_start_day']}")->format('Y-m-d');
$end_date=date_create("{$_GET['calendar_end_year']}-{$_GET['calendar_end_month']}-{$_GET['calendar_end_day']}")->format('Y-m-d');

$q="SELECT accountnumber, firstname, middlename, lastname, currentbalance 
FROM dbase 
WHERE clientname = '{$clean_name}' 
  AND str_to_date(dateplaced, '%d/%m/%Y') BETWEEN '$start_date' AND '$end_date' 
ORDER BY lastname;

PS, clean all your variables. There may be quote marks or other characters that need to be escaped (or evil hacker attempts). mysqli_real_escape_string() is what you should use.

沫雨熙 2024-08-13 06:34:00

首先,在将用户变量插入查询之前,您没有转义用户变量,从而使自己对 SQL 注入敞开了大门(请参阅 mysql_real_escape_string)。

您的查询不起作用的原因是因为 STR_TO_DATE 的第二个参数需要源字符串的格式,而不是您尝试转换为的格式。

// extract variables
$client = $_GET['client'];

$startYear = $_GET['calendar_start_year'];
$startMonth = $_GET['calendar_start_month'];
$startDay = $_GET['calendar_start_day'];

$endYear = $_GET['calendar_end_year'];
$endMonth = $_GET['calendar_end_month'];
$endDay = $_GET['calendar_end_day'] ;

// parse variables
$startDate = mktime(0, 0, 0, $startMonth, $startDay, $startYear);
$endDate = mktime(0, 0, 0, $endMonth, $endDay, $endYear);

// query database
$sql = sprintf(
   "SELECT accountnumber,
           firstname,
           middlename,
           lastname,
           currentbalance
    FROM dbase
    WHERE clientname = '%s'
    AND STR_TO_DATE(dateplaced, '%d/%m/%Y') BETWEEN '%s' AND '%s'
    ORDER BY lastname",
    mysql_real_escape_string($client),
    date('Y-m-d', $startDate),
    date('Y-m-d', $endDate));

$result = mysql_query($sql) or die(mysql_error());

First of all, you have left yourself wide-open to SQL injection by not escaping your user variables before inserting them into your query (see mysql_real_escape_string).

The reason your query isn't working is because STR_TO_DATE's second parameter needs the format of your source string, not the format you are trying to convert to.

// extract variables
$client = $_GET['client'];

$startYear = $_GET['calendar_start_year'];
$startMonth = $_GET['calendar_start_month'];
$startDay = $_GET['calendar_start_day'];

$endYear = $_GET['calendar_end_year'];
$endMonth = $_GET['calendar_end_month'];
$endDay = $_GET['calendar_end_day'] ;

// parse variables
$startDate = mktime(0, 0, 0, $startMonth, $startDay, $startYear);
$endDate = mktime(0, 0, 0, $endMonth, $endDay, $endYear);

// query database
$sql = sprintf(
   "SELECT accountnumber,
           firstname,
           middlename,
           lastname,
           currentbalance
    FROM dbase
    WHERE clientname = '%s'
    AND STR_TO_DATE(dateplaced, '%d/%m/%Y') BETWEEN '%s' AND '%s'
    ORDER BY lastname",
    mysql_real_escape_string($client),
    date('Y-m-d', $startDate),
    date('Y-m-d', $endDate));

$result = mysql_query($sql) or die(mysql_error());
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文