drebew5059 2019-04-06 08:35
浏览 182
已采纳

将DATETIME MySQL与DateTime PHP进行比较

I have problems comparing dates between a date created with new dateTime () in php, and a date taken from a DATETIME field of a Mysql table.

With the following code, save a date in a DATETIME field of a MySQL table:

$now = new DateTime();
$update = $mysqli->query('INSERT INTO bonus (idplayer,lastlogin) VALUES ("'.$_GET["idplayer"].'","'.$now.'")');

Then I would like to retrieve the date from the tables and compare it with a date created using the php code:

$resetTime = new DateTime();
date_time_set($resetTime, 12, 00, 00);
$lastLogin = $mysqli->query('SELECT lastlogin FROM bonus WHERE idplayer = "'.$_GET["idgiocatore"].'"');
if ($resetTime < $lastLogin) {
        echo "OK!<br>";
    }

Using this code I can't comparate the dates because I get an error (I can't even do an echo of the date retrieved from the table). Can anyone tell me where I'm wrong and how can I solve the problem?

  • 写回答

1条回答 默认 最新

  • dox90448 2019-04-06 10:50
    关注

    Try this

    $resetTime = (new DateTime)->format('Y-m-d 12:00:00'); //need it as a string
    //$resetTime = date('Y-m-d 12:00:00'); //-- this is fine too
    
    $stmt = $mysqli->parpare('SELECT lastlogin FROM bonus WHERE idplayer = ?');
    $stmt->bind_param("s", .$_GET["idplayer"]);
    $stmt->execute();
    list($lastLogin) = $stmt->get_result()->fetch_array();
    
    if ($resetTime < $lastLogin) {
            echo "OK!<br>";
    }
    

    Basically your comparing the query result set, to your timestamp, instead of the value of the first column of the first row. Consider you code:

    $lastLogin = $mysqli->query('SELECT lastlogin FROM bonus WHERE idplayer = "'.$_GET["idgiocatore"].'"');
    if ($resetTime < $lastLogin) {
    

    mysqli::query

    Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE.

    https://www.php.net/manual/en/mysqli.query.php

    Your also full of SQL Injection errors, an input such as this:

      $_GET["idgiocatore"] = '" OR 1 ORDER BY lastlogin DESC LIMIT 1 --'
    

    Will turn your query into this

    'SELECT lastlogin FROM bonus WHERE idplayer = "" OR 1 ORDER BY lastlogin DESC LIMIT 1 -- "'
    

    Everything after the -- is a comment so we can ignore that ending ". This avoids creating a syntax error, and is a very common tactic (nothing new).

    This will select all records from the DB because Anything plus OR 1 is always true, then it will sort them by your lastlogin value DESC so the highest value is first and Limit to 1 return row, well just because I can. Basically this will satisfy your if condition if ($resetTime < $lastLogin) Which I guess is a "good thing" (well for me, the haxor).

    Essentially this is because you are just pasting user input right into the SQL, so it becomes part of the command if formulated correctly (not a good thing for you).

    Anyway Hope it helps you.

    *PS it's been an age (like 6 years) sense I used MySqli (normally I use PDO) so forgive me any errors there, most of that came from a basic tutorial over at W3Schools

    One last thing instead of setting the time, consider removing it altogether with the MySql DATE() function:

    $resetTime = (new DateTime)->format('Y-m-d');
    //...
    $stmt = $mysqli->parpare('SELECT DATE(lastlogin) FROM bonus WHERE idplayer = ?');
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面
  • ¥50 NT4.0系统 STOP:0X0000007B
  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿