drebew5059 2019-04-06 08:35
浏览 182
已采纳

将DATETIME MySQL与DateTime PHP进行比较

I have problems comparing dates between a date created with new dateTime () in php, and a date taken from a DATETIME field of a Mysql table.

With the following code, save a date in a DATETIME field of a MySQL table:

$now = new DateTime();
$update = $mysqli->query('INSERT INTO bonus (idplayer,lastlogin) VALUES ("'.$_GET["idplayer"].'","'.$now.'")');

Then I would like to retrieve the date from the tables and compare it with a date created using the php code:

$resetTime = new DateTime();
date_time_set($resetTime, 12, 00, 00);
$lastLogin = $mysqli->query('SELECT lastlogin FROM bonus WHERE idplayer = "'.$_GET["idgiocatore"].'"');
if ($resetTime < $lastLogin) {
        echo "OK!<br>";
    }

Using this code I can't comparate the dates because I get an error (I can't even do an echo of the date retrieved from the table). Can anyone tell me where I'm wrong and how can I solve the problem?

  • 写回答

1条回答 默认 最新

  • dox90448 2019-04-06 10:50
    关注

    Try this

    $resetTime = (new DateTime)->format('Y-m-d 12:00:00'); //need it as a string
//$resetTime = date('Y-m-d 12:00:00'); //-- this is fine too

$stmt = $mysqli->parpare('SELECT lastlogin FROM bonus WHERE idplayer = ?');
$stmt->bind_param("s", .$_GET["idplayer"]);
$stmt->execute();
list($lastLogin) = $stmt->get_result()->fetch_array();

if ($resetTime < $lastLogin) {
        echo "OK!<br>";
}

    Basically your comparing the query result set, to your timestamp, instead of the value of the first column of the first row. Consider you code:

    $lastLogin = $mysqli->query('SELECT lastlogin FROM bonus WHERE idplayer = "'.$_GET["idgiocatore"].'"');
if ($resetTime < $lastLogin) {

    mysqli::query

    Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE.

    https://www.php.net/manual/en/mysqli.query.php

    Your also full of SQL Injection errors, an input such as this:

      $_GET["idgiocatore"] = '" OR 1 ORDER BY lastlogin DESC LIMIT 1 --'

    Will turn your query into this

    'SELECT lastlogin FROM bonus WHERE idplayer = "" OR 1 ORDER BY lastlogin DESC LIMIT 1 -- "'

    Everything after the -- is a comment so we can ignore that ending ". This avoids creating a syntax error, and is a very common tactic (nothing new).

    This will select all records from the DB because Anything plus OR 1 is always true, then it will sort them by your lastlogin value DESC so the highest value is first and Limit to 1 return row, well just because I can. Basically this will satisfy your if condition if ($resetTime < $lastLogin) Which I guess is a "good thing" (well for me, the haxor).

    Essentially this is because you are just pasting user input right into the SQL, so it becomes part of the command if formulated correctly (not a good thing for you).

    Anyway Hope it helps you.

    *PS it's been an age (like 6 years) sense I used MySqli (normally I use PDO) so forgive me any errors there, most of that came from a basic tutorial over at W3Schools

    One last thing instead of setting the time, consider removing it altogether with the MySql DATE() function:

    $resetTime = (new DateTime)->format('Y-m-d');
//...
$stmt = $mysqli->parpare('SELECT DATE(lastlogin) FROM bonus WHERE idplayer = ?');
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?