douyujun0152 2018-03-19 09:26
浏览 58
已采纳

日期函数的MySQL语法错误[关闭]

I am writing a query which takes a pair of dates from user and searches whether it overlaps with any of the start and end column dates in my database table.

$from = $_GET['from'];
$to = $_GET['to'];
$sql="select bikeid from bikebookings where date('Y-m-d',strtotime(str_replace('/', '-', $from))) <= end and date('Y-m-d',strtotime(str_replace('/', '-', $to))) >= start";
mysqli_query($link,$sql) or die(mysqli_error($link));

I am getting an error as follows:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'strtotime(str_replace('/', '-', 20/03/2018))) <= end and date('Y-m-d',strtotime(' at line 1

  • 写回答

1条回答 默认 最新

  • doukun1450 2018-03-19 09:35
    关注

    You should use use mysql str_to_date function and for avoid sql injection. You should use binding param. For example:

    $stmt = $mysqli->prepare("select bikeid from bikebookings 
         where str_to_date( ?, '%Y-%m-%d') <= end and  str_to_date( ?, '%Y-%m-%d') >= start");
    $stmt->bind_param('ss',$from, $to);
    $stmt->execute();
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
编辑
预览

报告相同问题?