douyujun0152 2018-03-19 17:26
浏览 58
已采纳

日期函数的MySQL语法错误[关闭]

I am writing a query which takes a pair of dates from user and searches whether it overlaps with any of the start and end column dates in my database table.

$from = $_GET['from'];
$to = $_GET['to'];
$sql="select bikeid from bikebookings where date('Y-m-d',strtotime(str_replace('/', '-', $from))) <= end and date('Y-m-d',strtotime(str_replace('/', '-', $to))) >= start";
mysqli_query($link,$sql) or die(mysqli_error($link));

I am getting an error as follows:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'strtotime(str_replace('/', '-', 20/03/2018))) <= end and date('Y-m-d',strtotime(' at line 1

  • 写回答

1条回答 默认 最新

  • doukun1450 2018-03-19 17:35
    关注

    You should use use mysql str_to_date function and for avoid sql injection. You should use binding param. For example: 

    $stmt = $mysqli->prepare("select bikeid from bikebookings 
     where str_to_date( ?, '%Y-%m-%d') <= end and  str_to_date( ?, '%Y-%m-%d') >= start");
$stmt->bind_param('ss',$from, $to);
$stmt->execute();
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 iOS绕地区网络检测
  • ¥15 python验证码滑块图像识别
  • ¥15 根据背景及设计要求撰写设计报告
  • ¥15 QT6颜色选择对话框显示不完整
  • ¥20 能提供一下思路或者代码吗
  • ¥15 用twincat控制!
  • ¥15 请问一下这个运行结果是怎么来的
  • ¥15 单通道放大电路的工作原理
  • ¥30 YOLO检测微调结果p为1
  • ¥15 DS18B20内部ADC模数转换器