2018-03-19 17:26
浏览 50


I am writing a query which takes a pair of dates from user and searches whether it overlaps with any of the start and end column dates in my database table.

$from = $_GET['from'];
$to = $_GET['to'];
$sql="select bikeid from bikebookings where date('Y-m-d',strtotime(str_replace('/', '-', $from))) <= end and date('Y-m-d',strtotime(str_replace('/', '-', $to))) >= start";
mysqli_query($link,$sql) or die(mysqli_error($link));

I am getting an error as follows:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'strtotime(str_replace('/', '-', 20/03/2018))) <= end and date('Y-m-d',strtotime(' at line 1

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • doukun1450 2018-03-19 17:35

    You should use use mysql str_to_date function and for avoid sql injection. You should use binding param. For example:

    $stmt = $mysqli->prepare("select bikeid from bikebookings 
         where str_to_date( ?, '%Y-%m-%d') <= end and  str_to_date( ?, '%Y-%m-%d') >= start");
    $stmt->bind_param('ss',$from, $to);
    解决 无用
    打赏 举报

相关推荐 更多相似问题