0

im using $orderdate = date('Y-m-d H:i:s'); to store in MySQL datetime

but when retrieving sales report which has a form of

    $initialstartdate = $_POST['startdate'];
    $initialenddate = $_POST['enddate'];

    $startdate = " '$initialstartdate' ";
    $enddate = " '$initialenddate' ";

    $sql="SELECT * FROM orders 
    left join order_item on orders.order_id=order_item.order_id 
    left join products on products.product_id=order_item.product_id 
    left join category on products.category_id=category.category_id 
    where orders.order_date BETWEEN $startdate and $enddate;";

it is not showing dates and BETWEEN is not inclusive maybe there is a problem regarding H:i:s because it was working properly before changing this $orderdate = date('Y-m-d'); to this $orderdate = date('Y-m-d H:i:s');

i tried concatenating .'00:00:00' to $startdate and $enddate but it didnt work

Improve this question
9
  • 7
    (Possible) side note: Learn to use parameterized queries. Your program is vulnerable to SQL injections. Commented Jul 29, 2020 at 13:21
  • 5
    ...but it is still testing... Actually there is no reason for "but" :) you should start to learn what @stickybit said immediately Commented Jul 29, 2020 at 13:24
  • 3
    Using prepared statements not only prevents SQL injections, but it also prevents quoting issues. Using prepared statements now will remove all of the headaches that $startdate = " '$initialstartdate' "; and $enddate = " '$initialenddate' "; is attempting to fix. Commented Jul 29, 2020 at 13:25
  • 4
    ..i will use parameterized queries when my problem is solved. thanks... You don't get the point Commented Jul 29, 2020 at 13:26
  • 2
    Correct. Between is not inclusive. So 2020-07-28 - 2020-07-28 will show no results, 2020-07-28 - 2020-07-29 will only show results for 2020-07-28. To make it inclusive, you have to pass in the timestamp for beginning and ending of the days -- 2020-07-28:00:00:00 - 2020-07-28:23:59:59 will give all of the results for the 28th, 2020-07-29:23:59:59 as the end date will give results for the 28th and 29th Commented Jul 29, 2020 at 13:46

1 Answer 1

Reset to default
2

Your code is absolutely not safe for sqlingections. Use PDO and SQL preparing. Like this:

$start_date = $_POST['startdate'];
$end_date = $_POST['enddate'];

$DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);  

$DBH->prepare("SELECT * FROM orders 
    left join order_item on orders.order_id=order_item.order_id 
    left join products on products.product_id=order_item.product_id 
    left join category on products.category_id=category.category_id 
    where orders.order_date BETWEEN STR_TO_DATE(:start_date, '%Y-%m-%d %H:%i:%s') and STR_TO_DATE(:end_date, '%Y-%m-%d %H:%i:%s')");

$STH->bindParam(':start_date', $start_date, PDO::PARAM_STR);
$STH->bindParam(':end_date', $end_date, PDO::PARAM_STR);
$STH->execute();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.