1

I'm trying to update date field in my db. Query like this:

$q = "update news set data = STR_TO_DATE('2011-03-05','%Y-%m-%d'), title = '".$title."', content='".$content."',....";

works great, but:

$q = "update news set data = STR_TO_DATE('".$data."','%Y-%m-%d'), title = '".$title."', content='"...";

it is not working :(

I got date:

$data = $_POST["data"];

and it has a value "2013-04-13". I trimmed date and show in popup window and value is correct; Plz help :)

UPDATE It is strange to me, but if i'm using:

$q = "insert into news set data = CAST('".$data."' AS DATE), title = '".$title."', content='".$content."'...";

it works perfectly fine. Only in insert not in update

Script for table:

CREATE TABLE IF NOT EXISTS `news` (`id` int(11) NOT NULL AUTO_INCREMENT, `data` date NOT NULL, `title` text NOT NULL, `content` text NOT NULL, `img` text NOT NULL, `n_img` text NOT NULL, PRIMARY KEY (`id`), KEY `id` (`id`)) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=36 ;
Improve this question
4
  • You'd better do PHP var_dump() on your $_POST['data'] - instead of a popup window (I suppose it's javascript alert()?) it can show some "tricky" symbols in variables. Commented Apr 8, 2013 at 22:10
  • I'd say, do var_dump($q);both times and compare. Commented Apr 8, 2013 at 22:13
  • You should escape the post data first. Maybe have a read here: php.net/manual/en/security.database.sql-injection.php Commented Apr 8, 2013 at 22:17
  • after doing var_dump($data); it returns good data "2013-04-13" Commented Apr 9, 2013 at 5:36

1 Answer 1

Reset to default
1

why are you using STR_TO_DATE? looks like your date is already in the correct format. try removing it and just inserting as is?

might want to escape it first though.

$data = mysql_real_escape_string($_POST["data"]);
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

mysql_real_escape_string doesn't help. I'm using STR_TO_DATE because i have tried many options and with STR_TO_DATE it start working in phpMyAdmin
@MarcinSzubert no, mysql_real_escape_string isn't going to fix your problem, it's just giong to protect your website from sql injection. There may be an issue with your table structure, the PHP looks fine. Can you export the table and post it in your question?
Done. Thank you for your commitment
@MarcinSzubert I've never seen that syntax before on an insert query. first, stop trying to get all fancy with the date. it's not nessecary, if you're doing everything else correctly, you should be able to insert the date as it is, without any cast or str_to_date, etc.
You were right. Something was bad with the date even if it was displayed in var_dump properly it has 4 more chars (string length should be 10, was 14). I remove all cast, str_to_date, and leave only mysql_real_escape_string. Thanks very much!
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.