2

I have this simple date validation where the user cannot input the date if the input in the field is less than the date in the query

I have this code:

if (isset($_POST['btnsubmit'])) {

$date1 = date('Y-m-d', strtotime($_POST['date1']));
$reading = $_POST['reading']; 
$suggest = $_POST['suggest'];
$part =$_POST['part'];

 $sql2 = "SELECT dateinput FROM sched ORDER BY date DESC LIMIT 1";
 $sql = "SELECT reading FROM sched ORDER BY reading DESC LIMIT 1";
 $result = mysqli_query($sqli, $sql);
 if ( $result === FALSE )
 {
    echo mysql_error();
    exit;
}                   
                    $row = mysqli_fetch_object($result);                    
                    if (empty($_POST['reading']))
                    {
                    echo "No Input ";
                    exit;
                    }
                    if ($_POST['reading'] <= $row->reading) 
                    {
                    echo "Must input higher value than {$row->reading}";
                    exit;
                    }
                    if ($_POST['reading'] > $row->reading)
                        {
                            $result2 = mysqli_query($sqli, $sql2);
                            $row2 = mysqli_fetch_object($result2);
                            $try2 = date('Y-m-d', strtotime($row2));
                            if ($_POST['date1'] <= $row2->dateinput)
                            {
                                echo "Must input higher value than {$row2->dateinput}";
                                exit;
                            }
                            elseif ($_POST['date1'] > $row2->dateinput)
                            {
                                $query = mysqli_query($sqli,"INSERT INTO sched (dateinput,reading,suggest,part) VALUES ('$date1','$reading','$suggest','$part')");
                            }
                            else ($_POST['date1'] == date('Y-m-d', strtotime($_POST['1970-01-01'])));
                            {
                                echo "No Input";
                                exit;
                            }
                        }



        }



            }

The result is: If I have correct input (meaning higher than the latest query) the INSERT executes. But if I input wrong data (meaning lower than the latest query) the echo does not execute. What's the problem with this?

Improve this question
3
  • 3
    did your caps get stuck while typing that title? that won't get you better exposure you know. Commented Mar 7, 2016 at 22:01
  • 1
    @Fred-ii- Im so sorry my bad, this will not be happening again Commented Mar 7, 2016 at 22:04
  • 1
    Isn't $try2 a string, not an object? strtotime should be taking $row2->dateinput. You should also use prepared statements, this is open to SQL injections. Commented Mar 7, 2016 at 22:06

1 Answer 1

Reset to default
1

Try this:

if (isset($_POST['btnsubmit'])) {

    $date1 = date('Y-m-d', strtotime($_POST['date1']));
    $reading = $_POST['reading']; 
    $suggest = $_POST['suggest'];
    $part =$_POST['part'];

    $sql = "SELECT reading FROM sched ORDER BY reading DESC LIMIT 1";
    $result = mysqli_query($sqli, $sql);
    if ( $result === FALSE )
    {
        echo mysqli_error();
        exit;
    }                   

    $row = mysqli_fetch_assoc($result);                    

    if (empty($_POST['reading']))
    {
        echo "No Input ";
        exit;
    }

    if ($_POST['reading'] <= $row['reading']) 
    {
        echo 'Must input higher value than {'.$row['reading'].'}';
        exit;
    }

    if ($_POST['reading'] > $row['reading'])
    {
        $sql2 = "SELECT dateinput FROM sched ORDER BY date DESC LIMIT 1";
        $result2 = mysqli_query($sqli, $sql2);

        $row2 = mysqli_fetch_assoc($result2);
        // $try2 = date('Y-m-d', strtotime($row2)); what is this?

        if ($_POST['date1'] <= $row2['dateinput'])
        {
            echo 'Must input higher value than {'.$row2['dateinput'].'}';
            exit;
        }

        elseif ($_POST['date1'] > $row2['dateinput'])
        {
            $query = mysqli_query($sqli,"INSERT INTO sched (dateinput,reading,suggest,part) VALUES ('$date1','$reading','$suggest','$part')");
        }

        else
        {
            echo "Check your Input";
            exit;
        }
    }

}

And you should look at this:

How can I prevent SQL injection in PHP?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

: mysqli_fetch_object() expects parameter 1 to be mysqli_result, boolean given AND Trying to get property of non-object
@JohnPaul Do you have a column name date?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.