1

How can I insert the current date into a datetime field in MySQL database?

I have the code to connect to the database, make a query, and execute the query in php (which I've done plenty of times), but I've never dealt with dates in SQL or in PHP. Here's what I tried, but it's just returning 0 for the time:

<?php
$con = mysql_connect("somewebsite.com","user","somepassword");
if (!$con) {
  die('Could not connect: ' . mysql_error());
}

mysql_select_db("someuser", $con);

$mysqldate = date( 'Y-m-d H:i:s', $phpdate );
$phpdate = strtotime( $mysqldate );

$query = "insert into sometable
            (field1, field2, field3, date) 
          values 
            ('" . $_GET['name'] . "', '" . $_GET['pswd'] . "', '0', " . $phpdate . ")";
echo $query;
$result = mysql_query($query);

mysql_close($con);
?>
Improve this question
2
  • 3
    Not related to your question, but passing $_GET parameters straight into your query leaves you wide open to SQL injection. You should sanitize all inputs. For info on SQL injection, see: en.wikipedia.org/wiki/SQL_injection There's also lots of questions on SO related to SQL injection prevention, so you can do a search on here for examples too. Commented Jul 12, 2011 at 18:49
  • Do a Google search for "Prepared Statements in PHP" (Here's a practical example from PHP Docs: php.net/manual/en/pdo.prepared-statements.php#example-920) , as that would be the best way. But at a very basic level, you can do mysql_real_escape_string($_GET['name']) instead of just $_GET['name']. You should also verify the inputs are as you expect. If you're expecting a numeric value, confirm the variable contains a numeric value, etc. Commented Jul 12, 2011 at 18:53

2 Answers 2

Reset to default
4 
$query = "insert into sometable (field1, field2, field3, date) 
           values ('" . $_GET['name'] . "', '" . $_GET['pswd'] . "', 
           '0', CURRENT_TIMESTAMP)";

CURRENT_TIMESTAMP is the key, MySQL does it all for you.

Improve this answer
Sign up to request clarification or add additional context in comments.

15 Comments

sql injection attack waiting to happen
thanks that worked well. but, how do I make it so that it's eastern time zone?
@OMGPonies that is true, i was just referring to the timestamp bit.
There's also the now() function, which does the same thing.
@reising it will go with whatever timezone your server is set up for.
|
0

$date = date( "Y-m-d H:i:s", time() );

or, for $phptime

$date = date( "Y-m-d H:i:s", strtotime( $phptime ) );

Improve this answer

4 Comments

What happens if the PHP executes at 11:59:59pm and the query doesn't take place until 00:00:01am the next day? Best to let MySQL do the timestamping to keep things consistent.
What if he is doing it from a value he previously had stored? He will be inserting the value he performed the operation on.
If he wants to use the current time, he could just use NOW().
Also, be sure to make use of mysql_real_escape_string() to prevent SQL injection.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.