Re: How to query for rec's WHERE >= $start_date ?
Posted by:
Fran Lee
Date: December 29, 2017 03:58PM
Thank you Peter. That worked but gives rise to another issue...
I'm trying to pass the date (on occasion) to a page as date via GET
Once I establish that the date exist with isset I then 'try' to use
mysqli_real_escape_string
to prevent sql injection... sort of of like... for simplicity
$start_date ="'2018-01-15'";
$start_date = mysqli_real_escape_string($conn,$start_date);
but it doesn't work unless I comment out the 2nd line...
So I'm guessing that the dashes get stripped out by the 2nd line... but I'm not sure.
The whole thing looks like this where
... I'm using $dt instead of $start_date
... and the 'else' with the defined date is for testing
if (isset($_GET['dt']))
{
$dt = $_GET['dt'];
//$dt = mysqli_real_escape_string($conn,$dt);
} else {
$dt="'2018/01/15'";
//$dt = mysqli_real_escape_string($conn,$dt);
echo $dt."<br>";
}
What is the proper way to do this and test for sql injection... or whatever?
Thanks again for the help
Subject
Written By
Posted
December 29, 2017 12:25PM
December 29, 2017 12:36PM
Re: How to query for rec's WHERE >= $start_date ?
December 29, 2017 03:58PM
December 29, 2017 04:39PM
December 29, 2017 10:13PM
December 30, 2017 09:29AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.