Question
Currently I have a database with each row having a date. In PHP I want to make a input box where the user can input a date (for example 2014/05/11). This will be sent to the sql query to receive the values of that day.
I am using MySQL.
Now I have implemented the date input field, it sends date through but SQL doesn't understand what I try to do.
How do I make a date from php understood by sql?
Now I have like:
https://stackoverflow.com/questions/23595614
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$date = "2014-05-11";
SQL being:
$sql = "SELECT SQL_CALC_FOUND_ROWS * FROM " . TBL_MEMBERS . " WHERE DATE=$date ORDER BY $order LIMIT :startRow, :numRows";
But that doesn't seem to work. Any tips/idea's on what I should try next?
Solution
Try this:
$stmt = $mysqli->prepare("SELECT * FROM TABLENAME WHERE DATE=? ORDER BY ORDEBRYCOLUMN LIMIT ?, ?");
$date = "2014-05-11";
$stmt->bind_param('sii', $date, 0, 30);
$stmt->execute();
Bind params protect you from SQL injection attacks. If you put a variable directly into a SQL server string, someone can add more SQL to that string variable and run more sql queries than you want them to.
