Adding the DateUploaded Time to MS SQL Database from PHP

Question

After looking into it for a while I am struggling to use a hidden form field and a PHP MS SQL Query to add the date uploaded to the database when the data is submitted. Something similar to the MySQL NOW() function. Which I have tried and doesn't work. I also then tried the PHP date function.

<input type="hidden" name="DateUploaded" value="<?php date("d","m","y") ?>">

With my upload looking like this:

<?php 
 $Title=$_POST['Title'];
 $Synopsis=$_POST['Synopsis'];
  $Article=$_POST['Article'];
  $DateUploaded=$_POST['DateUploaded'];
  $Deleted=$_POST['Deleted'];
  mssql_connect("*************", "*********", "*********") or die; 
  mssql_select_db("DBName") or die; 
  mssql_query("INSERT INTO DBTable (Title, Synopsis, Article, DateUploaded,   Deleted) VALUES ('$Title','$Synopsis','$Article','$DateUploaded','$Deleted')"); 
  Print "Your information has been successfully added to the database."; 
   ?>

Its just a simple test blog DB, however when I try this technique I get this error:

Warning: mssql_query() [function.mssql-query]: message: Conversion failed when converting character string to smalldatetime data type. (severity 16) in (File Path) on line 9

I understand this is because im trying to put a string into a DB column set as smalldatetime. I was just wondering if there is a way around this that doesn't involve me having to change the data type in the DB?

Any help would be appreciated.

Answer 1

Instead of using hidden field simply use date() of php like:

$DateUploaded=date("Y-m-d H:i:s");

Make sure your database filed has a date type.

Answer 2

You can just generate the timestamp value before query to database and write the value, without any hidden field in form. You will save on security breaches and it will be better style.

My example:

$dateUploaded = time();

See time() function for more details. I suggest you to investigate for the better solution, than hidden field.