Explore our sites

Stack Exchange
tour help careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

Hello i trying to select date from mysql between date's with this code:

if (empty($_GET['date-range1'])) { 
    $sql=mysql_query("SELECT * FROM sohy_raports ORDER BY ".$_GET['sort']." ".$_GET['ad']."");

} else {
$sql=mysql_query("SELECT * FROM sohy_raports WHERE date BETWEEN ".$_GET['date-range1']." AND ".$_GET['date-range2']." ORDER BY ".$_GET['sort']." ".$_GET['ad']."");
}

but with this code i can't select between date's only between id's. It can be from date format error Y-mm-dd ?

Thanks

share|improve this question
 
Just a comment: you should write timestamps to the database, makes this question alot easier –  Dieter May 27 at 8:20
 
What are the contents of $_GET['date-range1'] and $_GET['date-range2'] ? Also, your code is widely open to SQL injection attacks, you might want to read up on that if you plan on putting this code on the public internet. –  Oldskool May 27 at 8:21
 
What is the data type of the date column? What are the inputs? Why aren't you quoting those date values? Why aren't you using query parameters? –  leftclickben May 27 at 8:22
 
your code will never go for else condition if $_GET['date-range1'] is empty then how it will check for between and you missed comma between sort and ad.. –  sAnS May 27 at 8:22
 
date-range1 = 2013-05-23; date-range2 = 2013-05-28; –  Robert Coroianu May 27 at 8:36
add comment

1 Answer

up vote 0 down vote

Instead of 

$sql=mysql_query("SELECT * FROM sohy_raports WHERE date BETWEEN ".$_GET['date-range1']." AND ".$_GET['date-range2']." ORDER BY ".$_GET['sort']." ".$_GET['ad']."");

do

$query = "SELECT * FROM sohy_raports WHERE date BETWEEN ".$_GET['date-range1']." AND ".$_GET['date-range2']." ORDER BY ".$_GET['sort']." ".$_GET['ad'];
echo $query;
$sql=mysql_query($query);

This will print out the query you are sending to your database, and will clear up alot of what might go wrong, and what exactly the date-format is you are using.

On the side, but no less important: - Don't use the mysql_* functions anymore, they are deprecated and unsafe. Switch to mysqli_* or PDO instead. - Never just use your GET variable (or POST) in your query, make sure you sanitize them first to prevent SQL injections.

share|improve this answer
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.