1. 技术文章
  2. Inserting date value into MySQL through PHP

Inserting date value into MySQL through PHP

匆匆过客 提交于 2019-12-23 05:37:14

问题


What I'm trying to do is as the title implies inserting date into created table.

I've done my research. I considered following topics:

  • Parse error: syntax error, unexpected T_VARIABLE on line 107
  • SQL DML: Incorrect date value (MySQL)

and others.

However nothing really helped to solve this. The $dob variable is in there on purpose. I need to make sure that it will change as users will change as well.

This is my php code:

$firstName = $middleName = $lastName = $mobileNumber = $dob = $address = "";
$firstName0 = $middleName0 = $lastName0 = $mobileNumber0 = $dob0 = $address0 = "";
$dobErr = $addressErr = $mobilenumErr = $emailErr = $passwordErr = "";
$email = $password = $fnameErr = $mnameErr = $lnameErr = $conn = $data = "";
$email0 = $password0 = "";

require_once 'login.php';
$conn = new mysqli($hn, $un, $pw, $db);
if($conn->connect_error) die($conn->connect_error);

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

if(isset($_POST['submit'])) {
    // input validation

    if ($_SERVER["REQUEST_METHOD"] == "post") {
        if (empty($_POST["firstName"])) {
            $fnameErr = "Name is required";             
        } else {
            $firstName0 = test_input($_POST["firstName"]);              
        }
        if (empty($_POST["lastName"])) {
            $lnameErr = "Last name is required";        
        } else {
            $lastName0 = test_input($_POST["lastName"]);                
        }
        if (empty($_POST["dob"])) {
            $dobErr = "Date of birth is required";              
        } else {
            $dob0 = test_input($_POST["dob"]);              
        }
        if (empty($_POST["address"])) {
            $addressErr = "Address is required";                
        } else {
            $address0 = test_input($_POST["address"]);              
        }
        if (empty($_POST["mobileNumber"])) {
            $mobilenumErr = "Mobile number is required";                
        } else {
            $mobileNumber0 = test_input($_POST["mobileNumber"]);                
        }
        if (empty($_POST["email"])) {
            $emailErr = "Email is required";                
        } else {
            $email0 = test_input($_POST["email"]);
        }
        if (empty($_POST["password"])) {
            $passwordErr = "Password is required";              
        } else {
            $password0 = test_input($_POST["password"]);            
        }
    }
    if ($_SERVER["REQUEST_METHOD"] == "post") {
        // sanitizing the input
        $firstName = test_input($_POST["$firstName0"]);
        if (!preg_match("/^[a-zA-Z]*$/",$firstName)) {
            $nameErr = "Only letters are allowed";          
        }
        $middleName = test_input($_POST["$middleName0"]);
        $lastName = test_input($_POST["$lastName0"]);
        $dob = test_input($_POST["$dob0"]);
        $address = test_input($_POST["$address0"]);
        $mobileNumber = test_input($_POST["$mobileNumber0"]);
        $email = test_input($_POST["$email0"]);
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $emailErr = "Invalid email format";         
        }
        $password = test_input($_POST["$password0"]);   
    }

    // sending valid data to the database   
    $query = "insert into details values" . "("$firstName","$middleName","$lastName",STR_TO_DATE("$dob","%Y/%m/%d"),"$address","$mobileNumber","$email", "$password")";
    $result = $conn->query($query);
    if(!$result) {
        echo 'Insert failed: $query<br>' . $conn->error . '<br><br>';
    } else { 
        echo 'Data saved !';
    }
}

I'm getting this error:

Insert failed: insert into details values('','','',STR_TO_DATE("","%Y/%m/%d"),'','','', '') Incorrect datetime value: '' for function str_to_date


回答1:


$query = "insert into details values ($firstName,$middleName,$lastName,STR_TO_DATE($dob,'%Y/%m/%d'),$address,$mobileNumber,$email, $password)";



回答2:


With all of those individual string declarations, I think it would be better to processes arrays. PHP has some fantastic array functions to offer. I'll use array_intersect_key(), array_walk(), implode(), and array_keys(). I have left some commented var_export()'s in place so that you can uncomment them and see how the filtering processes work.

If a form submits this $_POST array:

$_POST=array('firstName'=>'Mick','lastName'=>'MacKusa','dob'=>'2017/05/03',
             'address'=>'Home','mobileNumber'=>'v','email'=>'user@email.com',
             'password'=>'v','bogus'=>'Hacktastic');

To this script:

<?php
require_once 'login.php';

$requireds=array('firstName'=>'Name is required','lastName'=>'Last name is required','dob'=>'Date of birth is required','address'=>'Address is required','mobileNumber'=>'Mobile number is required','email'=>'Email is required','password'=>'Password is required');

$inputs=array_intersect_key($_POST,$requireds);  // only handle desired elements in $_POST
// var_export($inputs);  // 'bogus'=>'Hacktastic' has beem removed

// create an array filled with empty elements
array_walk($inputs,function($v,$k)use(&$empties){if(empty($v)){$empties[$k]=$v;}});
// var_export($empties);

if(!is_null($empties)){  // if at least one required value is missing...
    $messages=array_intersect_key($requireds,$empties);  // create an array of "required" messages
    var_export($messages);  // handle this array however you wish
}else{  // all fields have a value
    //var_export($inputs);

    // do any necessary/specific validation or preparation on elements like: 

    // $inputs['password']=hash("sha256",$_POST["password"]); or something
    // never store anyone's unencrypted passwords
    // regarding data security, research AS MUCH AS POSSIBLE

    // check format of $inputs['dob'] and $inputs['email'], etc...

    // I prefer pdo where I can drop the $inputs array into the execute function,
    // but it may be less overwhelming for you to stay with mysqli for the time being

    if(!$conn=new mysqli($hn,$un,$pw,$db)){
        echo "Connection Error: ",$conn->connect_error;  // do not echo when live
    }elseif($stmt=$conn->prepare("INSERT INTO `details` (`".implode('`,`',array_keys($inputs))."`) VALUES (?,?,STR_TO_DATE(?,'%Y/%m/%d'),?,?,?,?)")){
        // to shrink bind_param code, use variadic expression or call_user_func_array
        if($stmt->bind_param('sssssss',$inputs['firstName'],$inputs['lastName'],$inputs['dob'],$inputs['address'],$inputs['mobileNumber'],$inputs['email'],$inputs['password']) && $stmt->execute()){
            echo "Success - New ID# is ",$stmt->insert_id;
        }else{
            echo "Statement Error: ",$stmt->error;  // do not echo when public
        }
        $stmt->close(); 
    }else{
        echo "Prepare Error: ",$conn->error;  // do not echo when public
    }
    $conn->close();
}
?>

And the details table in the database looks like this:

CREATE TABLE `details` (
  `id` int(10) NOT NULL,
  `firstName` varchar(100) NOT NULL,
  `lastName` varchar(100) NOT NULL,
  `dob` date NOT NULL,
  `address` varchar(255) NOT NULL,
  `mobileNumber` varchar(30) NOT NULL,
  `email` varchar(255) NOT NULL,
  `password` varchar(100) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

ALTER TABLE `details`
  ADD PRIMARY KEY (`id`);

ALTER TABLE `details`
  MODIFY `id` int(10) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;

Then the screen output will read:

Success - New ID# is 1

And the database table will look like this:

By doing some light validation and preparation work with array functions and using prepared statements to handle the security aspect, you can skip right to educating yourself about developing a smart/secure login system.



来源:https://stackoverflow.com/questions/43765395/inserting-date-value-into-mysql-through-php

标签
php
mysql
str-to-date
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!