By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,686 Members | 2,708 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,686 IT Pros & Developers. It's quick & easy.

Formating Date and Time in MySQL comperative query!

uranuskid
P: 19
Hey folks,

I have aliile issue with my Date. I query the data base with a comperative query (see below) and want to get the date in a different format.

At first the query:
Expand|Select|Wrap|Line Numbers
  1. $query = mysql_query("SELECT var1, var2, RideTo, Date, Time,  FROM table WHERE var1 = '$_POST[var1]' AND var2 = '$_POST[var2]'
  2. ORDER BY Date AND Time")
  3.                         or die("SELECT error: ".mysql_error()); 
  4.  
  5.  
That all works fine, the resulting table is all good. However, I tried to format the date in the query by replacing Date with DATE_FORMATE('Date', '%e %b %y') to get the output date in a different style. It won't work. Similar thing with the Time field.
Anybody an idea how to solve that?

Cheers,
Frank
May 5 '07 #1
Share this Question
Share on Google+
3 Replies


pbmods
Expert 5K+
P: 5,821
Couple of things:

$query = mysql_query("SELECT var1, var2, RideTo, Date, Time, FROM table WHERE var1 = '$_POST[var1]' AND var2 = '$_POST[var2]'
ORDER BY Date AND Time")
or die("SELECT error: ".mysql_error());

[/code]
What would you do if $_POST[var1] === "'\c DROP TABLE `table`;"?
Also, s/b ORDER BY `Date`, `Time`.


That all works fine, the resulting table is all good. However, I tried to format the date in the query by replacing Date with DATE_FORMATE('Date', '%e %b %y') to get the output date in a different style. It won't work. Similar thing with the Time field.
Anybody an idea how to solve that?
Try DATE_FORMAT(`Date` instead of 'Date' (use backticks instead of quotes).
May 5 '07 #2

uranuskid
P: 19
Couple of things:



What would you do if $_POST[var1] === "'\c DROP TABLE `table`;"?
Also, s/b ORDER BY `Date`, `Time`.




Try DATE_FORMAT(`Date` instead of 'Date' (use backticks instead of quotes).
Hey there,

Thanks for the hints. My input variable comes from a select box, so I think I won't get problems with SQL infiltration.

I tried the date_format with the backticks, however wouldn"t work. So I decided to formate the date with php function date(Y M d, strtotime($row['date from the sql query'])) in the output table and that's absolutely fine.

Cheers,
Frank
May 6 '07 #3

pbmods
Expert 5K+
P: 5,821
My input variable comes from a select box, so I think I won't get problems with SQL infiltration.
Yes, but...

A cracker could build his own form with a text box. At the very least, you might want to consider using addslashes.

Admittedly, it depends on the nature of your site and the perceived importance of the private data thereof. But it's still a good habit to get into.
May 6 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.