PHP Date Search Question

Greg

I have a page that searches a database by a repairman's name and by a
date range. It pulls info by the repairman's name but pulls all info in
the database regardless of the date. Below is the code of the two
pages. What am I missing?

This page calls the script datersearch.php

************
searchrdates.ph p
************

<html>
<head><title>Se arch Repair Dates</title>
</head>
<body bgcolor=#ffffff >
<center>
<P><CENTER><I MG SRC='images/MCLogo.jpg'
WIDTH='576' HEIGHT='87' NATURALSIZEFLAG ='0'
ALIGN='BOTTOM'> </CENTER></P>
<font face="Tahoma" size="3"><i><b> 202 Harper Ave. NW Lenoir, NC
28645</b></i></font>
<br>
<br>
<br>
<br>
<input type="button" style="font-style:tahoma; font-size:10px;
font-weight:bold; color:white; background-color:#0000FF;
height:20px;"on click="location .href="displayu pdate.php'" value="Update
Repair Entry">
<input type="button" style="font-style:tahoma; font-size:10px;
font-weight:bold; color:white; background-color:#0000FF;
height:20px;"on click="location .href="displayu pdate.php'" value="Display
Repair Entries">
<input type="button" style="font-style:tahoma; font-size:10px;
font-weight:bold; color:white; background-color:#0000FF;
height:20px;"on click="location .href="searchrd ates.php'" value="Search
Repair Entries">
<input type="button" style="font-style:tahoma; font-size:10px;
font-weight:bold; color:white; background-color:#0000FF;
height:20px;"on click="location .href="index.ph p'" value="Home">
<br>
<br>
<br>
<font face="Tahoma" size=3><b>Searc h Repairs By Date</b></font>
<br>
<i>(Example of Date Format: Jun 1, 2005)</i>
<table>
<tr>
<form method="post" action="daterse arch.php">
<td>From This Date:</td>
<td><input name="from" type="text" id="from"></td>
<td></td></tr>
<tr><td>Back To This Date:</td>
<td><input name="to" type="text" id="to"></td>
<td></td></tr>
<tr><td>For Repairman:</td>
<td><SELECT NAME="name">
<OPTION VALUE="Lisa Creamer" SELECTED>Lisa Creamer
<OPTION VALUE="Jim Stone">Jim Stone
<OPTION VALUE="Rick Stapleton">Rick Stapleton
<OPTION VALUE="Eddie Little">Eddie Little
<OPTION VALUE="Brandon Miller">Brandon Miller
</td>
<td></td></tr>
<td></td>
<td><input type="submit" style="font-style:tahoma; font-size:10px;
font-weight:bold; color:white; background-color:#0000FF; height:22px;"
value="Search">
</td><td></td></tr>
</table>
<?
include("footer .php";
?>
</form>
</body>
</center>
</html>

***************
datersearch.php
***************

<?php
$search = $_REQUEST['name'];
$from = $_REQUEST['from'];
$to = $_REQUEST['to];
if($search) // perform search only if a string was entered.
{
mysql_connect(" 192.168.1.8","r oot","passwordh ere");
mysql_select_db ("repair"); //database name
$srch = "%".$search."%" ;
$query = "SELECT * FROM repair WHERE repairman LIKE '$srch' AND
daterepaired BETWEEN '$from' AND '$to'";
$total = "SELECT SUM(price) as price FROM repair WHERE repairman LIKE
'$srch' AND daterepaired BETWEEN '$from' AND '$to'";
$result = mysql_db_query( "repair", $query) or die("MySQL error
#".mysql_errno( ).":".mysql_err or());
$addtotal = mysql_db_query( "repair", $total) or die("MySQL error
#".mysql_errno( ).":".mysql_err or());
if ($result)
{
echo "<font face='Tahoma' size=2><P><CENT ER><IMG SRC='images/MCLogo.jpg
WIDTH='576' HEIGHT='87' NATURALSIZEFLAG ='0'
ALIGN='BOTTOM'> </CENTER></P></font>
<br>
<br>
echo "<table border=0 cellpadding=3 cellspacing=5>
<tr bgcolor=#104E8B >
<td width=10><font size=2 color=#FFFF00
face=tahomo><b> ID</b></font></td>
<td width=10><font size=2 color=#FFFF00 face=tahomo><b> DATE
REPAIRED</b></font></td>
<td width=12><font size=2 color=#FFFF00 face=tahomo><b> TICKET
NUMBER</b></font></td>
<td width=10><font size=2 color=#FFFF00
face=tahomo><b> REPAIRMAN</b></font></td>
<td width=10><font size=2 color=#FFFF00 face=tahomo><b> DATE
RECEIVED</b></font></td>
<td width=15><font size=2 color=#FFFF00
face=tahomo><b> LOCATION</b></font></td>
<td width=10><font size=2 color=#FFFF00
face=tahomo><b> PRICE</b></font></td>
<td width=10><font size=2 color=#FFFF00
face=tahomo><b> M&R</b></font></td>
</tr>;

while ($r = mysql_fetch_arr ay($result)) {//Begin while
$id = $r["id"];
$daterepaired = $r["daterepair ed"];
$ticketnumber = $r["ticketnumb er"];
$repairman = $r["repairman"];
$datereceived = $r["datereceiv ed"];
$location = $r["location"];
$price = $r["price"];
$mr = $r["mr"];
echo "<tr bgcolor-669966>
<td>$id</td>
<td>$daterepair ed</td>
<td>$ticketnumb er</td>
<td>$repairma n</td>
<td>$datereceiv ed</td>
<td>$location </td>
<td>$price</td>
<td>$mr</td>
</tr>";
} // end while
echo "</table>";
}
while ($t = mysql_fetch_arr ay($addtotal)) {// Begin while
$price = $t["price"];
$commission = $price*.06;
echo "<table><tr >
<td><font size=4>Repairs for $repairman for the date range $to to $from
are: <b>$ $price</b></font></td></tr>
<tr><td><font size=4>and commission is: <b>$
$commission</b></font></td></tr></table>";
}
} else{
echo "Search field is empty. <br> Go back and enter something to search
by or click Display to view all repairs.";
}
?>
<?
include("footer .php";
?>

Ok, that's my code. It pulls info by the repairman but pulls all dates
no matter what dates are in the "to" and "from". I'm new at this and am
probably doing something stupid. Thanks in advance for your help.

Greg

Jul 17 '05 #1

Subscribe Reply

2284

Dave

Greg (gr**@basssax.c om) decided we needed to hear...

I have a page that searches a database by a repairman's name and by a
date range. It pulls info by the repairman's name but pulls all info in
the database regardless of the date. Below is the code of the two
pages. What am I missing? <snip>

I've noted a few problems below - there may be more but I only gave it
a fairly quick look.

Lack of indentation makes your code hard to read, and all those
multi-line echo with all the HTML make matters worse IMO.

Your queries look like they are valid, but without seeing the table
definition, and samples of your input, its tough to guess why all dates
and not those you expect are returned.
<?php
$search = $_REQUEST['name'];
$from = $_REQUEST['from'];
$to = $_REQUEST['to];
You don't validate any of the above vars. What happens if someone
enters invalid dates or other nonesense instead of dates? What
happens if from date comes after to date?
if($search) // perform search only if a string was entered.
It is best to use isset on your $_REQUEST variables, *then* validate
and use their contents.
You use $_REQUEST which gives both GET and POST variables, but your
form is set to POST. You should really be using $_POST.
{
mysql_connect(" 192.168.1.8","r oot","passwordh ere");
mysql_select_db ("repair"); //database name
$srch = "%".$search."%" ;
$query = "SELECT * FROM repair WHERE repairman LIKE '$srch' AND
daterepaired BETWEEN '$from' AND '$to'";
from and to are not validated to it would be easy for someone to
delete your data via SQL-injection.
$total = "SELECT SUM(price) as price FROM repair WHERE repairman LIKE
'$srch' AND daterepaired BETWEEN '$from' AND '$to'";
$result = mysql_db_query( "repair", $query) or die("MySQL error
#".mysql_errno( ).":".mysql_err or());
You've already selected the repair database above, so you might as
well use mysql_query() instead.
$addtotal = mysql_db_query( "repair", $total) or die("MySQL error
#".mysql_errno( ).":".mysql_err or());
if ($result)
Consider testing mysql_num_rows( ). You've already determined that the
query worked (it dies on error), so you may as well proceed based on
number of rows returned.
{
echo "<font face='Tahoma' size=2><P><CENT ER><IMG SRC='images/MCLogo.jpg
WIDTH='576' HEIGHT='87' NATURALSIZEFLAG ='0'
ALIGN='BOTTOM'> </CENTER></P></font>
<br>
<br>
echo "<table border=0 cellpadding=3 cellspacing=5> <snip some code> <td width=10><font size=2 color=#FFFF00
face=tahomo><b> M&R</b></font></td>
</tr>;
There is a " missing in the line above.

while ($r = mysql_fetch_arr ay($result)) {//Begin while <snip some code> <?
include("footer .php";
There is a ) missing above. Did you copy/paste or retype this code? It
won't run at all in its present form.
?>

<snip>

--
Dave <da**@REMOVEbun dook.com>
(Remove REMOVE for email address)

Jul 17 '05 #2

Alex

You forgot to tell him that if he uses text inputs for dates he would
have to use strtotime function or something like that because if you do
a query like SELECT * FROM test WHERE date='Jan 1 2005' mysql would
never return what you want ... or use postgresql :D.
The mysql data format is this 2005-12-31 and the dates are compared as
strings so it wouldn't convert 'Jan 1 2005' to '2005-01-01'
automatically.

I would tell him to use 3 selects and compose the date like
'{$_POST['to_year']}-{$_POST['to_month']}-{$_POST['to_day']}' because
even if he uses strtotime it wouldn't cover any date syntax.

--
Alexandru Mincu <mi****@gmail.c om>
Tel: +40745515505/+40723573761

Jul 17 '05 #3

Dave

Alex (mi****@gmail.c om) decided we needed to hear...

You forgot to tell him that if he uses text inputs for dates he would
have to use strtotime function or something like that because if you do
a query like SELECT * FROM test WHERE date='Jan 1 2005' mysql would
never return what you want ... or use postgresql :D.
The mysql data format is this 2005-12-31 and the dates are compared as
strings so it wouldn't convert 'Jan 1 2005' to '2005-01-01'
automatically.
Exactly. Thats why I explained to the OP that it wasn't possible to
guess what was going on with the select without seeing what the
datatypes were in the table definition, and some of the sample inputs
from the form.
I would tell him to use 3 selects and compose the date like
'{$_POST['to_year']}-{$_POST['to_month']}-{$_POST['to_day']}' because
even if he uses strtotime it wouldn't cover any date syntax.

I agree, thats a much better way than expecting users to type in a
date - and expecting them not to make mistakes ;)
--
Dave <da**@REMOVEbun dook.com>
(Remove REMOVE for email address)

Jul 17 '05 #4

Greg

I retyped the code, therefore the typo's. Thanks to both of you for
your suggestions. I changed the date columns in the db and that did the
trick. All is good now. I've set all of the date fields to
automatically fill in so the employees will not have to type them. I'm
new to php so I don't understand "validating vars" and "testing
mysql_num_rows( )" yet. Got time for the readers digest version on how
to do this or a suggestion on where to find a good tutorial?

Thanks for your help,

Greg

Jul 17 '05 #5

Dave

Greg (gr**@basssax.c om) decided we needed to hear...

I retyped the code, therefore the typo's. Thanks to both of you for
your suggestions. I changed the date columns in the db and that did the
trick. All is good now. I've set all of the date fields to
automatically fill in so the employees will not have to type them. I'm
new to php so I don't understand "validating vars" and "testing
mysql_num_rows( )" yet. Got time for the readers digest version on how
to do this or a suggestion on where to find a good tutorial?

Thanks for your help,

Greg

Glad its working for you now.

By validating vars, I meant checking (for example) that a variable you
expect to contain a valid date, actually does contain a valid date and
not some other nonesense value that would break your code. You can do
this pretty much any way you like with if statements, string and number
functions, date functions etc. For the valid date example, you might
start by checking out the strtotime function which tries to parse a
date and lets you know if it could or not -
http://ca.php.net/manual/en/function.strtotime.php

mysql_num_rows( ) returns the number of rows selected in the most
recently executed query. Your testing of $result didn't accomplish
much because by that point in the code your query had already worked
(your program dies if it did not). Because you know the query worked,
what you really need to know at this point is were any rows returned
or not. Thats where mysql_num_rows( ) comes in.

HTH
--
Dave <da**@REMOVEbun dook.com>
(Remove REMOVE for email address)

Jul 17 '05 #6

Similar topics

9602

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

10237

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10071

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9882

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

6690

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5326

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5467

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3987

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2832

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General