I am having trouble with "date".
Thanks for looking!
I will give kudos on our site for any help,
and or a paypal tip. -
http://www.wikispeedia.org/a/marks_bb2b.php?since=2013-11-11
-
------./a/marks_bb2b.php----------- -
<?php
-
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
-
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
-
header("Cache-Control: no-store, no-cache, must-revalidate");
-
header("Cache-Control: post-check=0, pre-check=0", false);
-
header("Pragma: no-cache");
-
header("content-type:text/xml");
-
include("../dbconnect.php");
-
-
$since=$_GET['since'];
-
-
echo "<markers>";
-
-
$query = " SELECT * from signs4 where submittedOn >= $since LIMIT 63";
-
-
$results = mysql_query($query);
-
while ($row=mysql_fetch_array($results)){
-
echo '<marker label="'.$row[0].'" lat="'.$row[1].'" lng="'.$row[2].'" mph="'.$row[3].'" kph="'.$row[4].'
-
" cog="'.$row[5].'" submittedOn="'.$row[6].'" deletedOn="'.$row[7].'" />';}
-
-
echo "</markers>";
-
?>
-
Line#14 - $query = " SELECT * from signs4 where submittedOn >= '$since' LIMIT 63";
9  1277 
dates are passed as string and hence you need to wrap them in quotes (otherwise SQL will interpret it as Math: 2013-11-11 = 1991)
PS. you’re wide open to SQL Injection and you’re using the outdated and deprecated mysql extension. better use Prepared Statements as provided in the PDO or MySQLi extensions.
Luuk 1,047
Expert 1GB
you’re wide open to SQL Injection
OK, i can be
mysql_query() sends a unique query (multiple queries are not supported).....
But it would be better to give some example how this can be dealt with, so celurl can take advantage of this....
A simple http://www.wikispeedia.org/a/marks_b...0from%20signs4
wont work for sql-injection, because of the above quote from the docs.
A simple
http://www.wikispeedia.org/a/marks_b...0from%20signs4
wont work for sql-injection, because of the above quote from the docs.
who said SQL Injection is limited to do multiple queries? what about UNIONs and sub-SELECTs?
But it would be better to give some example how this can be dealt with
plenty of examples on how to use a Prepared Statement. and I always try to teach how to solve a problem. because I firmly believe, that just handing over the solution neither satifies me nor helps the OP in the long run.
Luuk 1,047
Expert 1GB
ok, i must not have awake this morning.... ;)
thanks for the prepared statement info. I read about it.
How do I get """" around the date?
I am a php hack at best...
Thanks again.
Luuk 1,047
Expert 1GB
Line#14 - $query = " SELECT * from signs4 where submittedOn >= '$since' LIMIT 63";
Didn't seem to work.... http://www.wikispeedia.org/a/marks_b...nce=2012-01-01 -
$query = " SELECT * from signs4 where submittedOn >= '$since' LIMIT 63";
-
I think it needs double-quote, but I don't know how to string that together.
For example, in mysql this works -
SELECT * FROM SIGNS WHERE submittedOn > "2013-01-01";
-
thanks Dormilich. I wanted to give you partial credit, but cant!
Give me a bitcoin or paypal and I will tip.
I think it needs double-quote
SQL allows both single quotes and double quotes. so it doesn’t matter.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Vince C. |
last post by:
Hi all.
I'm trying to set a cookie expiry date but my script is JS (JavaScript). I've
tried
Response.Cookies("Test").Expires = Date();
Response.Cookies("Test").Expires =...
|
by: Paul |
last post by:
Hi,
I have a form where a user is required to enter a start date and an
end date. Both are required and must between a specific date range
(e.g. 01/01/1900 and 01/01/2099) and the end date...
|
by: Richard |
last post by:
I have a textbox and an HtmlInputButton control on a Webform for an Intranet
app. When the user clicks the button, it is supposed to add today's date to
the textbox using JavaScript on the client...
|
by: Sun |
last post by:
Hi,
I display date in asp.net pages using user defined format: mydate.text=Format(dr("MyDate"), "MMM. d, yyyy"). It works fine for all pages except one.
In that page, I built a dataAdapter,...
|
by: josh3006 |
last post by:
Hi there
I'm new in DB2, currently i'm into java development
The problem that i'm facing is that when i use JSP page to save, the
date is correct when i pass(from JSP page) to database, but when i...
|
by: vai |
last post by:
hi all,
i'm developing a stock management system.
in this system i'm developing a billing system which on daily & monthly basis.
i'm using ms-acess database as backend & visual baic as front end....
|
by: Fareast Adam |
last post by:
how to add several days to the current date using php? here my php code
$time = gmdate('Y-m-d H:i:s a');
what i mean is i want to add 2 days on the current date. how can i do this? your help...
|
by: svsenthilkumar |
last post by:
how can i add 10 days with retrieveing date using php
i retrieve a date from mysql table,and i add 10 days with that date and compare with today is or not.
|
by: adhoc |
last post by:
hai guys..
i'm having prob regarding displaying current date using label..
i'm using this code:
lblCurrTime.Text = Format$(Now, "dd mm yy")
the output is:
14 32 08
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
