Eiolon Posted April 19, 2008 Share Posted April 19, 2008 I am working on my first search engine so I made something small to test it. I created a table called "reservations" reservation_id int not null primary key auto_increment, reservation_date date not null default '0000-00-00' I inserted a date of 1981-09-01 for a test. On search.php I have: <form id="search" name="search" method="get" action="results.php"> <table width="100%" border="0" cellspacing="2" cellpadding="2"> <tr> <td width="50">Date:</td> <td><input type="text" name="reservation_date" id="reservation_date" /></td> </tr> <tr> <td width="50"> </td> <td><input type="submit" name="submit" id="submit" value="Search" /></td> </tr> </table> </form> On results.php I have: <?php if (isset($_GET['reservation_date'])) { require_once('../mysql_connect.php'); $query_reservations = "SELECT * FROM reservations WHERE reservation_date = ".$_GET['reservation_date'].""; $reservations = mysql_query($query_reservations) OR die ('Cannot retrieve date information.'); $row_reservations = mysql_fetch_array($reservations); $totalrows_reservations = mysql_num_rows($reservations); } ?> When I enter in the date of 1981-09-01 in the search box and submit, $totalrows_reservations is showing 0 instead of 1. It is getting the date because I echo it out with <?php echo $_GET['reservation_date'] ?> Any suggestions? Quote Link to comment Share on other sites More sharing options...
Fadion Posted April 19, 2008 Share Posted April 19, 2008 The query should be like this (or maybe i dont know that date types dont need single quotes) $query_reservations = "SELECT * FROM reservations WHERE reservation_date = '".$_GET['reservation_date']."'"; For a more secure version i would clean the input first with mysql_real_escape_string() then query the database. Quote Link to comment Share on other sites More sharing options...
Eiolon Posted April 19, 2008 Author Share Posted April 19, 2008 Thank you. I always get mixed up on the single quote usage. I had mysql_real_escape_string() in there at first but took it out to troubleshoot to see if it was the problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.