PHP and SQL calling table value issue

[karlosantana]

I have no idea why the heck I'm struggling with this, I'm usually the one giving the help for this sort of thing! Anyway here goes: I've made a script where I can fetch records from a database and output them as a CSV, I've added the ability to select "from" and "to" using THIS script. The code below is the bit that fetches data etc

 

<?php
    require_once 'class.sql2csv.php';
    
    $params = array(
        'host'        => 'localhost',
        'user'        => 'root',
        'password'    => '',
        'database'    => 'database_name'
    );
    $query = "SELECT * FROM form_data WHERE (sd >='_$date') and (sd < '_$date2')";
    new SQL2CSV($params, $query);
?>

 

 

Now what's happening is: it'll pick up "date2" but not "date" and I have no idea what the heck is going on! I've tried all that I know to try and get it right, I'm still confusled!

 

I'm left in your capable hands, thanks in advance

Kyle

[trq]

Where is $date defined? Have you echo'd $query to see what it looks like?

[karlosantana]

Hi thorpe and thankyou 

 

$date is defined below the bit in BOLD

 

<form action="" method="post">

<div>

<b>Example Form</b><br/>

Please input a date: <input onclick="ds_sh(this);" name="date" readonly="readonly" style="cursor: text" /><br />

Please input another date: <input onclick="ds_sh(this);" name="date2" readonly="readonly" style="cursor: text" /><br />

<input type="submit" value="Submit" />

</div>

</form>

 

But it's confusing because $date2 will work but not $date, if it help the script for the selector is HERE.

Thanks again

Kyle

[trq]

Your script would appear to rely on register_globals being set to on. this has been off (for security reasons) by default for about the last 7 years.

 

You should also be escaping any user input in case of special chars also.

 

Assuming your using mysql_connect() somewhere within your db wrapper.....

 

<?php
    require_once 'class.sql2csv.php';
    
    $params = array(
        'host'        => 'localhost',
        'user'        => 'root',
        'password'    => '',
        'database'    => 'database_name'
    );
    $date = mysql_real_escape_string($_POST['date']);
    $date2 = mysql_real_escape_string($_POST['date2']);
    $query = "SELECT * FROM form_data WHERE (sd >='_$date') and (sd < '_$date2')";
    new SQL2CSV($params, $query);
?>

[karlosantana]

Mate I'm sorry but that didn't work. Because I've left it a bit vague and although, I profess to be otherwise, am still new to PHP I have Uploaded a trial script so you can see

You can sse the script HERE

and all script used in this page is attatched

I hope that helps!

Kyle

 

[attachment deleted by admin]

[PFMaBiSmAd]

The name attributes of your form fields are not date and date2. You would need to make sure that the data from the form is being accessed in the php code correctly.

[karlosantana]

Hi PFMaBiSmAd and thanks for your reply, I've already tried that, however have tried it again just in case and it's doing exactly the same thing! If it were the names that were wrong it wouldn't fill in either attributes, but its not it's just ignoring $date but filling $date2!

 

It's so frustrating !  still completely completely confused    . I'm in your hands guys!

Cheers

KYle

[PFMaBiSmAd]

Your current form at the link you posted submits the following data -

 

POST:Array

(

    [date] => 2010-02-01

    [date2] => 2010-02-28

)

 

If $_POST['date'] and $_POST['date2'] is what the form processing code is using, then the problem is somewhere in the form processing code.

 

Are your sure the code on your live site is the same you are posting here? For example, the form fields were actually named from and to when I looked before making the 08:06:51 AM post, which is not what you posted in the 03:59:16 AM post in this thread.

 

[karlosantana]

I may have changed it, I'm still working on it to try and get it to work lol. Its very frustrating when your work that you've spent ages doing doesn't work, I'm not one to give up until it tries, so yes basically I have been changing things altering them here and there.

Kyle

[trq]

Put this at the top of your processing script.

 

<?php
  echo '<pre>';
  print_r($_POST);
  echo '</pre>';
  die();
?>

 

What do you get when you submit the form?

[karlosantana]

I did it! After much trial and error the code below solved the issue and I am now using the script to its best , thanks for all your help guys, you've been great!

The code that "fixed" it was this (I have to admit I tried this once!).

So basically I changed the script to submit "from and "to" then used $_POST to change it to "date" and "date2"

<?php
    require_once 'class.sql2csv.php';
   
    $params = array(
        'host'        => 'localhost',
        'user'        => 'root',
        'password'    => '',
        'database'    => 'database_name'
    );
    $from = $_POST ["date"];
    $to    = $_POST ["date2"];

    $query = "SELECT * FROM form_data WHERE (sd >='$from') and (sd < '$to')";
    new SQL2CSV($params, $query);
?>

 

Thanks again

Kyle

 

[trq]

Yeah, it always helps if your accessing the correct keys within an array.

 

By the way, you've removed the calls to mysql_real_escape_string, bad idea.