php CURDATE to MySQL

[valoukh]

Hi all,

 

I'm trying to insert 4 pieces of information into a MySQL table from a HTML form. 3 of the items are user-input and I'd like to have the fourth one (the date) automatically entered. I'm new to this so if anyone can quickly explain what I'm doing wrong that would be great!

 

update_news.php:

 

<form action="update_news_doupdate.php" method="post">
Title: <input type="text" name="title" />
Content: <input type="text" name="content" />
Image: <input type="text" name="image" />
<input type="submit" />
</form>

 

update_news_doupdate.php:

 

<?
$sql="INSERT INTO News (Date, Title, Content, Image)
VALUES
('CURDATE()','$_POST[title]','$_POST[content]','$_POST[image]')";

if (!mysql_query($sql,$dbh))
  {
  die('Error: ' . mysql_error());
  }
echo "News item added, thanks!";

mysql_close($dbh)
?>

 

The 3 fields enter perfectly, just can't get today's date in there (I'm getting 0000-00-00).

 

Thanks a lot, valoukh.

[shocker-z]

CURDATE() doesnt need to be wrapped in quotes as it's a built in mysql function.

 

<?
$sql="INSERT INTO News (Date, Title, Content, Image)
VALUES
(CURDATE(),'"mysql_real_ escape_string($_POST['title'])"','"mysql_real_ escape_string($_POST['content'])"','"mysql_real_ escape_string($_POST['image'])"')";

if (!mysql_query($sql,$dbh))
  {
  die('Error: ' . mysql_error());
  }
echo "News item added, thanks!";

mysql_close($dbh)
?>

 

I've also added mysql_real_ escape_string() to help protect you against a few attacks that can be done.

 

Regards

Liam