PHP:存储的字符串日期为MySQL日期格式,但存储的日期结果为1969-12-31

时间:2015-11-15 14:23:38

标签: php mysql 

public function storeUser($name, $email, $password, $str_birthday) {
    $uuid = uniqid('', true);
    $hash = $this->hashSSHA($password);
    $encrypted_password = $hash["encrypted_password"]; // encrypted password
    $salt = $hash["salt"]; // salt
    $tmp_dobformat = split('-', $str_birthday);
    $tmp = $tmp_dobformat[2].'-'.$tmp_dobformat[1].'-'.$tmp_dobformat[0];
    $dob = date('Y-m-d', strtotime($tmp));

    $result = mysqli_query($this->db->connect(), "INSERT INTO users(unique_id, name, email, encrypted_password, birthday, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$dob', '$salt', NOW())");

    // check for successful store
    if ($result) {

        // get user details
        $result = mysqli_query($this->db->connect(), "SELECT * FROM users WHERE email = '$email'");

        // return user details
        return mysqli_fetch_array($result);

    } else {
        return false;
    }
}

如果$ str_birthday是27-03-1982,那么它应该作为1982-03-27存储在MySQL数据库中。但无论输入日期是什么,我只在数据库中获得1969-12-31。我的代码出了什么问题?

我创建了一个index.html文件来检查JSON响应。这是index.html文件。

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="index.php" method="post">
Tag: <input type="text" name="tag"><br>
Name: <input type="text" name="name"><br>
Email: <input type="text" name="email"><br>
Password: <input type="password" name="password"><br>
Birthday: <input type="date" name="birthday"><br>
<input type="submit">
</form>
</body>
</html>

这是获取POST变量并获取JSON响应的index.php文件。

<?php

if (isset($_POST['tag']) && !empty($_POST['tag'])) {

    $tag = $_POST['tag'];

    // get the variables.
    $name = $_POST['name'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $gender = $_POST['gender'];
    $birthday = $_POST['birthday'];

    echo $birthday;

    // response Array
    $response = array("error" => FALSE);

    require_once 'mysql/DB_Functions.php';
    $db = new DB_Functions();

    if ($tag == 'register') {

        // check if user is already exists

        if ($db->userExists($email)) {

            // user already exists - error response
            $response["error"] = TRUE;
            $response["error_msg"] = "User already exists";

            echo json_encode($response);
        } else {

            // store user
            $user = $db->storeUser($name, $email, $password, $gender, $birthday);

            if ($user) {
                // user successfully saved to MySQL database
                $response["error"] = FALSE;
                $response["uid"] = $user["unique_id"];
                $response["user"]["name"] = $user["name"];
                $response["user"]["email"] = $user["email"];
                $response["user"]["gender"] = $user["gender"];
                $response["user"]["birthday"] = $user["birthday"];
                $response["user"]["created_at"] = $user["created_at"];
                $response["user"]["updated_at"] = $user["updated_at"];

                echo json_encode($response);

            } else {
                // user failed to store
                $response["error"] = TRUE;
                $response["error_msg"] = "JSON Error occured in Registration";
                echo json_encode($response);
            }
        }
    } else {
        // user failed to store
        $response["error"] = TRUE;
        $response["error_msg"] = "Unknow 'tag' value. It should be either 'login' or 'register'";
        echo json_encode($response);
    }
} else {
    $response["error"] = TRUE;
    $response["error_msg"] = "Operation failed due to the missing tag!";
    echo json_encode($response);
}

var_dump($_SERVER['REQUEST_METHOD'], $_POST);
?>

最后,这是我在index.html文件中直接输入每个值时获得的JSON响应。

{"error":false,"uid":"564901af9bb9f2.79708336","user":{"name":"Learning PHP","email":"learning@php.com","gender":"","birthday":"1969-12-31","created_at":"2015-11-15 17:05:35","updated_at":null}}string(4) "POST" array(5) { ["tag"]=> string(8) "register" ["name"]=> string(12) "Learning PHP" ["email"]=> string(16) "learning@php.com" ["password"]=> string(11) "learningphp" ["dob"]=> string(10) "1981-10-12" }

所以,似乎没有问题获得'生日'的POST变量,但事情是返回值。 1969-12-31

1 个答案:

答案 0 :(得分:0)

最重要的线索是返回的日期。 1969-12-31在某些负时区(例如GMT-05)可能1970-01-011970-01-01是Unix时间戳0。

这里的问题是date函数,在它的第二个参数中,期望一个Unix时间戳 - 一个数值。但是你传递了一个日期字符串。 PHP不知道如何处理字符串,因此它将其转换为0然后date()取零并返回您看到的日期。

事实上,您不需要进行所有分割和组合等。如果已经将$str_birthday格式化为YYYY-MM-DD,则应该能够将$name="');drop table users直接传递到数据库中。

不相关但更重要的是:建立SQL字符串是非常不明智的。您正在接受SQL注入攻击。例如,如果{{1}}那么你就陷入了困境。你应该使用mysqli_prepare。以下是关于SQL injections的一些推荐读物。

相关问题
最新问题