使用mysql数据进行简单的日期验证

时间:2016-03-07 22:00:35

标签: php mysql

我有这个简单的日期验证,如果字段中的输入小于查询中的日期,则用户无法输入日期

我有这段代码:

if (isset($_POST['btnsubmit'])) {

$date1 = date('Y-m-d', strtotime($_POST['date1']));
$reading = $_POST['reading']; 
$suggest = $_POST['suggest'];
$part =$_POST['part'];

 $sql2 = "SELECT dateinput FROM sched ORDER BY date DESC LIMIT 1";
 $sql = "SELECT reading FROM sched ORDER BY reading DESC LIMIT 1";
 $result = mysqli_query($sqli, $sql);
 if ( $result === FALSE )
 {
    echo mysql_error();
    exit;
}                   
                    $row = mysqli_fetch_object($result);                    
                    if (empty($_POST['reading']))
                    {
                    echo "No Input ";
                    exit;
                    }
                    if ($_POST['reading'] <= $row->reading) 
                    {
                    echo "Must input higher value than {$row->reading}";
                    exit;
                    }
                    if ($_POST['reading'] > $row->reading)
                        {
                            $result2 = mysqli_query($sqli, $sql2);
                            $row2 = mysqli_fetch_object($result2);
                            $try2 = date('Y-m-d', strtotime($row2));
                            if ($_POST['date1'] <= $row2->dateinput)
                            {
                                echo "Must input higher value than {$row2->dateinput}";
                                exit;
                            }
                            elseif ($_POST['date1'] > $row2->dateinput)
                            {
                                $query = mysqli_query($sqli,"INSERT INTO sched (dateinput,reading,suggest,part) VALUES ('$date1','$reading','$suggest','$part')");
                            }
                            else ($_POST['date1'] == date('Y-m-d', strtotime($_POST['1970-01-01'])));
                            {
                                echo "No Input";
                                exit;
                            }
                        }



        }



            }

结果是: 如果我有正确的输入(意味着高于最新的查询),则INSERT执行。但是如果输入错误数据(意味着低于最新查询),则echo不会执行。这有什么问题?

1 个答案:

答案 0 :(得分:1)

试试这个:

if (isset($_POST['btnsubmit'])) {

    $date1 = date('Y-m-d', strtotime($_POST['date1']));
    $reading = $_POST['reading']; 
    $suggest = $_POST['suggest'];
    $part =$_POST['part'];

    $sql = "SELECT reading FROM sched ORDER BY reading DESC LIMIT 1";
    $result = mysqli_query($sqli, $sql);
    if ( $result === FALSE )
    {
        echo mysqli_error();
        exit;
    }                   

    $row = mysqli_fetch_assoc($result);                    

    if (empty($_POST['reading']))
    {
        echo "No Input ";
        exit;
    }

    if ($_POST['reading'] <= $row['reading']) 
    {
        echo 'Must input higher value than {'.$row['reading'].'}';
        exit;
    }

    if ($_POST['reading'] > $row['reading'])
    {
        $sql2 = "SELECT dateinput FROM sched ORDER BY date DESC LIMIT 1";
        $result2 = mysqli_query($sqli, $sql2);

        $row2 = mysqli_fetch_assoc($result2);
        // $try2 = date('Y-m-d', strtotime($row2)); what is this?

        if ($_POST['date1'] <= $row2['dateinput'])
        {
            echo 'Must input higher value than {'.$row2['dateinput'].'}';
            exit;
        }

        elseif ($_POST['date1'] > $row2['dateinput'])
        {
            $query = mysqli_query($sqli,"INSERT INTO sched (dateinput,reading,suggest,part) VALUES ('$date1','$reading','$suggest','$part')");
        }

        else
        {
            echo "Check your Input";
            exit;
        }
    }

}

你应该看看这个:

How can I prevent SQL injection in PHP?