我在这里发现了类似的问题,但大多数解决方案对我不起作用。我有一个带有&jquery UI日期选择器的表单'我想在给定的日期获得搜索结果。我尝试更改日期格式,但它不会返回任何结果。
搜索表单
<base>搜索查询 -
<div class="form-group row">
<label for="duration" class="col-sm-4 col-form-label">
<input type="checkbox" name="search2" value="checkbox" id="duration" class="search2"> Duration</label>
<div class="col-sm-4">
<input type="date" class="form-control input-sm data2" name="data1" id="startdate" placeholder="Start Date" disabled="disabled">
</div>
<div class="col-sm-4">
<input type="date" class="form-control input-sm data2" name="data2" id="enddate" placeholder="End Date" disabled="disabled">
</div>
</div>
复选框选择 -
$sql = "SELECT * FROM reservation
INNER JOIN package ON reservation.tid = package.tid
INNER JOIN reservation_type ON reservation.type = reservation_type.id
INNER JOIN customer ON reservation.cid = customer.cid
INNER JOIN reservation_status ON reservation.status = reservation_status.id
WHERE " ;
if(isset($_POST['search2'])){ $start_date = date('Y-m-d', strtotime($_POST['data1'])); $sql .= " start_date = $start_date AND" ; }
if(isset($_POST['search2'])){ $end_date = date('Y-m-d', strtotime($_POST['data2'])); $sql .= " end_date = $end_date AND" ; }
if(isset($_POST['search'])){ $rid = mysqli_real_escape_string($db, $_POST['data']); $sql .= " rid = $rid AND" ; }
if(isset($_POST['search3'])){ $cid = mysqli_real_escape_string($db, $_POST['data3']); $sql .= " reservation.cid = $cid AND" ; }
if(isset($_POST['search5'])){ $tid = mysqli_real_escape_string($db, $_POST['data5']); $sql .= " reservation.tid = $tid AND" ; }
if(isset($_POST['search6'])){ $type = mysqli_real_escape_string($db, $_POST['data6']); $sql .= " reservation.type = $type AND" ; }
if(isset($_POST['search4'])){ $status = mysqli_real_escape_string($db, $_POST['data4']); $sql .= " status = $status AND" ; }
$sql = rtrim($sql, "AND") ;
$result = mysqli_query($db, $sql)or die("Error: ".mysqli_error($db));
$num_rows = mysqli_num_rows($result);
if($num_rows >0){
while ($row = mysqli_fetch_assoc($result)) {
?>
<tr align="center">
<td><?php echo $row["start_date"]; ?></td>
<td><?php echo $row["end_date"]; ?></td>
jQueryUI的 -
$(".search2").on('click', function() {
if($(this).is(':checked')){
$(".data2").prop('disabled',false);
} else {
$(".data2").prop('disabled',true);
}
})
查询适用于其他ckeckings(如下图所示); Search Result 1
但不是约会, Search Result 2
我是一名学生,也是编码新手。任何帮助表示赞赏!谢谢。
答案 0 :(得分:0)
在您的查询中,为值添加单引号: 例如:
$sql .= " start_date = '$start_date' AND" ;
答案 1 :(得分:0)
当Rijin已经回答时,你错过了日期的引用。但是,由于您表示您不熟悉编码,我强烈建议您已经熟悉使用预准备语句而不是目前构建SQL查询的方式。建立像这样的代码更好:
$sql = "SELECT * FROM reservation
INNER JOIN package ON reservation.tid = package.tid
INNER JOIN reservation_type ON reservation.type = reservation_type.id
INNER JOIN customer ON reservation.cid = customer.cid
INNER JOIN reservation_status ON reservation.status = reservation_status.id";
$where = [];
if(isset($_POST['search2'])){
$start_date = date('Y-m-d', strtotime($_POST['data1']));
$where["start_date = ?"] = $start_date;
$end_date = date('Y-m-d', strtotime($_POST['data2']));
$where["end_date = ?"] = $end_date;
}
if(isset($_POST['search'])){
$rid = mysqli_real_escape_string($db, $_POST['data']);
$where["rid = ?"] = $rid;
}
if(!empty($where)) {
$sql .= ' WHERE ' . implode(' AND ',array_keys($where));
}
$stmt = $db->prepare($sql);
if(!$stmt) {
trigger_error('An error occured: (' . $db->errno . ', ' . $db->error . '), sql: ' . $sql, E_USER_ERROR);
}
foreach($where as $value) {
/* Bind parameters. Types: s = string, i = integer, d = double, b = blob */
$stmt->bind_param('s', $value);
}
$stmt->execute();
有关为何以及如何使用预备陈述的详细信息,请参阅How can I prevent SQL injection in PHP?。