这是我的代码
<?php
//filter.php
if(isset($_POST["from_date"], $_POST["to_date"]))
{
$connect = mysqli_connect("localhost", "", "", "");
$output = '';
$query = "
SELECT
CreatedDate,
COUNT(`Ticket`) AS Tickets,
SUM(CASE WHEN status = 'Closed' THEN 1 ELSE 0 END) as Closed
FROM Dashboarddetails
WHERE CreatedDate BETWEEN '".$_POST["from_date"]."' AND '".$_POST["to_date"]."'
GROUP BY CreatedDate
ORDER BY CreatedDate
";
请找到图片,这是获取当前代码的结果。
答案 0 :(得分:0)
您可以使用DATE()函数
并且您应该避免在sql代码中使用php var来防止sqlinjection,为此,请为您的db driver看一下预先准备好的statemente和binding param
基于事实,您正在使用msqli而不是可以使用的PDO
if(isset($_POST["from_date"], $_POST["to_date"]))
{
$connect = mysqli_connect("localhost", "", "", "");
$output = '';
$stmt = $connect->prepare("CreatedDate,
COUNT(`Ticket`) AS Tickets,
SUM(CASE WHEN status = 'Closed' THEN 1 ELSE 0 END) as Closed
FROM Dashboarddetails";
WHERE CreatedDate BETWEEN DATE(?) AND DATE(?)
GROUP BY CreatedDate
ORDER BY CreatedDate");
$stmt->bind_param('ss',$_POST["from_date"], $_POST["to_date"]);
$stmt->execute();
$result = $stmt->get_result();
while ($myrow = $result->fetch_assoc()) {
....
}
.....
无论如何,请确保您在POST中的日期是规范格式的日期字符串,并且两个日期的date()部分是有效的日期范围(如果您传递的两个日期在同一天之间,则子句之间不起作用)