0

Hello i trying to select date from mysql between date's with this code:

if (empty($_GET['date-range1'])) { 
    $sql=mysql_query("SELECT * FROM sohy_raports ORDER BY ".$_GET['sort']." ".$_GET['ad']."");

} else {
$sql=mysql_query("SELECT * FROM sohy_raports WHERE date BETWEEN ".$_GET['date-range1']." AND ".$_GET['date-range2']." ORDER BY ".$_GET['sort']." ".$_GET['ad']."");
}

but with this code i can't select between date's only between id's. It can be from date format error Y-mm-dd ?

Thanks

Improve this question
5
  • Just a comment: you should write timestamps to the database, makes this question alot easier Commented May 27, 2013 at 8:20
  • What are the contents of $_GET['date-range1'] and $_GET['date-range2'] ? Also, your code is widely open to SQL injection attacks, you might want to read up on that if you plan on putting this code on the public internet. Commented May 27, 2013 at 8:21
  • What is the data type of the date column? What are the inputs? Why aren't you quoting those date values? Why aren't you using query parameters? Commented May 27, 2013 at 8:22
  • your code will never go for else condition if $_GET['date-range1'] is empty then how it will check for between and you missed comma between sort and ad.. Commented May 27, 2013 at 8:22
  • date-range1 = 2013-05-23; date-range2 = 2013-05-28; Commented May 27, 2013 at 8:36

1 Answer 1

Reset to default
2

Instead of 

$sql=mysql_query("SELECT * FROM sohy_raports WHERE date BETWEEN ".$_GET['date-range1']." AND ".$_GET['date-range2']." ORDER BY ".$_GET['sort']." ".$_GET['ad']."");

do

$query = "SELECT * FROM sohy_raports WHERE date BETWEEN ".$_GET['date-range1']." AND ".$_GET['date-range2']." ORDER BY ".$_GET['sort']." ".$_GET['ad'];
echo $query;
$sql=mysql_query($query);

This will print out the query you are sending to your database, and will clear up alot of what might go wrong, and what exactly the date-format is you are using.

On the side, but no less important: - Don't use the mysql_* functions anymore, they are deprecated and unsafe. Switch to mysqli_* or PDO instead. - Never just use your GET variable (or POST) in your query, make sure you sanitize them first to prevent SQL injections.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.