0 
<!DOCTYPE html>
<html>
<head>
<title>Form</title>
</head>
<body>
<form action="collect.php" method="post">
date:<input type="date" name="date"/><br/>
<input type="submit"/><br/>
</form>
</body>
</html>

This form accepts date and sends it to collect.php which is as follows

<?php
$connect=mysqli_connect("localhost","root","");
if(mysqli_connect_error()){
echo "Databse connect error";
die();
}
else echo "successfully connected <br/>";
$date=$_POST['date'];
$adddate="INSERT INTO `testform`.`date`(date) VALUES(".$date.")";
$result=mysqli_query($connect,$adddate);
if($result==TRUE)
    echo "date added asuccessfully";
else echo "problem in date";
?>

The problem is that it echos date added successfully but when i check in my phpmyadmin result is 0000-00-00 I don't understand the reason.Have tried almost everything i could.please help...

Improve this question
3
  • Please read about SQL Injection and update your code accordingly. Commented Sep 10, 2013 at 17:50
  • when i am not allowing the user to input anything else but date,how can there be sql injection?@JasonMcCreary Commented Sep 10, 2013 at 17:55
  • Do you think a spammer/hacker will use your form? Commented Sep 10, 2013 at 17:59

1 Answer 1

Reset to default
1

Add Quotes around your date

$date=mysqli_real_escape_string($connect,$_POST['date']);
$adddate="INSERT INTO `testform`.`date`(date) VALUES('".$date."')";
                                                     ^         ^
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.