2

I'm using this code to update my datatime field to NULL, php version 7.3.7

    if($_POST['value']=='0000-00-00 00:00:00'){
      $timestamp=NULL;
    }else {
      $dateTime = $_POST['value'];
      $timestamp = date('Y-m-d H:i', strtotime($_POST['value']));
   }
$query="update forms set $_POST[limitInputField]='$timestamp' where  formid='$_POST[formId]'";
$result=$dbCnn->query($query)or die($dbCnn->error);

it gives error when $timestamp is null:

Incorrect datetime value: '' for column farsifor_m.forms.enddate at row 1

But when I quote "NULL" and remove quotations around $timestamp in the query, if $timestamp is null it works properly but if $timestamp value is not null it gives error.

   if($_POST['value']=='0000-00-00 00:00:00'){
     $timestamp="NULL";
   }else {
     $dateTime = $_POST['value'];
     $timestamp = date('Y-m-d H:i', strtotime($_POST['value']));
   }
  $query="update forms set $_POST[limitInputField]=$timestamp where       formid='$_POST[formId]'";
    $result=$dbCnn->query($query)or die($dbCnn->error);
Improve this question
4
  • 3
    Use prepared statements. NULL is not the same as an empty string, so it's erroring out. Using prepared statements bypasses this issue. Here are the instructions for PDO and mysqli Commented Sep 3, 2019 at 14:58
  • is there any way else? my codes work properly in php 5.6. but not in 7.3.7 Commented Sep 3, 2019 at 15:04
  • In mysql u can use now() function Commented Sep 3, 2019 at 15:07
  • 1
    I'm surprised it works in 5.6. Prepared statements and parameter binding is the safest way to pass data into SQL queries, and prevents a ton of headaches. Commented Sep 3, 2019 at 15:10

3 Answers 3

Reset to default
2

Learn to use prepared statements; and do not inject post variables to "build" the query. Having said that:

You can use NULLIF for convenience. In the following example the specific value 0000-00-00 00:00:00 will be converted to NULL:

UPDATE forms SET col = NULLIF(:timestamp, '0000-00-00 00:00:00') WHERE formid = :formid

Or you can simply:

UPDATE forms SET col = :timestamp WHERE formid = :formid

And use PHP to pass a variable containing string or null.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

how to use this kind of query in prapare statement?
0

You can resolve this with some slight changes to your code (take note of single and double quotes):

    if($_POST['value']=='0000-00-00 00:00:00'){
      $timestamp="NULL";
    }else {
      $dateTime = $_POST['value'];
      $timestamp = "'".date('Y-m-d H:i', strtotime($_POST['value']))."'";
   }
$query="update forms set $_POST[limitInputField]=$timestamp where  formid='$_POST[formId]'";

This way if you're setting a NULL value in timestamp the query would look something like this:

update forms set limitInputField=NULL where formid='123'

But if you're putting a value in there it would look like this:

update forms set limitInputField='2019-09-03 17:08' where formid='123'

Important to note there are no quotes around the NULL when setting the value, but there are around the date.

Improve this answer

3 Comments

This answer may be downvoted since you left SQL Injections vulnerabilities.
I'm just basing this on his code for ease of understanding. Also - it would have to be a damn clever hacker to get SQL injection working through that date function. :P (But thanks for pointing that out. I'm new to contributing here.)
What about $_POST[limitInputField] ? $_POST[formId] ? Always use prepared statement.
0 
$date = $_POST['Date']; //get date from form
$time = $_POST['Time']; //get time from form

if(strtotime($date.$time)==0){ // check if null or not 
    $AboutDate = "0000-00-00 00:00:00"; 
}else{                        
    $AboutDate = date("Y-m-d H:i", strtotime($date.$time)); 
}

Then Update/Insert into SQL

UPDATE xxx(table) SET xxx(column) = NULLIF('$AboutDate','0000-00-00 00:00:00') WHERE xxxx = xxxxx

Let's go BABY

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.