0

I want to put the uses date of birth into the database..so I wrote this function:

      function setAge($day, $month, $year)
  {
      $date= strtotime("$day $month $year");

       mysql("UPDATE controlpanel
             SET date_of_birth=$date
             WHERE=".this->$userID) or die(mysql_error());
  }

I am not sure if this is correct, or the best way to update the date. The field variable is DATE, .. I dont insert dates, I just update it..will it cause an error? is this the best way to put a date from php to mysql?

Improve this question

6 Answers 6

Reset to default
1

You should format the date to 'yyyy-mm-dd' for your SQL statement to insert it into MySQL.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Quite a lot of stuff wrong here.

  1. Your query is malformed. You're not specifying which field you're comparing in the WHERE clause. You need to do something like WHERE userID = 123.

  2. You're not sanitising your values. ALWAYS ALWAYS ALWAYS use the appropriate filtering function on query data. If you don't, you're open to SQL injection. In this case, you probably want to use mysql_real_escape_string().

  3. Your use of strtotime() is wrong. You can easily manually format it using "{$year}-{$month}-{$day}".

Just for emphasis:

SERIOUSLY, SANITISE YOUR DATA PROPERLY. YOU WILL GET HACKED.

Improve this answer

2 Comments

the variables will be safe before they go into the function dont worry..nicely noticed..it was a mistake to put year, month, date
It is ALWAYS better to sanitise at the site of the query, rather than rely on other parts of the code doing the sanitising for you. It means that you only have to remember to sanitise once, rather than every time you want to use that function. It also makes your code easier to read, since it's free of annoying temp variables that contain sanitised versions of your data.
0 
mysql_query( "UPDATE `controlpanel`
                 SET `date_of_birth`='".$year."-".$month."-".$day."'
                 WHERE `userid`=".this->$userID);

There are quite a few code errors in your code. Did you even TRY running it?
Anyway, this code removes the need for the strtotime call.

Improve this answer

Comments

0

You don't need custom function has PHP has predefine date functions.

$date= date("Y-m-d", strtotime(mktime(0, 0, 0, $month, $day, $year)));

You can use strtotime() if you want.

refer documentation for more details http://php.net/manual/en/function.mktime.php

Improve this answer

1 Comment

You already have day, month and year from the beginning. You don't need to convert to Unix timestamp. It isn't wrong bug it's kind of redundant.
0

kolink is correct..in database date datatype format is year-month-day, you can also store date and time in timestamp, it will be more easy to handle.. through time stamp you can handle date and time more flexibly..

Improve this answer

1 Comment

Bad advice. Data types exist for a reason. If you handle dates as integers you are just making this harder for no good reason.
0

If you look at the PHP manual, you'll see that strtotime() returns an integer, more specifically a Unix timestamp. If you look at the MySQL manual, you'll see that DATE columns are handled as strings.

Apart from reading the documentation, you can see that something's wrong with some simple debugging. If you print your query with var_dump() and run it in your favourite MySQL client, you'll see that your row gets updated with an invalid value (or you get an error message, depending on the server settings).

Now, there are many ways to create a properly formatted string. You appear to have the individual components saved into PHP variables, so you can use sprintf():

sprintf('%04d-%02d-%02d', $year, $month, $day)

Update: I'm adding some other versions to please @Col. Shrapnel:

sprintf('%s-%s-%s', $year, $month, $day)
"$year-$month-$day"
$year . '-' . $month . '-' . $day
Improve this answer

4 Comments

@Col.Shrapnel - sprintf() is a handy way to generate a string with a fixed format. It takes care of casting to integer and add leading zeroes as required and it's sometimes cleaner than raw string concatenation. I thought you would know that with 27K rep ;-P
what's the point in adding zeros to the year? and in casting too? if you want to validate your date, use checkdate() first - it will do the validation part explicitly, not silently with possible erroneous result as sprintf().
@Col.Shrapnel - I've updated my answer. I know I shouldn't care but it's just that I don't want to provide the worse answer in six when I'm the only one who cared to explain why the OP's code was wrong and link to the appropriate manual chapters.
thanks. the "$year-$month-$day" variant is indeed most natural of them all.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.