user7958694
Reputation:
Inserting date value into MySQL through PHP
What I'm trying to do is as the title implies inserting date into created table.
I've done my research. I considered following topics:
and others.
However nothing really helped to solve this. The $dob variable is in there on purpose. I need to make sure that it will change as users will change as well.
This is my php code:
$firstName = $middleName = $lastName = $mobileNumber = $dob = $address = "";
$firstName0 = $middleName0 = $lastName0 = $mobileNumber0 = $dob0 = $address0 = "";
$dobErr = $addressErr = $mobilenumErr = $emailErr = $passwordErr = "";
$email = $password = $fnameErr = $mnameErr = $lnameErr = $conn = $data = "";
$email0 = $password0 = "";
require_once 'login.php';
$conn = new mysqli($hn, $un, $pw, $db);
if($conn->connect_error) die($conn->connect_error);
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if(isset($_POST['submit'])) {
// input validation
if ($_SERVER["REQUEST_METHOD"] == "post") {
if (empty($_POST["firstName"])) {
$fnameErr = "Name is required";
} else {
$firstName0 = test_input($_POST["firstName"]);
}
if (empty($_POST["lastName"])) {
$lnameErr = "Last name is required";
} else {
$lastName0 = test_input($_POST["lastName"]);
}
if (empty($_POST["dob"])) {
$dobErr = "Date of birth is required";
} else {
$dob0 = test_input($_POST["dob"]);
}
if (empty($_POST["address"])) {
$addressErr = "Address is required";
} else {
$address0 = test_input($_POST["address"]);
}
if (empty($_POST["mobileNumber"])) {
$mobilenumErr = "Mobile number is required";
} else {
$mobileNumber0 = test_input($_POST["mobileNumber"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email0 = test_input($_POST["email"]);
}
if (empty($_POST["password"])) {
$passwordErr = "Password is required";
} else {
$password0 = test_input($_POST["password"]);
}
}
if ($_SERVER["REQUEST_METHOD"] == "post") {
// sanitizing the input
$firstName = test_input($_POST["$firstName0"]);
if (!preg_match("/^[a-zA-Z]*$/",$firstName)) {
$nameErr = "Only letters are allowed";
}
$middleName = test_input($_POST["$middleName0"]);
$lastName = test_input($_POST["$lastName0"]);
$dob = test_input($_POST["$dob0"]);
$address = test_input($_POST["$address0"]);
$mobileNumber = test_input($_POST["$mobileNumber0"]);
$email = test_input($_POST["$email0"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
$password = test_input($_POST["$password0"]);
}
// sending valid data to the database
$query = "insert into details values" . "("$firstName","$middleName","$lastName",STR_TO_DATE("$dob","%Y/%m/%d"),"$address","$mobileNumber","$email", "$password")";
$result = $conn->query($query);
if(!$result) {
echo 'Insert failed: $query<br>' . $conn->error . '<br><br>';
} else {
echo 'Data saved !';
}
}
I'm getting this error:
Insert failed: insert into details values('','','',STR_TO_DATE("","%Y/%m/%d"),'','','', '') Incorrect datetime value: '' for function str_to_date
Upvotes: 0
Views: 1925
Answers (2)
mickmackusa
Reputation: 47894
With all of those individual string declarations, I think it would be better to processes arrays. PHP has some fantastic array functions to offer. I'll use array_intersect_key(), array_walk(), implode(), and array_keys(). I have left some commented var_export()'s in place so that you can uncomment them and see how the filtering processes work.
If a form submits this $_POST array:
$_POST=array('firstName'=>'Mick','lastName'=>'MacKusa','dob'=>'2017/05/03',
'address'=>'Home','mobileNumber'=>'v','email'=>'[email protected]',
'password'=>'v','bogus'=>'Hacktastic');
To this script:
<?php
require_once 'login.php';
$requireds=array('firstName'=>'Name is required','lastName'=>'Last name is required','dob'=>'Date of birth is required','address'=>'Address is required','mobileNumber'=>'Mobile number is required','email'=>'Email is required','password'=>'Password is required');
$inputs=array_intersect_key($_POST,$requireds); // only handle desired elements in $_POST
// var_export($inputs); // 'bogus'=>'Hacktastic' has beem removed
// create an array filled with empty elements
array_walk($inputs,function($v,$k)use(&$empties){if(empty($v)){$empties[$k]=$v;}});
// var_export($empties);
if(!is_null($empties)){ // if at least one required value is missing...
$messages=array_intersect_key($requireds,$empties); // create an array of "required" messages
var_export($messages); // handle this array however you wish
}else{ // all fields have a value
//var_export($inputs);
// do any necessary/specific validation or preparation on elements like:
// $inputs['password']=hash("sha256",$_POST["password"]); or something
// never store anyone's unencrypted passwords
// regarding data security, research AS MUCH AS POSSIBLE
// check format of $inputs['dob'] and $inputs['email'], etc...
// I prefer pdo where I can drop the $inputs array into the execute function,
// but it may be less overwhelming for you to stay with mysqli for the time being
if(!$conn=new mysqli($hn,$un,$pw,$db)){
echo "Connection Error: ",$conn->connect_error; // do not echo when live
}elseif($stmt=$conn->prepare("INSERT INTO `details` (`".implode('`,`',array_keys($inputs))."`) VALUES (?,?,STR_TO_DATE(?,'%Y/%m/%d'),?,?,?,?)")){
// to shrink bind_param code, use variadic expression or call_user_func_array
if($stmt->bind_param('sssssss',$inputs['firstName'],$inputs['lastName'],$inputs['dob'],$inputs['address'],$inputs['mobileNumber'],$inputs['email'],$inputs['password']) && $stmt->execute()){
echo "Success - New ID# is ",$stmt->insert_id;
}else{
echo "Statement Error: ",$stmt->error; // do not echo when public
}
$stmt->close();
}else{
echo "Prepare Error: ",$conn->error; // do not echo when public
}
$conn->close();
}
?>
And the details table in the database looks like this:
CREATE TABLE `details` (
`id` int(10) NOT NULL,
`firstName` varchar(100) NOT NULL,
`lastName` varchar(100) NOT NULL,
`dob` date NOT NULL,
`address` varchar(255) NOT NULL,
`mobileNumber` varchar(30) NOT NULL,
`email` varchar(255) NOT NULL,
`password` varchar(100) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
ALTER TABLE `details`
ADD PRIMARY KEY (`id`);
ALTER TABLE `details`
MODIFY `id` int(10) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
Then the screen output will read:
Success - New ID# is 1
And the database table will look like this:
By doing some light validation and preparation work with array functions and using prepared statements to handle the security aspect, you can skip right to educating yourself about developing a smart/secure login system.
Upvotes: 0
Michael
Reputation: 5335
$query = "insert into details values ($firstName,$middleName,$lastName,STR_TO_DATE($dob,'%Y/%m/%d'),$address,$mobileNumber,$email, $password)";
Upvotes: 1
Related Questions
- PHP - Insert date into mysql
- Convert date string to insert in mysql date format
- how to insert date into MySQL from PHP
- MySQL and PHP inserting a date into a Date field
- PHP insert into mysql database with dates
- Inserting Date to Database
- Prepare String Date for MySQL Insert with PHP
- Inserting date to database in mysql
- Inserting date value into MySQL
- PHP date() - inserting into an MySQL database