CODEWITHSUNDEEP
phptime
Tyler Radlick
Tyler Radlick

Reputation: 182

Check current date against date in database

What I'm doing with this code is checking the database for a date that ends editing(Say Today's date is 12/30/11 last date for edits was or is 12/12/10 = LOCKED or Todays date is 12/30/11 last date for edits was or is 12/12/13 = UNLOCKED & forwarded to edit site)

So with that in mind here's the problem: the code i have always says your account is locked no matter the lock date and i am at a lost for a solution :(.

By the way please keep in mind that the headers have already been sent by this point.

<?php
$id = $_GET['id'];
// Define MySQL Information.
$mysqlhost="***************"; // Host name of MySQL server.
$mysqlusername="**********"; // Username of MySQL database. 
$mysqlpassword="*********"; // Password of the above MySQL username.
$mysqldatabase="*************"; // Name of database where the table resides.
// Connect to MySQL.
mysql_connect("$mysqlhost", "$mysqlusername", "$mysqlpassword")or die("Could not connect to     MySQL.");
mysql_select_db("$mysqldatabase")or die("Could not connect to selected MySQL database.");

$infosql = "SELECT * FROM premiersounds_users WHERE customer_id = $id";
$inforesult = mysql_query($infosql) or die(mysql_error());
$info = mysql_fetch_array($inforesult);


$l_date=$info['lockout_date'];

//Get current date from server
    $format="%m/%d/%y";
$c_date=strftime($format);
//set sessions
$_SESSION['current_date'] = $c_date;
$_SESSION['lockout_date'] = $l_date;

//Check is Current date = lockout date
if ($c_date <= $l_date) { header("location:/planner_scripts/documnet_editors    /edit_weddingplanner.php?id=$id"); } else {echo 'Whoops! Were sorry your account has been locked to edits because your event is less than 48 hours from now or your event has passed. To make changes to your event please contact your DJ.'; echo'<br/>'; echo ' Todays Date: ';echo $c_date; echo ','; echo ' Last Date for edits: '; echo $l_date;}
?>
<?php
//Destroy Session for Lockout Date to prevent by passes
unset($_SESSION['lockout_date']);
?>

Upvotes: 0

Views: 2964

Answers (2)

user895378
user895378

Reputation:

A couple of things ...

  1. The code as it was posted is massively open to SQL-injection attacks. You should always sanitize user data before including it in a db query. I add a mysql_escape_string() call in the code below to prevent this as well as mention a simple integer cast. There are other ways to accomplish this. You can learn how by searching SO on the topic.
  2. One easy way to compare dates is to use PHP's DateTime class. The code below creates instances of DateTime ... one for the current date and one from the lockout date retrieved from the database. Once you have these objects, you can compare the two.
<?php
$id = $_GET['id'];
// Define MySQL Information.

$mysqlusername=""; // Username of MySQL database. 
$mysqlpassword=""; // Password of the above MySQL username.
$mysqldatabase=""; // Name of database where the table resides.
// Connect to MySQL.
mysql_connect("$mysqlhost", "$mysqlusername", "$mysqlpassword")or die("Could not connect to     MySQL.");
mysql_select_db("$mysqldatabase")or die("Could not connect to selected MySQL database.");

// IMPORTANT: PREVENT SQL INJECTION
$id = mysql_escape_string($id);
// Or, if $id is supposed to be an integer just do this ...
// $id = (int) $id;

$infosql = "SELECT * FROM premiersounds_users WHERE customer_id = $id";
$inforesult = mysql_query($infosql) or die(mysql_error());
$info = mysql_fetch_array($inforesult);

//Get current date from server
$c_date = new DateTime();
$l_date = new DateTime($info['lockout_date']);

//Check is Current date = lockout date
if ($c_date->format('Y-m-d') <= $l_date->format('Y-m-d')) {
  header("location:/planner_scripts/documnet_editors/edit_weddingplanner.php?id=$id");
} else {
  echo 'Whoops! Were sorry your account has been locked to edits because your event is less than 48 hours from now or your event has passed. To make changes to your event please contact your DJ.';
  echo'<br/>';
  echo ' Todays Date: ';
  echo $c_date;
  echo ',';
  echo ' Last Date for edits: ';
  echo $l_date;
}

?>

Upvotes: 1

Corbin
Corbin

Reputation: 33467

You are comparing dates as strings. You're comparing something like 12/30/2011 to something like 12/11/2011 or whatever. PHP can and will do this, but it will treat them like strings.

The main oddity that this will make is that 0's are not implied as with numeric types.

Also, your date formats will not match. MySQL returns something like 2011-12-30, whereas your strftime will do something like 30/12/2011.

Try something like

$c_date_stamp = strtotime($c_date);
$today = strtotime('today');

if($c_date_stamp <= $today) { }

This will convert the dates to unix timestamps before comparison. Another option would be to leave them in string form, but be weary of the implications that can have.

For example, if you do it in string form, the magnitude of the date-parts will need to be in descending order:

if($c_date <= date('Y-m-d'))

Also note that if one is using a leading zero on days < 10, the other one needs to do so too.

Upvotes: 1

Related Questions