www.webdeveloper.com
Results 1 to 4 of 4

Thread: SELECT rows in a Date Range (Getting syntax errors)

  1. #1
    Join Date
    May 2010
    Location
    Washington, DC region
    Posts
    6

    SELECT rows in a Date Range (Getting syntax errors)

    Hi!

    I was trying to build a MySQL search query for my site, but I just keep getting this syntax error:

    "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'2011-01-01\' AND \'2011-12-31\' ORDER BY project_descriptions.proj_date_final ' at line 1"

    Here is the essential part of the query:

    Code:
    WHERE project_descriptions.proj_date_final BETWEEN $value ORDER BY project_descriptions.proj_date_final ASC
    $value is extracted from a select menu:

    HTML Code:
    <select name="value"> 
      <option value="'2007-01-01' AND '2013-12-31'">All Dates</option>
      <option value="'2007-01-01' AND '2007-12-31'">2007</option>
      <option value="'2008-01-01' AND '2008-12-31'">2008</option>
      <option value="'2009-01-01' AND '2009-12-31'">2009</option>
      <option value="'2010-01-01' AND '2010-12-31'">2010</option>
      <option value="'2011-01-01' AND '2011-12-31'">2011</option>
      <option value="'2007-01-01' AND '2012-08-01'">2012</option>
      <option value="'2012-08-02' AND '2013-12-31'">Ongoing</option>
    <select>
    ... and processed through this code:

    Code:
    //Grabs the date from the dropdown list
    $value="'2007-01-01' AND '2013-12-31'";
    if(isset($_POST['value'])) {
        $value=$_POST['value'];
    }
    The default value of $value prints just fine when the page loads, but crashes when the form posts it. After much torubleshooting, I believe the culprit has something to do with the single quotes in the value attribute of the option tag.

    Does anyone have a idea what could be going wrong? Or does anyone have a better idea for displaying this set of values?

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    22,335
    If you are either applying mysql_real_escape_string() or similar escaping mechanism (or the dreaded and now-deprecated magic_quotes_gpc setting), then that would cause it to fail.

    I believe a more robust and safer way would be something like:
    HTML Code:
    <option value='2012-01-01|2012-06-30'>01/01/2012 - 06/30/2012</option>
    Then in the form-handler, explode() the value into two variables, and apply them separately to the query (within single quotes).
    PHP Code:
    $dates explode('|'$_POST['dates']);
    $sql sprintf(
      
    "SELECT blah blah blah WHERE date BETWEEN '%s' AND '%s'",
      
    mysql_real_escape_string($dates[0]),
      
    mysql_real_escape_string($dates[1])
    ); 
    (You'd want some validation that the array $dates had 2 elements, and possibly do some validation on the date strings to make sure they make sense.)
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    May 2010
    Location
    Washington, DC region
    Posts
    6
    Thanks for these suggestions. This seems really logical to me. I will work on it and get back to you soon. In the meantime, any other suggestions would be greatly appreciated!

    For instance: has anyone else ever done something similar? What did you do?

  4. #4
    Join Date
    May 2010
    Location
    Washington, DC region
    Posts
    6
    This suggestion worked perfectly! Now I got it fixed. Thanks so very much for your awesome help. I appreciate it much more than I can say.
    Last edited by MadMac10; 08-31-2012 at 09:40 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.13085 seconds
  • Memory Usage 2,875KB
  • Queries Executed 15 (?)
More Information
Template Usage (35):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (2)bbcode_code
  • (2)bbcode_html
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (4)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (72):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates