PHP Date Search Question

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Greg
    #1

    PHP Date Search Question

    I have a page that searches a database by a repairman's name and by a
    date range. It pulls info by the repairman's name but pulls all info in
    the database regardless of the date. Below is the code of the two
    pages. What am I missing?

    This page calls the script datersearch.php

    ************
    searchrdates.ph p
    ************

    <html>
    <head><title>Se arch Repair Dates</title>
    </head>
    <body bgcolor=#ffffff >
    <center>
    <P><CENTER><I MG SRC='images/MCLogo.jpg'
    WIDTH='576' HEIGHT='87' NATURALSIZEFLAG ='0'
    ALIGN='BOTTOM'> </CENTER></P>
    <font face="Tahoma" size="3"><i><b> 202 Harper Ave. NW Lenoir, NC
    28645</b></i></font>
    <br>
    <br>
    <br>
    <br>
    <input type="button" style="font-style:tahoma; font-size:10px;
    font-weight:bold; color:white; background-color:#0000FF;
    height:20px;"on click="location .href="displayu pdate.php'" value="Update
    Repair Entry">
    <input type="button" style="font-style:tahoma; font-size:10px;
    font-weight:bold; color:white; background-color:#0000FF;
    height:20px;"on click="location .href="displayu pdate.php'" value="Display
    Repair Entries">
    <input type="button" style="font-style:tahoma; font-size:10px;
    font-weight:bold; color:white; background-color:#0000FF;
    height:20px;"on click="location .href="searchrd ates.php'" value="Search
    Repair Entries">
    <input type="button" style="font-style:tahoma; font-size:10px;
    font-weight:bold; color:white; background-color:#0000FF;
    height:20px;"on click="location .href="index.ph p'" value="Home">
    <br>
    <br>
    <br>
    <font face="Tahoma" size=3><b>Searc h Repairs By Date</b></font>
    <br>
    <i>(Example of Date Format: Jun 1, 2005)</i>
    <table>
    <tr>
    <form method="post" action="daterse arch.php">
    <td>From This Date:</td>
    <td><input name="from" type="text" id="from"></td>
    <td></td></tr>
    <tr><td>Back To This Date:</td>
    <td><input name="to" type="text" id="to"></td>
    <td></td></tr>
    <tr><td>For Repairman:</td>
    <td><SELECT NAME="name">
    <OPTION VALUE="Lisa Creamer" SELECTED>Lisa Creamer
    <OPTION VALUE="Jim Stone">Jim Stone
    <OPTION VALUE="Rick Stapleton">Rick Stapleton
    <OPTION VALUE="Eddie Little">Eddie Little
    <OPTION VALUE="Brandon Miller">Brandon Miller
    </td>
    <td></td></tr>
    <td></td>
    <td><input type="submit" style="font-style:tahoma; font-size:10px;
    font-weight:bold; color:white; background-color:#0000FF; height:22px;"
    value="Search">
    </td><td></td></tr>
    </table>
    <?
    include("footer .php";
    ?>
    </form>
    </body>
    </center>
    </html>

    ***************
    datersearch.php
    ***************

    <?php
    $search = $_REQUEST['name'];
    $from = $_REQUEST['from'];
    $to = $_REQUEST['to];
    if($search) // perform search only if a string was entered.
    {
    mysql_connect(" 192.168.1.8","r oot","passwordh ere");
    mysql_select_db ("repair"); //database name
    $srch = "%".$search."%" ;
    $query = "SELECT * FROM repair WHERE repairman LIKE '$srch' AND
    daterepaired BETWEEN '$from' AND '$to'";
    $total = "SELECT SUM(price) as price FROM repair WHERE repairman LIKE
    '$srch' AND daterepaired BETWEEN '$from' AND '$to'";
    $result = mysql_db_query( "repair", $query) or die("MySQL error
    #".mysql_errno( ).":".mysql_err or());
    $addtotal = mysql_db_query( "repair", $total) or die("MySQL error
    #".mysql_errno( ).":".mysql_err or());
    if ($result)
    {
    echo "<font face='Tahoma' size=2><P><CENT ER><IMG SRC='images/MCLogo.jpg
    WIDTH='576' HEIGHT='87' NATURALSIZEFLAG ='0'
    ALIGN='BOTTOM'> </CENTER></P></font>
    <br>
    <br>
    echo "<table border=0 cellpadding=3 cellspacing=5>
    <tr bgcolor=#104E8B >
    <td width=10><font size=2 color=#FFFF00
    face=tahomo><b> ID</b></font></td>
    <td width=10><font size=2 color=#FFFF00 face=tahomo><b> DATE
    REPAIRED</b></font></td>
    <td width=12><font size=2 color=#FFFF00 face=tahomo><b> TICKET
    NUMBER</b></font></td>
    <td width=10><font size=2 color=#FFFF00
    face=tahomo><b> REPAIRMAN</b></font></td>
    <td width=10><font size=2 color=#FFFF00 face=tahomo><b> DATE
    RECEIVED</b></font></td>
    <td width=15><font size=2 color=#FFFF00
    face=tahomo><b> LOCATION</b></font></td>
    <td width=10><font size=2 color=#FFFF00
    face=tahomo><b> PRICE</b></font></td>
    <td width=10><font size=2 color=#FFFF00
    face=tahomo><b> M&R</b></font></td>
    </tr>;

    while ($r = mysql_fetch_arr ay($result)) {//Begin while
    $id = $r["id"];
    $daterepaired = $r["daterepair ed"];
    $ticketnumber = $r["ticketnumb er"];
    $repairman = $r["repairman"];
    $datereceived = $r["datereceiv ed"];
    $location = $r["location"];
    $price = $r["price"];
    $mr = $r["mr"];
    echo "<tr bgcolor-669966>
    <td>$id</td>
    <td>$daterepair ed</td>
    <td>$ticketnumb er</td>
    <td>$repairma n</td>
    <td>$datereceiv ed</td>
    <td>$location </td>
    <td>$price</td>
    <td>$mr</td>
    </tr>";
    } // end while
    echo "</table>";
    }
    while ($t = mysql_fetch_arr ay($addtotal)) {// Begin while
    $price = $t["price"];
    $commission = $price*.06;
    echo "<table><tr >
    <td><font size=4>Repairs for $repairman for the date range $to to $from
    are: <b>$ $price</b></font></td></tr>
    <tr><td><font size=4>and commission is: <b>$
    $commission</b></font></td></tr></table>";
    }
    } else{
    echo "Search field is empty. <br> Go back and enter something to search
    by or click Display to view all repairs.";
    }
    ?>
    <?
    include("footer .php";
    ?>

    Ok, that's my code. It pulls info by the repairman but pulls all dates
    no matter what dates are in the "to" and "from". I'm new at this and am
    probably doing something stupid. Thanks in advance for your help.

    Greg

    Tags: None
    • Dave
      #2
      Re: PHP Date Search Question

      Greg (greg@basssax.c om) decided we needed to hear...[color=blue]
      > I have a page that searches a database by a repairman's name and by a
      > date range. It pulls info by the repairman's name but pulls all info in
      > the database regardless of the date. Below is the code of the two
      > pages. What am I missing?[/color]
      <snip>

      I've noted a few problems below - there may be more but I only gave it
      a fairly quick look.

      Lack of indentation makes your code hard to read, and all those
      multi-line echo with all the HTML make matters worse IMO.

      Your queries look like they are valid, but without seeing the table
      definition, and samples of your input, its tough to guess why all dates
      and not those you expect are returned.
      [color=blue]
      > <?php
      > $search = $_REQUEST['name'];
      > $from = $_REQUEST['from'];
      > $to = $_REQUEST['to];[/color]

      You don't validate any of the above vars. What happens if someone
      enters invalid dates or other nonesense instead of dates? What
      happens if from date comes after to date?
      [color=blue]
      > if($search) // perform search only if a string was entered.[/color]

      It is best to use isset on your $_REQUEST variables, *then* validate
      and use their contents.
      You use $_REQUEST which gives both GET and POST variables, but your
      form is set to POST. You should really be using $_POST.
      [color=blue]
      > {
      > mysql_connect(" 192.168.1.8","r oot","passwordh ere");
      > mysql_select_db ("repair"); //database name
      > $srch = "%".$search."%" ;
      > $query = "SELECT * FROM repair WHERE repairman LIKE '$srch' AND
      > daterepaired BETWEEN '$from' AND '$to'";[/color]

      from and to are not validated to it would be easy for someone to
      delete your data via SQL-injection.
      [color=blue]
      > $total = "SELECT SUM(price) as price FROM repair WHERE repairman LIKE
      > '$srch' AND daterepaired BETWEEN '$from' AND '$to'";
      > $result = mysql_db_query( "repair", $query) or die("MySQL error
      > #".mysql_errno( ).":".mysql_err or());[/color]

      You've already selected the repair database above, so you might as
      well use mysql_query() instead.
      [color=blue]
      > $addtotal = mysql_db_query( "repair", $total) or die("MySQL error
      > #".mysql_errno( ).":".mysql_err or());
      > if ($result)[/color]

      Consider testing mysql_num_rows( ). You've already determined that the
      query worked (it dies on error), so you may as well proceed based on
      number of rows returned.
      [color=blue]
      > {
      > echo "<font face='Tahoma' size=2><P><CENT ER><IMG SRC='images/MCLogo.jpg
      > WIDTH='576' HEIGHT='87' NATURALSIZEFLAG ='0'
      > ALIGN='BOTTOM'> </CENTER></P></font>
      > <br>
      > <br>
      > echo "<table border=0 cellpadding=3 cellspacing=5>[/color]
      <snip some code>[color=blue]
      > <td width=10><font size=2 color=#FFFF00
      > face=tahomo><b> M&R</b></font></td>
      > </tr>;[/color]

      There is a " missing in the line above.
      [color=blue]
      >
      > while ($r = mysql_fetch_arr ay($result)) {//Begin while[/color]
      <snip some code>[color=blue]
      > <?
      > include("footer .php";[/color]

      There is a ) missing above. Did you copy/paste or retype this code? It
      won't run at all in its present form.
      [color=blue]
      > ?>[/color]
      <snip>

      --
      Dave <dave@REMOVEbun dook.com>
      (Remove REMOVE for email address)

        Comment

        • Alex
          #3
          Re: PHP Date Search Question

          You forgot to tell him that if he uses text inputs for dates he would
          have to use strtotime function or something like that because if you do
          a query like SELECT * FROM test WHERE date='Jan 1 2005' mysql would
          never return what you want ... or use postgresql :D.
          The mysql data format is this 2005-12-31 and the dates are compared as
          strings so it wouldn't convert 'Jan 1 2005' to '2005-01-01'
          automatically.

          I would tell him to use 3 selects and compose the date like
          '{$_POST['to_year']}-{$_POST['to_month']}-{$_POST['to_day']}' because
          even if he uses strtotime it wouldn't cover any date syntax.

          --
          Alexandru Mincu <mincua@gmail.c om>
          Tel: +40745515505/+40723573761

            Comment

            • Dave
              #4
              Re: PHP Date Search Question

              Alex (mincua@gmail.c om) decided we needed to hear...[color=blue]
              > You forgot to tell him that if he uses text inputs for dates he would
              > have to use strtotime function or something like that because if you do
              > a query like SELECT * FROM test WHERE date='Jan 1 2005' mysql would
              > never return what you want ... or use postgresql :D.
              > The mysql data format is this 2005-12-31 and the dates are compared as
              > strings so it wouldn't convert 'Jan 1 2005' to '2005-01-01'
              > automatically.[/color]

              Exactly. Thats why I explained to the OP that it wasn't possible to
              guess what was going on with the select without seeing what the
              datatypes were in the table definition, and some of the sample inputs
              from the form.[color=blue]
              >
              > I would tell him to use 3 selects and compose the date like
              > '{$_POST['to_year']}-{$_POST['to_month']}-{$_POST['to_day']}' because
              > even if he uses strtotime it wouldn't cover any date syntax.[/color]

              I agree, thats a much better way than expecting users to type in a
              date - and expecting them not to make mistakes ;)
              --
              Dave <dave@REMOVEbun dook.com>
              (Remove REMOVE for email address)

                Comment

                • Greg
                  #5
                  Re: PHP Date Search Question

                  I retyped the code, therefore the typo's. Thanks to both of you for
                  your suggestions. I changed the date columns in the db and that did the
                  trick. All is good now. I've set all of the date fields to
                  automatically fill in so the employees will not have to type them. I'm
                  new to php so I don't understand "validating vars" and "testing
                  mysql_num_rows( )" yet. Got time for the readers digest version on how
                  to do this or a suggestion on where to find a good tutorial?

                  Thanks for your help,

                  Greg

                    Comment

                    • Dave
                      #6
                      Re: PHP Date Search Question

                      Greg (greg@basssax.c om) decided we needed to hear...[color=blue]
                      > I retyped the code, therefore the typo's. Thanks to both of you for
                      > your suggestions. I changed the date columns in the db and that did the
                      > trick. All is good now. I've set all of the date fields to
                      > automatically fill in so the employees will not have to type them. I'm
                      > new to php so I don't understand "validating vars" and "testing
                      > mysql_num_rows( )" yet. Got time for the readers digest version on how
                      > to do this or a suggestion on where to find a good tutorial?
                      >
                      > Thanks for your help,
                      >
                      > Greg[/color]

                      Glad its working for you now.

                      By validating vars, I meant checking (for example) that a variable you
                      expect to contain a valid date, actually does contain a valid date and
                      not some other nonesense value that would break your code. You can do
                      this pretty much any way you like with if statements, string and number
                      functions, date functions etc. For the valid date example, you might
                      start by checking out the strtotime function which tries to parse a
                      date and lets you know if it could or not -
                      PHP: strtotime - Manual
                      http://ca.php.net/manual/en/function.strtotime.php
                      Parse about any English textual datetime description into a Unix timestamp


                      mysql_num_rows( ) returns the number of rows selected in the most
                      recently executed query. Your testing of $result didn't accomplish
                      much because by that point in the code your query had already worked
                      (your program dies if it did not). Because you know the query worked,
                      what you really need to know at this point is were any rows returned
                      or not. Thats where mysql_num_rows( ) comes in.

                      HTH
                      --
                      Dave <dave@REMOVEbun dook.com>
                      (Remove REMOVE for email address)

                        Comment

                        Previous template Next
                        Working...