用于插入日期，时间的PHP MySQL语法

I am trying to insert to date,time fields using a php script but I am getting a syntax error. Can someone please tell me, where I am doing the mistake. Thanks fellows

我试图使用PHP脚本插入日期,时间字段,但我收到语法错误。有人可以告诉我,我在做错的地方。谢谢你们

INSERT INTO calendar(event,from,to,day) VALUES ('".$_REQUEST['event']."', '".$_REQUEST['from_time']."', '".$_REQUEST['to_time']."', '".$_REQUEST['date_event']."')

INSERT INTO calendar(event,from,to,day)VALUES('“。$ _ REQUEST ['event']。”','“。$ _ REQUEST ['from_time']。”','“。$ _ REQUEST ['to_time ']。“','”。$ _ REQUEST ['date_event']。“')

2 个解决方案

#1

Never insert string data into your sql statement without sanitizing the data or you end up with sql injections (intentional or unintentional injections), see http://php.net/mysql_real_escape_string
If you do not have a debugger installed, let php print the sql statement so you can inspect it.

永远不要在不清理数据的情况下将字符串数据插入到sql语句中,否则最终会进行sql注入(有意或无意注入),请参阅http://php.net/mysql_real_escape_string如果没有安装调试器,请让php打印sql声明,所以你可以检查它。

Format and indent your sql queries. They are much easier to read and debug that way.

格式化并缩进您的SQL查询。它们更容易阅读和调试。

Always check the return value of mysql_query(). If it's FALSE the query failed and mysql_errno() or mysql_error() can tell you more about the cause of the error.

始终检查mysql_query()的返回值。如果它为FALSE,则查询失败,mysql_errno()或mysql_error()可以告诉您有关错误原因的更多信息。

If you want to use an identifier that is also a reserved word for MySQL you almost always must put it in backticks (`) or double_quotes (in ansi mode).

如果你想使用一个也是MySQL保留字的标识符,你几乎总是必须把它放在反引号(`)或double_quotes(在ansi模式下)。

The format of date/time literals understood by MySQL is explained at http://dev.mysql.com/doc/refman/5.0/en/date-and-time-types.html

MySQL理解的日期/时间文字格式在http://dev.mysql.com/doc/refman/5.0/en/date-and-time-types.html中有说明。

Using _REQUEST for INSERT operations may be questionable ...but I leave that to others to answer ;-)

使用_REQUEST进行INSERT操作可能会有问题......但我将其留给其他人回答;-)

<?php
$mysql = mysql_connect...

$query = " INSERT INTO `calendar` (`event`, `from`, `to`, `day`) VALUES ( '" . mysql_real_escape_string($_REQUEST['event'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['from_time'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['to_time'], $mysql) ."', '" . mysql_real_escape_string($_REQUEST['date_event'], $mysql]) ."' ) "; echo '<pre>$query=', htmlspecialchars($query), '</pre>'; $result = mysql_query($query, $mysql); if ( !$result ) { echo 'error: ', mysql_error($mysql); }
$ query =“INSERT INTO`calendar`(`event`,`from`,`to`,`day`)VALUES('”。mysql_real_escape_string($ _ REQUEST ['event'],$ mysql)。“','” .mysql_real_escape_string($ _ REQUEST ['from_time'],$ mysql)。“','”。mysql_real_escape_string($ _ REQUEST ['to_time'],$ mysql)。“','”。mysql_real_escape_string($ _ REQUEST ['date_event'] ,$ mysql])。“')”; echo'
 $ query =',htmlspecialchars($ query),'
  
  '; $ result = mysql_query($ query,$ mysql); if(!$ result){echo'error:',mysql_error($ mysql); }

And btw: Use prepared statements instead.

#2

To insert into mySQL datetime fields, the string has to be in a certain format for mySQL to understand it. The problem is that php has its own thoughts and ideas on how dates are represented. When dealing with dates between the two you have to translate.

要插入mySQL datetime字段,字符串必须采用特定格式,以便mySQL理解它。问题是php对如何表示日期有自己的想法和想法。在处理两者之间的日期时,您必须翻译。

If in php you are dealing with a time object you can do this to get a string mySQL will like:

如果在php中你正在处理一个时间对象,你可以这样做以获得mySQL会喜欢的字符串:

$mysqlDateString = date('Y-m-d H:i:s', $phpdate);

or if you are dealing with a string date you can do this:

或者如果您正在处理字符串日期,您可以这样做:

$mysqlDateString = date('Y-m-d H:i:s', $strtotime("08/09/2009"));

If you get a datetime string from mySQL you can do this to deal with it in PHP:

如果从mySQL获取日期时间字符串,则可以在PHP中处理它:

$phpTime = strtotime($mysqlDateString);

Just came across this problem myself, so hopefully this will work for you as well.

我自己也遇到过这个问题,所以希望这对你也有用。

#1