updating date field

------=_NextPart_000_0056_01C70CC9.F91B3C60
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

I am trying to do an update. but for some reason the date is being lost in
the process.



Among other things, my form has three html one for month (eMonth),
one for day (eDay) and one for year (eYear). This is the code that does the
processing:









if (isset($_POST['eMonth']) && $_POST['eMonth'] != '')

$eMonth = $_POST['eMonth'];

else $eMonth = '01';



if (isset($_POST['eDay']) && $_POST['eDay'] != '')

$eMonth = $_POST['eDay'];

else $eMonth = '01';



if (isset($_POST['eYear']) && $_POST['eYear'] != '')

$eYear = $_POST['eYear'];

else $eYear = '2007';



<.processing the rest of the form fields.>





$updateEventQuery = "UPDATE events SET EventDate = '$eYear-$eMonth-$eDay',
AppliedFYE = '$appliedFYE', LocationID = '$eLocation', StartTime =
'$eHour:$eMin $eAMPM', Type = '$eType', Format = '$eFormat', Description =
'$eDescription', EventApproved = '$eApproved', EventOfficial = '$eOfficial',
LastUpdateBy = '".$_SESSION['ContactID']."' WHERE EventID =
'".$_GET['eventid']."'";



Echo $updateEvetQuery;



// $updateEventResult = mysql_query($updateEventQuery);







When I run this, the query string it prints out is:



UPDATE events SET EventDate = '2006-10-10', AppliedFYE = '2007', LocationID
= '14', StartTime = '5:00 PM', Type = '3', Format = 'BOARD', Description =
'Regular board meeting', EventApproved = '1', EventOfficial = '0',
LastUpdateBy = '209' WHERE EventID = '54'



When this query is actually run on the DB though, it queries with no errors,
and all the data is saved/updated properly *except* the date - it becomes
0000-00-00.



Am I missing something?





Thanks in advance,



-J












------=_NextPart_000_0056_01C70CC9.F91B3C60--

Re: updating date field

>
>
>
>
> if (isset($_POST['eMonth']) && $_POST['eMonth'] != '')
>
> $eMonth = $_POST['eMonth'];
>
> else $eMonth = '01';
>
>
>
> if (isset($_POST['eDay']) && $_POST['eDay'] != '')
>
> $eMonth = $_POST['eDay'];
>
> else $eMonth = '01';
>
>
>
> if (isset($_POST['eYear']) && $_POST['eYear'] != '')
>
> $eYear = $_POST['eYear'];
>
> else $eYear = '2007';


Can I suggest the use of curly braces? It's much easier to read:

if (isset($_POST['eYear']) && $_POST['eYear'] != '') {
$eYear = (int)$_POST['eYear'];
} else {
$eYear = '2007';
}

>
> $updateEventQuery = "UPDATE events SET EventDate = '$eYear-$eMonth-$eDay',
> AppliedFYE = '$appliedFYE', LocationID = '$eLocation', StartTime =
> '$eHour:$eMin $eAMPM', Type = '$eType', Format = '$eFormat', Description =
> '$eDescription', EventApproved = '$eApproved', EventOfficial = '$eOfficial',
> LastUpdateBy = '".$_SESSION['ContactID']."' WHERE EventID =
> '".$_GET['eventid']."'";


You have sql injection bugs waiting to happen here.

make sure the eventid is an integer at least:

...." . (int)$_GET['eventid'] . "'";

And I also suggest reading up about escaping strings
(http://php.net/mysql_real_escape_string &
http://php.net/mysql_escape_string).

Of course you might have taken all that out to post an easier example,
if that's the case then ignore those comments ;)


> UPDATE events SET EventDate = '2006-10-10', AppliedFYE = '2007', LocationID
> = '14', StartTime = '5:00 PM', Type = '3', Format = 'BOARD', Description =
> 'Regular board meeting', EventApproved = '1', EventOfficial = '0',
> LastUpdateBy = '209' WHERE EventID = '54'
>
>
>
> When this query is actually run on the DB though, it queries with no errors,
> and all the data is saved/updated properly *except* the date - it becomes
> 0000-00-00.


I was going to suggest it's an invalid date-format but that looks fine.

What is eventdate? a date field, a timestamp, other ?

--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php