The most effective way to change the PHP variable in the SQL query?

advertisements

I have a HTML table that displays a bunch of reporting data from a sql table. Right now the query defaults to the current date, but I'm looking for the most efficient way to change the start/end date variables and refresh the page. My query now looks like this:

$sts = date('Y-m-d');
$ets = date('Y-m-d', time()+86400);
$q = "SELECT *  FROM data WHERE `ts` BETWEEN '$sts' AND '$ets'";

I've then created basic HTML selects to choose a new date range, and on the form submit it'll store all of that information in POST. What is the most simple way of changing that $sts and $ets variable to reflect the post information? I'm kind of guessing that it will be to make the form action 'index.php', and handle the variable change using AJAX. But tbh I'm not sure.

Thank you for the help!


try

$sts="";
$ets="";
if (!isset($_POST['start_date']))
    $sts = date('Y-m-d');
else
    $sts = $_POST['start_date'];
if (!isset($_POST['end_date']))
    $ets = date('Y-m-d', time()+86400);
else
    $ets = $_POST['end_date'];

$q = "SELECT *  FROM data WHERE `ts` BETWEEN '$sts' AND '$ets'";`

and include a form to change the date.

This way, when the form first loads, there is no post data and it will load the default date range. When the user changes the date range in the form and submit, it will load the new range.

before you use the information you get from http get or post you should perform a

mysqli_real_escape_string i.e.

$q = "SELECT *  FROM data WHERE `ts` BETWEEN 'mysqli_real_escape_string($sqlconn,$sts)' AND 'mysqli_real_escape_string($sqlconn,$ets)'";`