[nemo]

When I executed this command, display shows 0, but in mysql I get the data.

<?php
$TTCS = Yii::app()->db->createCommand("SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%$_GET[startdate]%' AND '%$_GET[enddate]%' ")->queryScalar();

echo $TTCS
?>

I think I have problem this --- '%$_GET[startdate]%' AND '%$_GET[enddate]%'

can you tell me where is the problem?

[andy_s]

Why not just do

echo "SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%$_GET[startdate]%' AND '%$_GET[enddate]%' ";

and look at the actual query?

[PoL]

Try:

"SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%$_GET['startdate']%' AND '%$_GET['enddate']%' ";

The indexes of $_GET are constants or strings??

[zitter]

Can you try:

SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%".$_GET[startdate]."%' AND '%".$_GET[enddate]."%' "

[nemo]

zitter, on 02 June 2010 - 02:46 PM, said:

Can you try:

SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%".$_GET[startdate]."%' AND '%".$_GET[enddate]."%' "

Thanks. Working.

[Mike]

Ouch!

You are aware, that you circumvent PDO's automatic parameter quoting this way? You are opening a huge door for SQL injection!

Better approach:

$command=Yii::app()->db->createCommand('... BETWEEN :startdate AND :enddate');
$command->bindParam(':startdate','%'.$_GET['startdate'].'%');
$command->bindParam(':enddate','%'.$_GET['enddate'].'%');

Actually i don't get the point of using % here. But maybe i totally missed something.