Yii Framework Forum: Can not select data - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Can not select data Rate Topic: -----

#1 User is offline   nemo 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 142
  • Joined: 24-February 10

Posted 02 June 2010 - 12:43 PM

When I executed this command, display shows 0, but in mysql I get the data.

<?php
$TTCS = Yii::app()->db->createCommand("SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%$_GET[startdate]%' AND '%$_GET[enddate]%' ")->queryScalar();

echo $TTCS
?>

I think I have problem this --- '%$_GET[startdate]%' AND '%$_GET[enddate]%'

can you tell me where is the problem?
0

#2 User is offline   andy_s 

  • Random Member Title
  • Yii
  • Group: Moderators
  • Posts: 1,526
  • Joined: 22-June 09
  • Location:Russia, Kostroma

Posted 02 June 2010 - 12:48 PM

Why not just do

echo "SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%$_GET[startdate]%' AND '%$_GET[enddate]%' ";


and look at the actual query? ;)
0

#3 User is offline   PoL 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 506
  • Joined: 05-November 08
  • Location:Buenos Aires, Argentina

Posted 02 June 2010 - 01:33 PM

Try:
"SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%$_GET['startdate']%' AND '%$_GET['enddate']%' ";


The indexes of $_GET are constants or strings??
Don't say what you think, think what you say
The problem is communication! Excess of communication!
0

#4 User is offline   zitter 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 140
  • Joined: 14-July 09

Posted 02 June 2010 - 02:46 PM

Can you try:
SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%".$_GET[startdate]."%' AND '%".$_GET[enddate]."%' "

0

#5 User is offline   nemo 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 142
  • Joined: 24-February 10

Posted 02 June 2010 - 02:48 PM

View Postzitter, on 02 June 2010 - 02:46 PM, said:

Can you try:
SELECT COUNT(id) FROM Food WHERE dateExecuted BETWEEN '%".$_GET[startdate]."%' AND '%".$_GET[enddate]."%' "




Thanks. Working. :rolleyes:
0

#6 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,013
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 03 June 2010 - 03:48 AM

Ouch! :mellow:

You are aware, that you circumvent PDO's automatic parameter quoting this way? You are opening a huge door for SQL injection!

Better approach:
$command=Yii::app()->db->createCommand('... BETWEEN :startdate AND :enddate');
$command->bindParam(':startdate','%'.$_GET['startdate'].'%');
$command->bindParam(':enddate','%'.$_GET['enddate'].'%');


Actually i don't get the point of using % here. But maybe i totally missed something. :)
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users