PHP can certainly support prepared statements. I agree with
escaping/filtering and validating data.

There are a lot of neat methods for managing this stuff in base PHP and
Zend Framework.

Regards,

Mike

mike.p@xxxxxxxx Cell: (408)679-1011 Office: (815)722-3454

Zend Server for IBM i Beta avilable at
http://www.zend.com/en/products/server/zend-server-5-new-ibmi


-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of James Perkins
Sent: Wednesday, January 13, 2010 10:17 AM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] SQL Date Range

I'm not familiar with PHP other than knowing what it is/does, but
generally
speaking creating SQL scripts in a string is dangerous. It opens you up
to
SQL injection attacks. Not sure if PHP can handle prepared statements,
but
you are much safer using those.
--
James R. Perkins


On Wed, Jan 13, 2010 at 08:15, Shannon ODonnell <
sodonnell@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I want to select a group of dates based on date range in a PHP app
from a
MySQL database.



Assume the table name is xmittalheader and the date field is named:
XMittalDate and is in the format in the MySQL table like this:
11/02/2009



Further assume $startDate and $endDate are being brought into the PHP
via a
POST from a form.



Would this be the correct syntax?





$results = mysqli_query($db, "SELECT * FROM xmittalheader WHERE
XMittalDate
BETWEEN ".$startDate." and ".$endDate);





Thanks!





Shannon O'Donnell





--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.