My Query
SELECT POSSESSION.*,PLOT.*,SCHEME_BLOCK.BLOCK
FROM POSSESSION, PLOT, SCHEME_BLOCK
WHERE POSSESSION.PLOT_ID=PLOT.PLOT_ID AND PLOT.PLOT ='10'
AND PLOT.BLOCK_ID = SCHEME_BLOCK.BLOCK_ID AND SCHEME_BLOCK.BLOCK_ID='3'
AND POSSESSION.CREATED_ON between '1420066800' and '1443650400'
MY php code is given as under..
$query = "SELECT " . $_REQUEST['tb'] . ".*,PLOT.*,SCHEME_BLOCK.BLOCK
FROM " . $_REQUEST['tb'] . ", PLOT, SCHEME_BLOCK WHERE " . $_REQUEST['tb'] . ".PLOT_ID=PLOT.PLOT_ID AND PLOT.PLOT ='" . $_REQUEST['ps'] . "'
AND PLOT.BLOCK_ID = SCHEME_BLOCK.BLOCK_ID AND SCHEME_BLOCK.BLOCK_ID='" . $_REQUEST['bid'] . "' AND SCHEME_BLOCK.CREATED_ON between '".strtotime(date('d-M-Y', strtotime($_REQUEST['sdate'])))."' and '".strtotime(date('d-M-Y', strtotime($_REQUEST['edate'])))."'";
While inserting the date I m doing this
$CREATED_ON=date("d-M-Y");
Error:
ORA-01843: not a valid month
01843. 00000 - "not a valid month"
*Cause:
*Action:
Please help me out...how can I get it right ... I m coding in php
Thanks in advance
POSSESSION.CREATED_ON between '1420066800' and '1443650400'
When you have values in single-quotes
, it is a string
, so '1443650400'
is NOT a DATE
. You must explicitly convert it into DATE using TO_DATE
and a proper format model
.
To begin with, this code looks like simple copy+paste you don't really understand:
strtotime(date('d-M-Y', strtotime($_REQUEST['sdate'])))
It actually does this:
Anyway, Oracle does not understand Unix timestamps in DATE columns. You have to use the TO_DATE() function to create a proper date and, of course, prepared statements to make it all sane. Something on this line:
$query = "SELECT .........
AND POSSESSION.CREATED_ON between TO_DATE(:created_from, 'YYYY-MM-DD')
and TO_DATE(:created_to, 'YYYY-MM-DD')";
... and the parameter array would look like this:
$params = array(
'created_from' => date('Y-m-d', $created_from_unix_timestamp),
'created_to' => date('Y-m-d', $created_from_unix_timestamp),
);
... or this:
$params = array(
'created_from' => $created_from_datetime_object->format('Y-m-d')
'created_to' => $created_to_datetime_object->format('Y-m-d')
);
Still, you must be aware that dates without times default to 00:00:00 so a row there created_on
is 2014-01-10 01:00:00
is greater than 2014-01-10
.
Last but not least, injecting raw external input into your code as in:
"SELECT " . $_REQUEST['tb'] . "...
... is a call to be hacked. Seriously. Usual excuses ("I'll fix it later", "it's just for internal usage") are only that, excuses.
Try to reformulate your query:
$query = "SELECT " . $_REQUEST['tb'] . ".*,PLOT.*,SCHEME_BLOCK.BLOCK
FROM " . $_REQUEST['tb'] . ", PLOT, SCHEME_BLOCK WHERE " . $_REQUEST['tb'] . ".PLOT_ID=PLOT.PLOT_ID AND PLOT.PLOT ='" . $_REQUEST['ps'] . "'
AND PLOT.BLOCK_ID = SCHEME_BLOCK.BLOCK_ID AND SCHEME_BLOCK.BLOCK_ID='" . $_REQUEST['bid'] . "' AND TRUNC(SCHEME_BLOCK.CREATED_ON, 'DD/MM/YYYY') between " . "TO_DATE('" . date('d-m-Y', strtotime($_REQUEST['sdate'])) . "', 'DD/MM/YYYY') and TO_DATE('" . date('d-m-Y', strtotime($_REQUEST['edate'])) . "', 'DD/MM/YYYY')";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.