How to input a date into mysql database using PHP

Question

Ok so i already have a few insert scripts working, however when i try and use this one nothing happens. I dont get an error or anything, it simply doesnt insert into the database. I have a feeling its the date parameter, however im unsure how to make it recognizable?

<?php //SETTING SESSION VARIABLES FOR ROUND 1 TEAMS AND SCORE

session_start();

  if (isset($_POST['go1'])) { // MATCHUP 1

    include_once 'dbcon.php';

    $_SESSION['t_team1'] = $_POST['team-1'];
    $_SESSION['t_team2'] = $_POST['team-2'];
    $_SESSION['s_score1'] = $_POST['score-1'];
    $_SESSION['s_score2'] = $_POST['score-2'];

    $team1winner = mysqli_real_escape_string($conn, $_POST['team-1']);
    $team2winner = mysqli_real_escape_string($conn, $_POST['team-2']);
    $date1 = mysqli_real_escape_string($conn, $_POST['date-1']);

    $sql = "INSERT INTO knockout (knockout_team1, knockout_team2, knockout_date)
    VALUES ('$team1winner', '$team2winner', '$date1');";

    header("Location: ../tables.php?tables=winner");
}

//date html

<input type="date" name"date-1" value="date" class="date">

Answer 1

First of all, you are putting the SQL command in a string but you are not actually executing the command.

Second of all, if you are executing the command but you are not showing it here and your dbcon.php file is working properly, then it is more likely a date format issue.

Finally, you need to execute all of your commands especially INSERT commands in prepared statements to prevent SQL injections winch is VERY important.

Here how your code should look like :

<?php //SETTING SESSION VARIABLES FOR ROUND 1 TEAMS AND SCORE

    session_start();

    if (isset($_POST['go1'])) { // MATCHUP 1

    include_once 'dbcon.php';

    $_SESSION['t_team1'] = $_POST['team-1'];
    $_SESSION['t_team2'] = $_POST['team-2'];
    $_SESSION['s_score1'] = $_POST['score-1'];
    $_SESSION['s_score2'] = $_POST['score-2'];

    $team1winner = mysqli_real_escape_string($conn, $_POST['team-1']);
    $team2winner = mysqli_real_escape_string($conn, $_POST['team-2']);
    $date1 = mysqli_real_escape_string($conn, $_POST['date-1']);

    $TeamsStat = $conn->prepare("INSERT INTO knockout (knockout_team1, knockout_team2, knockout_date) VALUES (?, ?, ?)");

    $TeamsStat->bind_param("sss", $team1winner, $team2winner, $date1);   

    $TeamsStat->execute();
    $TeamsStat->close();

    header("Location: ../tables.php?tables=winner");
}

Where $conn is the object of your database connection.

Since prepared statements doesn't support date type and since the date is not a free input value, the knockout_date column should be a string and the variable $date1 should also be a string.

Hope that helped you.

Answer 2

The date format in HTML is of type dd-mm-yyyy but while inserting it into database you need to make sure its YYYY-mm-dd type. So make sure you are converting it Before inserting it

Ex :

  $originalDate = $yourDateVariable;
  $newDate = date("d-m-Y", strtotime($originalDate));

Or Go through manual and find alternatives functions to convert it