2

I have a sign up form and I am trying to record the date the form was filled out, into MySQL table. All of the information that I am requesting within the form is being recorded, except for the date. Would anyone be able to help me out with this task?

Here is a snippet of my PHP code of where I think the problem resides. I am also using PHPmyadmin for my database; if that is relevant.

Here is the link to the page www.3elementsreview.com/sign-up

    $value = $_POST['First'];
    $value2 = $_POST['Last'];
    $value3 = $_POST['City'];
    $value4 = $_POST['State'];
    $value5 = $_POST['Country'];
    $value6 = $_POST['Email'];
    $value7 = $_POST['Y-m-d H:i:s'];

    $sql = "INSERT INTO members (First, Last, City, State, Country, Email, Date) VALUES     ('$_POST[First]','$_POST[Last]','$_POST[City]','$_POST[State]','$_POST[Country]','$_POST[Email]','$_POST[Date]')";
4

2 回答 2

2

Your code is dangerous and allows sql injection attacks.

First off mysql_* library is depreciated.

Second if you are going to use mysql_* functions, use mysql_real_escape string on ALL your POST fields.

Thirdly this will solve your issue:

$value = mysql_real_escape_string($_POST['First']);
$value2 = mysql_real_escape_string($_POST['Last']);
$value3 = mysql_real_escape_string($_POST['City']);
$value4 = mysql_real_escape_string($_POST['State']);
$value5 = mysql_real_escape_string($_POST['Country']);
$value6 = mysql_real_escape_string($_POST['Email']);

$sql = "INSERT INTO members (First, Last, City, State, Country, Email, Date) VALUES     ('$value','$value2','$value3','$value4','$value5','$value6',NOW())";

in mysql, the function NOW() is used to return the current date/time.

于 2013-08-13T19:38:33.740 回答
0

Unless your parameter is called Y-m-d%20H:i:s=____, you should probably be collecting a $_POST['date'] variable or something, then converting it into a date after assigning it to a variable.

$value7 = $_POST['date'];
$value7 = date('Y-m-d H:i:s', $value7);
于 2013-08-13T19:38:22.187 回答