/    Sign up×
Community /Pin to ProfileBookmark

Select records from a certain year

Copy linkTweet thisAlerts:
Jun 09.2010

Hi

i have a mysql table with a DATE record.

What i want is to select all records from a certain year.

i tried:

[code=php]$works_req = “SELECT * FROM eventos
YEAR(fecha)= ‘2010’”;[/code]

but wont work.

also how can i group so i dont get repeated records in the query.

thanks.

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@ricosushiauthorJun 09.2010 — Never mind i got it.

i forgot to include the WHERE clause.

[code=php] $works_req = "SELECT * FROM eventos
WHERE YEAR(fecha) = '".$_GET['year']."'";[/code]

and fro the group i used:

[code=php]
 $sqlM = "SELECT YEAR(fecha) as year FROM eventos
GROUP BY year
ORDER BY fecha DESC";[/code]
Copy linkTweet thisAlerts:
@MindzaiJun 10.2010 — Make sure you are cleaning the external data before using it in a query or you will be open to SQL injection attacks.


[code=php] $works_req = "SELECT * FROM eventos
WHERE YEAR(fecha) = '".$_GET['year']."'";[/code]
[/QUOTE]
Copy linkTweet thisAlerts:
@Shanu_chaudharyJun 10.2010 — Make sure you are cleaning the external data before using it in a query or you will be open to SQL injection attacks.[/QUOTE]

How to implement this??
Copy linkTweet thisAlerts:
@NogDogJun 10.2010 — How to implement this??[/QUOTE]

One way:
[code=php]
if(ctype_digit($_GET['year']) and strlen($_GET['year'] == 4)
{
// go ahead and do query
}
else
{
// Error!
}
[/code]
Copy linkTweet thisAlerts:
@Shanu_chaudharyJun 11.2010 — One way:
[code=php]
if(ctype_digit($_GET['year']) and strlen($_GET['year'] == 4)
{
// go ahead and do query
}
else
{
// Error!
}
[/code][/QUOTE]

Thanks ?

This will prevent from SQL injection attacks.??
Copy linkTweet thisAlerts:
@MindzaiJun 11.2010 — In this case, yes. It's not a universal solution though, you need to implement filtering based on the specific data types you expect. At very least though mysql_real_escape_string (or equivalent) should be used if you don't use something more specific like the above. Even better would be to use prepared statements, though you would still probably want some validation anyway.
×

Success!

Help @ricosushi spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...