I'm not sure why I suck so bad at this. I was recommended by my prof to use date as opposed to timestamp. I'm starting to think going back to timestamp would be easier due to built in php functions I can use.
so in my original addproduct.php form I have:
<p>Date:
Month:
<select name="month" id="month">
<script type="text/javascript">
month();
</script>
</select>
Day:
<select name="day" id="day">
<script type="text/javascript">
day();
</script>
</select>
Year:
<select name="year" id="year">
<script type="text/javascript">
year();
</script>
</select>
</p>
And then formatted in add.php:
if(check_post('day')&&check_post('month')&&check_post('year'))
{
//die("day: ".$_POST['day']." month: ".$_POST['month']." year: ".$_POST['year']);
if(!check_post('day',"Select Day")&&!check_post('month',"Select Month")&&!check_post('year',"Select Year"))
{
$days = array("31", "28", "31", "30", "31", "30", "31", "31", "30", "31", "30", "31");
$today = explode("-",date("d-m-Y"));
if(checkdate($_POST['month'],$_POST['day'],$_POST['year']))
{
$c_y = ($_POST['year']==$today[2]);
$c_m = ($_POST['month']==$today[1]);
$p_d = ($today[2]>$_POST['day']);
$p_m = ($today[1]>$_POST['month']);
if(!($c_y&&(($c_m&&$p_d)||$p_m)))
{
$_POST['date']=$_POST['year']."-".(($_POST['month']>9)?$_POST['month']:"0".$_POST['month'])."-".(($_POST['day']>9)?$_POST['day']:"0".$_POST['day']);
//die($_POST['date']);
}
else
{
add_error("Date must be current");
}
}
else
{
add_error("Invalid expiration date");
}
}
else
{
add_error("Pick an expiration date");
}
}
else
{
add_error("Date not set");
}
Enter by:
if(!check_ses('prod_err')&&check_post('date')&&!check_get('update'))
{
$q = (check_post('pic'))
?
sprintf("INSERT INTO Item(item_name,cat_name,userID,descr,image,min_bid,date) VALUES ('%s','%s','%s','%s','%s','%s','%s')",
mysql_real_escape_string($_POST['prod_name']),
mysql_real_escape_string($_POST['category']),
mysql_real_escape_string($_SESSION['ID']),
mysql_real_escape_string($_POST['descr']),
mysql_real_escape_string($_POST['pic']),
mysql_real_escape_string($_POST['bid']),
mysql_real_escape_string($_POST['date'])
)
:
sprintf("INSERT INTO Item(item_name,cat_name,userID,descr,min_bid,date) VALUES ('%s','%s','%s','%s','%s','%s')",
mysql_real_escape_string($_POST['prod_name']),
mysql_real_escape_string($_POST['category']),
mysql_real_escape_string($_SESSION['ID']),
mysql_real_escape_string($_POST['descr']),
mysql_real_escape_string($_POST['bid']),
mysql_real_escape_string($_POST['date'])
);
$que = mysql_query($q,$con) or die(mysql_error());
unset($_SESSION['prod_err']);
cleanup($_POST);
header('Location:http://cs4.sunyocc.edu/~j.d.dancks/onestopshop/userpage.php');
}
if(!check_ses('prod_err')&&check_post('date')&&check_get('update',1)&&check_get('ItemID'))
{
if(is_only_numbers($_GET['ItemID'],6,1,2,false))
{
$q = (check_post('pic'))
?
sprintf("UPDATE Item SET item_name='%s',cat_name='%s',descr='%s',image='%s',min_bid='%s',date='%s',expired=0 WHERE (ItemID='%s') AND (userID='%s')",
mysql_real_escape_string($_POST['prod_name']),
mysql_real_escape_string($_POST['category']),
mysql_real_escape_string($_POST['descr']),
mysql_real_escape_string($_POST['pic']),
mysql_real_escape_string($_POST['bid']),
mysql_real_escape_string($_POST['date']),
mysql_real_escape_string($_GET['ItemID']),
mysql_real_escape_string($_SESSION['ID'])
)
:
sprintf("UPDATE Item SET item_name='%s',cat_name='%s',descr='%s',min_bid='%s',date='%s',expired=0 WHERE (ItemID='%s') AND (userID='%s')",
mysql_real_escape_string($_POST['prod_name']),
mysql_real_escape_string($_POST['category']),
mysql_real_escape_string($_SESSION['ID']),
mysql_real_escape_string($_POST['descr']),
mysql_real_escape_string($_POST['bid']),
mysql_real_escape_string($_POST['date']),
mysql_real_escape_string($_GET['ItemID']),
mysql_real_escape_string($_SESSION['ID'])
);
$que = mysql_query($q,$con) or die(mysql_error());
unset($_SESSION['prod_err']);
cleanup($_POST);
header('Location:http://cs4.sunyocc.edu/~j.d.dancks/onestopshop/userpage.php');
}
Surprise, surprise, it doesn't work. I try and make a test date input testinputdate.php:
<?php
$con = mysql_connect('localhost','jddancks','csc255');
mysql_select_db('dancks_db',$con);
if(isset($_GET['q']))
{
$test = mysql_query(sprintf(
"insert into test_date(cur_date,input_date) values(CURDATE(),'%s')",mysql_real_escape_string($_POST['test'])
),$con);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
if(isset($_GET['q']))
{
if($test)
{
echo "<p>It worked! Result:</p>\n";
$yy = mysql_query("select * from test_date",$con);
echo "<ul>\n";
while($q = mysql_fetch_assoc($yy))
{
echo "<li>".$q['input_date']."</li>\n";
}
echo "</ul\n";
}
else
{
echo "<p>Insert failed</p>\n";
}
}
mysql_close($con);
?>
<form action="testinputdate.php?q=1" method="POST">
<p>Enter date: <input type="text" name="test" id="test" /></p>
<input type="submit" />
</form>
</body>
</html>
I enter a date like so: 2013-1-15 for Jan 15. 2013
I get: EDIT: oops ok that worked. The hell is wrong with the code from my website?