What are some best practices for building a search form in PHP that queries a database based on user input for date and time values?

When building a search form in PHP that queries a database based on user input for date and time values, it is best practice to sanitize and validate the user input to prevent SQL injection and ensure data integrity. You should also use prepared statements to execute the database query safely and efficiently. 

// Sanitize and validate user input for date and time values
$start_date = isset($_POST['start_date']) ? $_POST['start_date'] : '';
$end_date = isset($_POST['end_date']) ? $_POST['end_date'] : '';

// Validate date format
if (!empty($start_date) && !empty($end_date) && strtotime($start_date) && strtotime($end_date)) {
    // Use prepared statements to query the database
    $stmt = $pdo->prepare("SELECT * FROM table_name WHERE date_column BETWEEN :start_date AND :end_date");
    $stmt->execute(array(':start_date' => $start_date, ':end_date' => $end_date));
    
    // Fetch results
    $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
    
    // Display results
    foreach ($results as $row) {
        echo $row['column_name'];
    }
} else {
    echo "Invalid date format";
}

Keywords

PHP search form database query date values time values

Related Questions