匿名用户
您可以使用DATE()函数
,并且应该避免在sql代码中使用php var来防止sqlinjection为此请看一看apt prepated语句E和为您的db驱动程序绑定param
根据实际情况,您使用的是msqli,而不是您可以使用的PDOif(isset($_POST["from_date"], $_POST["to_date"]))
{
$connect = mysqli_connect("localhost", "", "", "");
$output = '';
$stmt = $connect->prepare("CreatedDate,
COUNT(`Ticket`) AS Tickets,
SUM(CASE WHEN status = 'Closed' THEN 1 ELSE 0 END) as Closed
FROM Dashboarddetails";
WHERE CreatedDate BETWEEN DATE(?) AND DATE(?)
GROUP BY CreatedDate
ORDER BY CreatedDate");
$stmt->bind_param('ss',$_POST["from_date"], $_POST["to_date"]);
$stmt->execute();
$result = $stmt->get_result();
while ($myrow = $result->fetch_assoc()) {
....
}
.....
无论如何,请确保您在POST中的日期是规范格式的日期提示,并且两个日期的date()部分是一个有效的日期范围(如果您传递的两个日期是同一天的,您的between子句不起作用)