Search by date range problem
View Single Post
01-08-2009, 09:41 PM
Join Date: Oct 2007
Location: Manchester, UK
Search for xss protection or something
I think these articles may help you understand:
Securing your MySQL Queries with Sprintf
How to Login to Any Account on an Insecure Site
Also I advise that you turn error reporting off in a live server environment, don't make the hackers life easy by giving him feedback on his attempts (which in essence is what happens with errors).
Anyway to the problem. Is your database stripping of the preceding zero?, I say this because you are sending both 09 and 08 in the between statement as string (wrapped in single quotes), thus the db will be comparing:
the string "08" and the integer 8
and so on and so forth.
In other words, what's the column's data type? and what does it currently hold
mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0;
Empty set (0.00 sec)
The Following 2 Users Say Thank You to sketchMedia For This Useful Post:
View Public Profile
Send a private message to sketchMedia
Visit sketchMedia's homepage!
Find More Posts by sketchMedia