How to change date to (Y-m-d)

Question

How to change date to (Y-m-d)

WDusss Mar '18

Created Mar '18	Last Reply Mar '18	Replies 1	Views 294	Votes 0

WDusss 1.8k

Mar '18

how to change the date on start and end || the current format is m-d-Y

public function exportListContactAction()
{
  $criteria = $this->request->getQuery('criteria');
  $value = $this->request->getQuery('value');
  $period = $this->request->getQuery('period');
  $start = $this->request->getQuery('start');
  $end = $this->request->getQuery('end');

  $map = [
      "1" => "Name", 
      "2" => "Email",
      "3" => "Phone"];

      $criteria = $map[$criteria];

  $map1 = [
      "1" => "CreateDate",
      "2" => "CommentDate"];

      $period = $map1[$period];

      $siteId = $this->getSite();

      $options = $this->config->database;

      $dsn = "mysql:host={$options->host};dbname={$options->dbname};charset=utf8";
      $opt = [
          PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
          PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
          PDO::ATTR_EMULATE_PREPARES   => false,
          PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => false
      ];

      $db = new PDO($dsn, $options->username, $options->password, $opt);
      $db->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, false);

      $db->query("SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED ;");

      $sql = "
      select c.*, r1.Description from Contact c 
      left join Reference r1 on c.TypeId=r1.Id 
      where c.SiteId=$siteId and c.ExpireDate='3000-01-01 00:00:00'";

      if ($criteria) {
          $sql .= " and c.`$criteria` like '%$value%' ";
      }

      if ($period) {
          $sql .= " and c.`$period` between '$start' and '$end'";
      }

      $sql .= " ";

      $query = $db->prepare($sql, array(      
          \PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY
      ));

      $db->query("COMMIT ;");

      $query->execute();

Lajos Bencz · Answer 1 · 2018-03-29T02:59:30-07:00

First of all, your code is vulnerable to SQL injection:

You simply concatenate the query with the start and end variables...

      if ($period) {
          $sql .= " and c.`$period` between '$start' and '$end'";
      }

which in turn come from an unsanitized url param:

  $start = $this->request->getQuery('start');
  $end = $this->request->getQuery('end');

Also, the format of the date (according to this code snippet) is independent from this logic: it comes from the raw URL param.

If the source is an internationalized js code (the date format could vary from client to client), you should convert it there to ISO format before building the AJAX query.