My code doesn’t work , i do some searching and try to wrap the code together
<?php
$del = mysqli_query($con,"DELETE FROM tb_absen_mingguan WHERE tanggal=$_GET[tanggal] <= CURRENT_DATE - INTERVAL 7 DAY;");
if ($del) {
echo " <script>
alert('Data telah dihapus !');
window.location='?page=rekap&act=mingguan';
</script>";
}
?>
and got the error:
Fatal error: Uncaught mysqli_sql_exception: You have an error in your
SQL syntax; check the manual that corresponds to your MariaDB server
version for the right syntax to use near ” at line 1
what should i do ?
i try to change the tanggal and stuff but it doesnt work , and im pretty confused where the error at
2
Answers
No date needs to be passed to the query, the table’s
tanggal
date value can simply be the reference.Not sure what is trying to be achieved by that
DELETE
query in theWHERE
clause, but what I believe what you are trying to do is:… and on the plus side, this query does not have any SQL injection issues.
Try this dbfiddle example
The before/after example using the query looks like this:
Here’s the updated and safer version of the code:
In the updated code, I’ve made the following changes:
Sanitized the
$_GET['tanggal']
input usingmysqli_real_escape_string
to prevent SQL injection attacks.Changed the SQL query to use proper date comparison. We need to specify both conditions in the WHERE clause:
tanggal <= (CURRENT_DATE - INTERVAL 7 DAY)
to ensure that the "tanggal" is older than 7 days from the current date andtanggal = '$tanggal'
to ensure that we are deleting records with a specific date.Added an error handling message in case the deletion operation fails.
Always ensure you sanitize and validate user inputs before using them in SQL queries to prevent potential security vulnerabilities. Additionally, consider using prepared statements with parameter binding instead of manually escaping user inputs to further enhance security.