Home/ Questions/Q 9190749
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T20:32:00+00:00

I am creating a user registration system with mysql and php and added a

  • 0

I am creating a user registration system with mysql and php and added a column to user table called ‘date_expires’ ( with DATE NOT NULL) to make registered users’ registration date to expire. With my form users can select their registration period. Eg: 1 year, 2 year, 3 year. etc. I have got the value of registration period when user submitting the form.. like this 

$registrationPeriod = $_POST['registration_period];

My problem is how I insert expire date with above value to my user table?

I am trying to insert data to the user table but confusing how I do it with ‘date_expires’ column.

This is my code so far…

$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) 
      VALUES ('$u', '$e', '$p, '$fn', '$ln', ????????????? )";

hope someone help me out about this..
thank you.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If your $_POST['registration_period'] comes in as 1 year, 2 year… Then you can most easily strip off the integer value and perform the date calcualtion in MySQL like NOW() + INTERVAL n YEAR where n is the number.

    // Extract it from the registration_period
// Since it is formatted as "n years" with a space between,
// we can split the string on the space.  list() assigns an array (returned from explode())
// to individual variables. Since we only actually need one of them (the number), 
// we can throw away the second (which is the string "years") by just giving list() one variable
// It still needs a placeholder for the second though, hence the extra comma.
list($years,) = explode(" ", $_POST['registration_period']);
// Make sure it is an int to protect against SQL injection...
$years = intval($years);

    In your query, substitute the number into the date calculation in the VALUES () list:

    INSERT INTO users (.......) VALUES (....., (NOW() + INTERVAL $years YEAR));

    Please consider switching to an API which supports prepared statements, like MySQLi or PDO. We can only hope and assume that all your query input variables have been correctly sanitized and filtered against SQL injection in your query’s current form.

    $u = mysql_real_escape_string($_POST['u']);
$e = mysql_real_escape_string($_POST['e']);
// etc for all query vars...

    (More info on list()

    • 0