Home/ Questions/Q 7502705
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T20:57:45+00:00

So I am working on a client website and it includes an event calendar

  • 0

So I am working on a client website and it includes an event calendar as its main focus. The calendar functions: you can insert events with a date,start_time,end_time. and then its displayed on the calendar and you get the picture. The problem I am having is conflicts between current events and ones people are trying to book as new events. I know logically I will need to check if its:

  1. between the event
  2. during the event but starting before it
  3. during the event but starting during it and ending afterwards.

The sql query I made up to start is this(it doesnt work):

$check_date_time = "SELECT `event_date`, `start_time`, `end_time` FROM `calendar_events` WHERE
 '.$_POST['event_date'].' = event_date AND
'.$_POST['start_time'].' BETWEEN `start_time` AND `end_time` 
AND '.$_POST['start_time'].' < `start_time` AND '.$_POST['end_time'].' < `end_time` 
|| '.$_POST['start_time'].' > `start_time` AND '.$_POST['end_time'].' < `end_time`';
$result = mysql_query($check_date_time, $mysql)
            or die(mysql_error());

Any help would be appreciated, I dont know if I am writing the query wrong or if the database is setup wrong.

Thanks, Andrew

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It looks to me like you’re storing the dates and times in a text/varchar field and attempting to use the BETWEEN operator which only works on date/numerical fields.

    Run this query: SHOW CREATE TABLE calendar_events;

    And post back the results for us so we can see your table structure.

    Also I should point out that putting $_POST data directly into a SQL query is a very very veeeeerrrrry bad idea under any circumstance. That’s how you expose yourself to SQL injection attacks and get your entire database compromised.

    You should use a helper class or at least calling mysql_escape_string or using the escape method on mysqli around each data element. Also, make sure you wrap your parameters in the query in single quotes. You should also wrap your table/column names in backticks (`). Even though they are technically optional, it does help when reading queries and it avoids the errors caused by data/fieldname collision.

    For example if I posted “event_date” as the data for $_POST[‘event_date’] MySQL would get confused since it would interpret that part of the query as event_date = event_date which of course will always be true.

    With single quotes and backticks properly used: ‘event_date’ = event_date Now MySQL knows that the first occurrence is telling it to look for cases where the value of event_date is present in the event_date column of the table.

    At any rate, post back the table structure, put your single/backtick quotes in place, and I think it’ll be much easier for us to help you.

    • 0