Site Search function

Please I need help. I'm working on a search function that can search using date as criteria among others. Other criteria work fine but the date issue is a real big issue. The code that calls my search form is here

elseif(isset($_GET['action']) && $_GET['action'] == 'searchEstimate')
{
	$action = 'searchJE';
	$button = 'Search';
	require 'searchEstimate.php';
	exit();
}

The search form uses $_GET and in my mysql table, the date uses date field. The processor code is here:

elseif(isset($_POST['button']) && $_POST['button'] == 'Estimate')
{
  $results = array();
  $data = new CustomerManager();
  $data->storeFormValues( $_POST );
  $data->insertJobEstimate();
    
}

if (isset($_GET['action']) and $_GET['action'] == 'search')
{
	
	
// The basic SELECT statement
$conn = DatabaseManager::getConnection();
$select = 'SELECT id, regNumber, jobCardNo, jobCardDate, serviceType, description';
$from = ' FROM jobestimate';
$where = ' WHERE TRUE';

$placeholders = array();
if ($_GET['jobCardDate1'] != '') // A job card date is selected
{
$where .= " AND jobCardDate BETWEEN :jobCardDate1";
$placeholders[':jobCardDate'] = $_GET['jobCardDate1'];
}

$placeholders = array();
if ($_GET['jobCardDate2'] != '') // A job card date is selected
{
$where .= " AND :jobCardDate2";
$placeholders[':jobCardDate'] = $_GET['jobCardDate2'];
}

if ($_GET['regNumber'] != '') // Reg Number was specified
{
$where .= " AND regNumber = :regNumber";
$placeholders[':regNumber'] = $_GET['regNumber'];
}

if ($_GET['serviceType'] != '') // Reg Number was specified
{
$where .= " AND serviceType = :serviceType";
$placeholders[':serviceType'] = $_GET['serviceType'];
}

if ($_GET['jobCardNo'] != '') // Reg Number was specified
{
$where .= " AND jobCardNo LIKE :jobCardNo";
$placeholders[':jobCardNo'] = '%' . $_GET['jobCardNo'] . '%';
}

try
{
$sql = $select . $from . $where ;
$s = $conn->prepare($sql);
@$s->execute($placeholders);
}
catch (PDOException $e)
{
$error = 'Error fetching job estimates.';
include 'error.html.php';
exit();
}
foreach ($s as $row)
{
$estimates[] = array('id' => $row['id'], 'regNumber' => $row['regNumber'], 'jobCardNo' => $row['jobCardNo'], 'jobCardDate' => $row['jobCardDate'], 'description' => $row['description'], 'serviceType' => $row['serviceType']);
}
include 'estimateSearchResult.html.php';
exit();


} //closing tag

Each time I use date as a search criteria, it graciously include the error.html.php page. What is wrong with the set up? Every other part works fine. Please I need help. Thanks in advance.

Please note that the date field in my database is jobCardDate while the two date field that is to give the date range are named jobCardDate1 & jobCardDate2.

1: NEVER, EVER use a $_GET directly in a SQL query you leave your database tables wide open to an SQL injection attack.


Sanitise the data first by making sure it is the correct format before using it.

--
Chris.
So long, and thanks for all the fish.
http://webmaster-talk.eu/

Thanks for that Chrishirst. Do you have any other suggestion as per working around this date issue?

@papadammy: Output $e->getMessage() so you can see what the actual error is.

--
Matt Doyle, Elated
3rd Edition of my jQuery Mobile book out now! Learn to build mobile web apps. Free sample chapter: http://store.elated.com/

Matt, thanks a lot for your reply. I was able to figure out how to handle the code after using your tip. The search function is now working perfectly well.
Thanks.