We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

How to change date to (Y-m-d)

how to change the date on start and end || the current format is m-d-Y

public function exportListContactAction()
{
  $criteria = $this->request->getQuery('criteria');
  $value = $this->request->getQuery('value');
  $period = $this->request->getQuery('period');
  $start = $this->request->getQuery('start');
  $end = $this->request->getQuery('end');

  $map = [
      "1" => "Name", 
      "2" => "Email",
      "3" => "Phone"];

      $criteria = $map[$criteria];

  $map1 = [
      "1" => "CreateDate",
      "2" => "CommentDate"];

      $period = $map1[$period];

      $siteId = $this->getSite();

      $options = $this->config->database;

      $dsn = "mysql:host={$options->host};dbname={$options->dbname};charset=utf8";
      $opt = [
          PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
          PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
          PDO::ATTR_EMULATE_PREPARES   => false,
          PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => false
      ];

      $db = new PDO($dsn, $options->username, $options->password, $opt);
      $db->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, false);

      $db->query("SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED ;");

      $sql = "
      select c.*, r1.Description from Contact c 
      left join Reference r1 on c.TypeId=r1.Id 
      where c.SiteId=$siteId and c.ExpireDate='3000-01-01 00:00:00'";

      if ($criteria) {
          $sql .= " and c.`$criteria` like '%$value%' ";
      }

      if ($period) {
          $sql .= " and c.`$period` between '$start' and '$end'";
      }

      $sql .= " ";

      $query = $db->prepare($sql, array(      
          \PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY
      ));

      $db->query("COMMIT ;");

      $query->execute();

First of all, your code is vulnerable to SQL injection:

You simply concatenate the query with the start and end variables...

      if ($period) {
          $sql .= " and c.`$period` between '$start' and '$end'";
      }

which in turn come from an unsanitized url param:

  $start = $this->request->getQuery('start');
  $end = $this->request->getQuery('end');

Also, the format of the date (according to this code snippet) is independent from this logic: it comes from the raw URL param.

If the source is an internationalized js code (the date format could vary from client to client), you should convert it there to ISO format before building the AJAX query.