Why Are My Form Values Not Inserting into My MySQL Database?

PHP: Inserting Form Values into MySQL

Problem:

Inserting values from an HTML form into a MySQL database is not executing successfully, and the database remains empty.

Solution:

The provided PHP code contains an SQL query stored as a string variable:

$sql = "INSERT INTO users (username, password, email)
        VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";

However, this query is not executed. To execute a query, you need to use MySQL functions like prepared statements to ensure the security and integrity of your data.

Best Practice: Using Prepared Statements

Prepared statements protect against SQL injection by separating the query from the user input. Here's how to use them:

1. Prepare the SQL statement:

   $sql = "INSERT INTO users (username, password, email) VALUES (?,?,?)";

2. Bind input variables:

   $stmt = $mysqli->prepare($sql);
   $stmt->bind_param("sss", $_POST['username'], $_POST['email'], $_POST['password']);

3. Execute the prepared statement:

   $stmt->execute();

Additional Security Measure:

To enhance security, store passwords in an encrypted hashed format instead of plain text using password_hash.

The above is the detailed content of Why Are My Form Values Not Inserting into My MySQL Database?. For more information, please follow other related articles on the PHP Chinese website!