My sql Insert statement wont insert no errors

ashtonburt · July 23, 2017, 8:01am

Here is the code:

<form method="post" name="input" action=""> 
                                <label>StaffID:<br/> <input name="staffid" type="number"><br></label>  
                                <label>Username:<br/> <input name="username" type="text" min="0"><br></label>  
                                <label>Password:<br/> <input name="password" type="text" min="0"><br></label>   
                                <input type="submit" name="submit" value="Add User"> 
                        </form>
                                
                        <?php
                                $SID = $_POST['staffid']; 
                                $UN = $_POST['username'];
                                $PW = $_POST['password']; 
                                
                                $conn = mysqli_connect("xxxxx.net", "999_ashtonb", "xxxxx", "2219658_ashtonb");
                                
                                if($SID !=''||$UN !=''||$PW !=''){
                                        $sql = "INSERT INTO staffusers(username, password, staffid) VALUES($UN, $PW, $SID)";
                                          mysqli_query($conn, $sql); 
                         
                                          echo "<br><br><span>User added successfully!</span>"; }
                        ?>

I dont know what Im doing wrong please help.

Gandalf · July 23, 2017, 8:14am

What are you expecting the code to do? What do you mean by it won’t insert no errors?

It looks as though you are trying to store staffid, username and password in a database. There is no validation on the inputs and you are storing the password in plain text. Your security has more holes in it than my granny’s knitting.

Note, I edited your database information as by posting details here it could be hacked by just about anyone.

ashtonburt · July 23, 2017, 8:39am

the security is not a problem this is just for the base insertion of data into the database.

r937 · July 23, 2017, 8:47am

i think you need single quotes around the text values

INSERT INTO staffusers ( username , password , staffid ) VALUES ( '$UN' , '$PW' , $SID )

ashtonburt · July 23, 2017, 8:59am

I have tried that but get the same situation with no errors and no input.

SamA74 · July 23, 2017, 12:43pm

That, and what ever anyone decides they want to inject into the query.

r937 · July 23, 2017, 2:14pm

run the sql by itself, not from php, with constants instead of variables

that way you get to see the actual mysql error, if any

system · October 22, 2017, 9:14pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
PhP & mysql insert help PHP	12	862	May 21, 2012
mySQL questions Databases	24	1460	November 21, 2010
Trouble inserting record PHP	5	516	July 31, 2010
Sql injections PHP	4	426	August 18, 2011
Login system No errors and no data inserted to the database PHP	62	7310	January 12, 2019

My sql Insert statement wont insert no errors

Related topics