My sql Insert statement wont insert no errors

Here is the code:

<form method="post" name="input" action=""> 
                                <label>StaffID:<br/> <input name="staffid" type="number"><br></label>  
                                <label>Username:<br/> <input name="username" type="text" min="0"><br></label>  
                                <label>Password:<br/> <input name="password" type="text" min="0"><br></label>   
                                <input type="submit" name="submit" value="Add User"> 
                                $SID = $_POST['staffid']; 
                                $UN = $_POST['username'];
                                $PW = $_POST['password']; 
                                $conn = mysqli_connect("", "999_ashtonb", "xxxxx", "2219658_ashtonb");
                                if($SID !=''||$UN !=''||$PW !=''){
                                        $sql = "INSERT INTO staffusers(username, password, staffid) VALUES($UN, $PW, $SID)";
                                          mysqli_query($conn, $sql); 
                                          echo "<br><br><span>User added successfully!</span>"; }

I dont know what Im doing wrong please help.

What are you expecting the code to do? What do you mean by it won’t insert no errors?

It looks as though you are trying to store staffid, username and password in a database. There is no validation on the inputs and you are storing the password in plain text. Your security has more holes in it than my granny’s knitting.

Note, I edited your database information as by posting details here it could be hacked by just about anyone.

the security is not a problem this is just for the base insertion of data into the database.

i think you need single quotes around the text values

INSERT INTO staffusers ( username , password , staffid ) VALUES ( '$UN' , '$PW' , $SID )

I have tried that but get the same situation with no errors and no input.

That, and what ever anyone decides they want to inject into the query.

run the sql by itself, not from php, with constants instead of variables

that way you get to see the actual mysql error, if any

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.