Why is My PHP Form Data Not Inserting into MySQL?

PHP: Inserting Values from the Form into MySQL without Using Prepared Statements

Despite creating the users table in MySQL and defining the dbConfig and Index.php files, you're encountering an issue where data is not being inserted into the database when the save button is clicked.

The provided code retrieves values from the form using $_POST but only declares an INSERT query string in the following line:

$sql = "INSERT INTO users (username, password, email)
        VALUES ('".$_POST["username"]."','".$_POST["password"]."','".$_POST["email"]."')";

This code doesn't actually execute the query. To execute MySQL queries, you can use the mysqli_query function:

mysqli_query($mysqli, $sql);

However, this approach is vulnerable to SQL injection attacks. It's essential to use prepared statements when handling user input to prevent malicious data manipulation.

Here's an example using prepared statements:

$sql = "INSERT INTO users (username, password, email)
    VALUES (?,?,?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("sss", $_POST['username'], $_POST['password'], $_POST['email']);
$stmt->execute();

The above is the detailed content of Why is My PHP Form Data Not Inserting into MySQL?. For more information, please follow other related articles on the PHP Chinese website!