INSERT query returning false boolean

Question

Apologies for the newbie question, I have been struggling to get my insert to work.

A var_dump of $qry returns the correct values, but a var_dump of $insert returns a false boolean. Therefore I am not getting any values inserted into my table and can not understand why.

Would really appreciate a pointer here. Thanks in advance.

<?php

$host = 'localhost';
$user = 'tim_williams';
$pass = 'baroness';
$db  = 'php_db05';

$link = mysqli_connect($host, $user, $pass, $db);

if(!$link) {
  die("Database connection failed");
}


function clean_form($data) {
  global $link;
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  $data = mysqli_real_escape_string($link, $data);
  return $data;
}


if(isset($_POST['submit'])) {
  $fname     = clean_form($_POST['fname']);
  $lname     = clean_form($_POST['lname']);
  $email     = clean_form($_POST['email']);
  $password1 = clean_form($_POST['password1']);
  $password2 = clean_form($_POST['password2']);
  $username  = strtolower($fname.substr($lname,0,1));
  $dateTime   = date('Y-m-d g:i:s',time());
  if ($fname && $lname && $email && $password1 && $password2 && $username &&     $dateTime) {
    $qry  =  "INSERT INTO registeredusers ('UserID', 'UserName',  'FirstName', 'Surname', 'EmailAddress', 'Password')
              VALUES ('','$username','$fname', '$lname', '$email',  '$password1','$dateTime')";
  $insert = mysqli_query($link, $qry);
  }
}

var_dump($insert);


?>


<!DOCTYPE html>
<html>
  <head>
    <link rel="stylesheet" href="./css/layout.css" media="screen"  type="text/css">
    <link rel="stylesheet" href="./css/menu.css" media="screen" type="text/css">
    <meta charset="utf-8">
    <title>New User Registration</title>
  </head>
  <body>
    <div class="holder">

      <div class="header"></div>
      <div class="navbar">
        <nav>
          <ul>
            <li><a href="/uni/uni_log_reg/mysql-project-users-login.php">Login</a></li>
            <li><a href="/uni/uni_log_reg/mysql-project-users-add.php">Register</a></li>
          </ul>
        </nav>
      </div>
      <div class="content">
        <div class="pageheading">
          <h1>New Users</h1>
        </div>
        <div class="contentleft">
          <h2>Welcome to my site</h2><br />
          <h6>Please register an account with us to access main content and more.</h6>
        </div>
        <div class="contentright">
          <form class="registerform" action="" method="post">
            <input class="styletxtfield" type="text" name="fname" placeholder="First Name" value=""><input class="styletxtfield forminput" type="text" name="lname" placeholder="Last Name" value=""><br /><br />
            <input class="styletxtfield" type="text" name="email" placeholder="Email address" value=""><br /><br />
            <input class="styletxtfield" type="text" name="password1" placeholder="Password" value=""><input class="styletxtfield forminput"     type="text" name="password2" placeholder="Confirm Password" value=""><br /><br      />
                <input type="submit" name="submit" value="submit">
              </form>
            </div>

          </div>
          <div class="footer"></div>

        </div>

</body>
</html>

column names should not be in quotes, but in backticks .. not necessary unless you are using any reserve word as column name. — kamal pal, May 30 '16 at 15:54
Possible duplicate of [When to use single quotes, double quotes, and backticks?](http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks) — Mike, May 30 '16 at 15:58
I've tried both backticks and none at all and it's still returning boolean(false) — Tim Williams, May 30 '16 at 16:01
You have 6 columns and 7 values. You're missing the column for `$dateTime` in your query. — mferly, May 30 '16 at 16:02
Aside: Don't *scrub/clean* a user's password, ie. removing spaces, slashes, special characters, `mysqli_real_escape_string`, etc. Leave it be. Just hash it with [password_hash()](http://php.net/manual/en/function.password-hash.php) or something of the like. — mferly, May 30 '16 at 16:04
Thank you so much guys, massive massive help for a newbie like me. Really appreciate it — Tim Williams, May 30 '16 at 16:06
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/) if you ever forget to properly escape something. **DO NOT** use `htmlspecialchars` to escape for your database, it will mangle characters like `&`. That's used for display of HTML. — tadman, May 30 '16 at 17:46
**WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.2/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and never store passwords as plain-text. — tadman, May 30 '16 at 17:46

INSERT query returning false boolean

0 Answers0