0
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$confirmPassword = mysqli_real_escape_string($conn, $_POST['confirmpassword']);
$email = mysqli_real_escape_string($conn, $_POST['email']);

$insertSQL = "INSERT INTO 'user' ('ID', 'Username', 'Password', 'Email') VALUES('".NULL."', '".$username."', '".$password."', '".$email."')";
if(mysqli_query($conn, $insertSQL));
{
    echo "<script>window.open('../index.php', '_self')</script>";
}

mysqli_query returns true in the if statement, but nothing is being added to the database. I'm using mysqli to connect to my db:

$dbservername = "my_Server_Name";
$dbusername = "my_Username";
$dbpassword = "my_Password";
$dbname = "my_DB";

// Create connection
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
// Check connection
if ($conn->connect_error) 
{
    die("Connection failed: " . $conn->connect_error);
}

I believe the connection is fine because it has worked in other scenarios when pulling tables from the DB to check information, but seemingly will not work when I attempt to add VALUES into the db.

Here is the db as well:

CREATE TABLE `user` (
    `ID` int(10) UNSIGNED NOT NULL,
    `Username` varchar(31) NOT NULL,
    `Password` varchar(31) NOT NULL,
    `Email` varchar(63) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

INSERT INTO `user` (`ID`, `Username`, `Password`, `Email`) VALUES
(1, 'username', 'password', 'exampleEmail@example.com');
Satirez
  • 17
  • 5
  • 1
    These `'user' ('ID', 'Username', 'Password', 'Email')` should all be in backticks, not quotes. – chris85 Nov 01 '16 at 19:17
  • 1
    Passwords also should be hashed and you should compare the confirm value before the insert. – chris85 Nov 01 '16 at 19:18
  • @chris85 Hashing isn't too big of a concern for me right now because all of the information is hosted locally and it's for school. I do appreciate the reminder though. `'user' ('ID', 'Username', 'Password', 'Email')` should be backticks instead of single quotes, then? – Satirez Nov 01 '16 at 19:21
  • 1
    ...or none at all, since there are no reserved word(s) used, or space or hyphens, or anything else that mysql would complain about. ;-) – Funk Forty Niner Nov 01 '16 at 19:27
  • Plus, `Password varchar(31)` suggests that you are not using a safe password storing method. – Funk Forty Niner Nov 01 '16 at 19:28
  • 1
    php null also has absolutely nothing to do with an sql null. PHP nulls in string context become a zero-length string. – Marc B Nov 01 '16 at 19:32
  • http://dev.mysql.com/doc/refman/5.7/en/string-literals.html vs. http://dev.mysql.com/doc/refman/5.7/en/identifiers.html. Also your `id` should be auto-incrementing. – chris85 Nov 01 '16 at 19:34
  • @MarcB Yeah, I had just changed that before seeing your comment. Thanks. – Satirez Nov 01 '16 at 19:35
  • @Fred-ii- If I wanted to have a safe storing method, what would you recommend? – Satirez Nov 01 '16 at 19:37
  • @chris85 It is, actually, the statement for the auto-increment statements are at the bottom of the sql file. – Satirez Nov 01 '16 at 19:37
  • Where is the auto-incrementing set up? I don't see it in your table declaration and your example query would indicate it is not set up. For safe storing I'd use parameterized queries. Your columns/tables can be ticked, or unticked, just not quoted. If you used a column/table name like `order` the ticks would be required because that term is reserved. – chris85 Nov 01 '16 at 19:48
  • Using `$insertSQL = "INSERT INTO `user` (`ID`, `Username`, `Password`, `Email`) VALUES (NULL, '".$username."', '".$password."', '".$email."')";` as my query, it is still returning true to the if statement, but also still not inserting the data into the table. – Satirez Nov 01 '16 at 19:49
  • @chris85 I didn't post it, but it is at the bottom of my sql file. ALTER TABLE `user` MODIFY `ID` int(10) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2; I used phpmyadmin to make the db. Should I move these statements up to the table declarations? – Satirez Nov 01 '16 at 19:51
  • @chris85 As a note, the AUTO_INREMENT=2 is that way because I manually added a row into the table inside the sql file. – Satirez Nov 01 '16 at 20:05
  • *"If I wanted to have a safe storing method, what would you recommend?"* - Use `password_hash()` and ALTER your (password) column to be a minimum of 60 length; 255 is the recommended length as per what the manual suggests. – Funk Forty Niner Nov 01 '16 at 20:56

0 Answers0