Inserting into MySql DB with PHP not working

Question

I am trying to insert data into a MySQL database using PHP. As far as I can see I am using the correct code, but it is not inserting - nothing changes in phpMyAdmin. Am I doing anything wrong? (I changed the database name and password here just for safety- it connects without any issues)

  <?php
        $link = mysqli_connect("localhost", "dbname", "password", "dbname");

        if (mysqli_connect_error()) {

            die ("Error connecting to the database");

        } 

        $query = "INSERT INTO 'users' ('email', 'password')
                  VALUES ('example@example.com', '12345678')";

        mysqli_query($link, $query);

    ?>

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Feb 27 '17 at 20:29
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Feb 27 '17 at 20:29
@Jay Blanchard I'm new to php and mysql, busy doing tutorial and got stuck. Just wanted to know whats wrong with the code — Rudi Thiel, Feb 27 '17 at 20:30
Outside of the quotes problem what I posted *is* what is wrong with your code. — Jay Blanchard, Feb 27 '17 at 20:33

score 3 · Accepted Answer · answered Feb 27 '17 at 20:23

3

Use backticks `` instead of single quote ':

    $query = "INSERT INTO `users` (`email`, `password`)
              VALUES ('example@example.com', '12345678')";

answered Feb 27 '17 at 20:23

Gurwinder Singh

38,557
6
51
76

1

or neither, as they are optional unless using reserved words – Feb 27 '17 at 20:24
Aah thats the problem - thanks! – Rudi Thiel Feb 27 '17 at 20:25

Inserting into MySql DB with PHP not working

1 Answers1