Why my code doesn't stores the variables in mySQL?

Question

Well, i've been trying, to store the content that the user writes in the input text, and store the id of the checkboxs that the user clicks. I achieved store both things, but each one apart, o better say in other php file. The problem appears when i try to sotres both things using only one php file. Here is my code

HTML

<label for="Teachers_Name">Teacher's Name</label>
<input type="text" name="Teachers_Name" id="Teachers_Name" placeholder="Name" required>
<br>
<br>
<label for="School_Name">School Name</label>
<input type="text" name="School_Name" id="School_Name" placeholder="School Name" required>
<br>
<br>
<label for="Implementation_Quality">Write here your 
Implementation Quality score :</label>
<input type="text" name="Implementation_Quality" id="Implementation_Quality" placeholder="Implementation Quality" required>
</div>
<input type="submit" name="submit" id="submit" value="Send" 
    style="margin-left: 50px; margin-bottom: 20px; margin-top: 
    20px;background:#0774D9; color: #fff; font-size: 20px; 
    border-radius: 10px; font-family: 'Verdana';padding: 5px 
    15px 5px 20px">
<p>BOOKS</p>
<div class="checkbox">
    <br>
    <input type="checkbox" value="20" id="CourseBooks" class="get_value" style="display: none;">
    <label for="CourseBooks">CourseBooks</label>
    <input type="checkbox" value="20" id="PracticeBooks" class="get_value"  style="display: none;">
    <label for="PracticeBooks">PracticeBooks</label>
    <br>
</div>
<h4 id="result"></h4>

Jquery

<script>
    $(document).ready(function() {
        $('#submit').click(function() {
            var insert = [];
            $('.get_value').each(function() {
                if ($(this).is(":checked")) {
                    insert.push($(this).attr("id"));
                }
            });
            insert = insert.toString();
            $.ajax({
                url: "insert1.php",
                method: "POST",
                data: {
                    insert: insert
                },
                success: function(data) {
                    $('#result').html(data);
                }
            });
        });
    });
</script>

Php of checkboxs

if(isset($_POST['insert'])) {
    $conn = mysqli_connect("localhost", "root", "", "datos1");
    $query = "INSERT INTO BOOKS(name) VALUES('" . $_POST["insert"] . "') ";
    $result = mysqli_query($conn, $query);
    echo "Data Inserted Succesfully";
}

PHP of texts

$conexion = new mysqli("localhost", "root", "");

if(!$conexion) {
    echo "Conexión no exitosa";
} else {

    $base = mysqli_select_db($conexion, "datos1");
    if(!$base) {
        echo "No se pudo conectar a la base de datos";
    }
}
//LLAMAMOS LAS VARIBALES
$Teachers_Name = "";
$Teachers_Name = isset($_POST['Teachers_Name']) ? $_POST['Teachers_Name'] : '';
$Teachers_Name = empty($_POST['Teachers_Name']) ? $_POST['Teachers_Name'] : '';
$Teachers_Name= $_POST['Teachers_Name'] ?? '';
$School_Name = "";
$School_Name = isset($_POST['School_Name']) ? $_POST['School_Name'] : '';
$School_Name = empty($_POST['School_Name']) ? $_POST['School_Name'] : '';
$School_Name= $_POST['School_Name'] ?? '';
$Implementation_Quality = "";
$Implementation_Quality = isset($_POST['Implementation_Quality']) ? $_POST['Implementation_Quality'] : '';
$Implementation_Quality = empty($_POST['Implementation_Quality']) ? $_POST['Implementation_Quality'] : '';
$Implementation_Quality= $_POST['Implementation_Quality'] ?? '';
//Guarda las variables
$sql = "INSERT INTO datos_1 (Teachers_Name, School_Name, 
     Implementation_Quality) VALUES(?, ?, ?)";

$sth = mysqli_prepare($conexion, $sql);
mysqli_stmt_bind_param($sth, 'sss', $Teachers_Name, $School_Name, $Implementation_Quality);
$ejecutar = mysqli_stmt_execute($sth);

if(!$ejecutar) {
    echo "Hubo algun error";
} else {
    echo "Datos guardados correctamente<br><a href='index.php'>Volver</a>";
}

[Little Bobby](http://bobby-tables.com/) says **[you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend `PDO`, which I [wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. Also, [This article](https://phpdelusions.net/pdo/mysqli_comparison) may help you choose between `MySQLi` and `PDO` — GrumpyCrouton, Nov 21 '17 at 16:19
It's weird. You used prepared statements once and then created avenues for sql injection attacks in the other one — Rotimi, Nov 21 '17 at 16:20
Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code**. [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. — GrumpyCrouton, Nov 21 '17 at 16:20
You keep trying multiple ways to set a variable. Find one that works, stick with it, and delete the others, because you're just resetting it each time. — aynber, Nov 21 '17 at 16:25
Sorry guys, i've just started in this world of StackOverflow. Well, but, what can i do?, i'm new in php — Marinovsky, Nov 21 '17 at 16:42

Why my code doesn't stores the variables in mySQL?

0 Answers0