0

I am trying to enter data in MySQL table using PHP. Below is my code. What am I missing? The reason is, no data is inserted.

Database connection.

<?php
class Dbh{
    private $servername = "localhost";
    private $username = "username";
    private $password = "password";
    private $dbname = "oop";
    protected function connect(){
        $conn = new mysqli($this->servername, $this->username, $this->password, $this->dbname);
        return $conn;
    }
}
?>

Insert class for inserting the data into MySql table

<?php
include_once 'Dbh.php';
class Insert{
    public function insertData(){
        $uid = $_POST['uid'];
        $pwd = $_POST['pwd'];

        $sql = "INSERT INTO user(uid, pwd) VALUES ('uid', 'pwd')";
        mysqli_query($sql);
        header("Location: ../index.php?data=inserted");
    }
}
?>

HTML form for inputting the data.

<?php
include_once('Insert.php');
$data = new Insert();
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Insert data into database</title>
</head>

<body>
<form action="classes/Insert.php" method="POST">
    <input type="text" name="uid" placeholder="user name">
    <br>
    <input type="password" name="pwd" placeholder="password">
    <br>
    <button type="submit" name="submit">Insert data</button>
</form>
</body>
</html>
u_mulder
  • 54,101
  • 5
  • 48
  • 64
lokang
  • 1
  • How it is connected with sql injection? – u_mulder Apr 08 '18 at 10:43
  • Your code fails because of a typo (missed $ twice from the insert string). But the bigger problem is that your current solution is open to sql injection. See the duplicate topic on using parameters with mysql sql statements in php. – Shadow Apr 08 '18 at 10:44
  • I added the $ sign to $uid and $pwd but still, no data inserted. – lokang Apr 08 '18 at 12:03

0 Answers0