PHP is not passing proper data to MYSQL

Question

I am unable to pass proper data to MySQL I have no idea what is wrong done by me please help me out my code is as follow:

$con = mysqli_connect('localhost', 'root', '', 'database');
if($con) {
    echo "we are connected";
} else {
    die("connection failed");
}

if(isset($_POST['submit'])) {

    // echo "Yeah it works";
    $user = $_POST['username'];
    $pass = $_POST['password'];

    $query = "INSERT INTO users(username, password) VALUES ('$user', '$pass')";
    $result = mysqli_query($con, $query);

    if(!$result) {
        die("Query failed");
    }
}

When I run this code I'm getting 0 for username and 0 for password. whatever I type for username and password I get 0 in database.

[Your script is at risk for SQL Injection Attacks.](//stackoverflow.com/q/60174) — Blue, Oct 19 '18 at 13:57
First things first, `var_dump($user);` and `var_dump($password);`. Are they the correct values? Next, check the database. Is the columns `VARCHAR` or a text format (ie. Not integer). This is likely your cause. — Blue, Oct 19 '18 at 13:59
you must pass the values into a prepared statement: https://www.w3schools.com/php/php_mysql_prepared_statements.asp — Fnr, Oct 19 '18 at 13:59
check your database column structure for username. It should be varchar/text. — Empty Brain, Oct 19 '18 at 14:00
You should add your HTML form and I think you're missing a `;` at the end of your query. — Diego Rios, Oct 19 '18 at 14:02
check the data type of the columns, it should be varchar, now its look like integer — Waseel Ahmad Mufti, Oct 19 '18 at 14:03
It seems query executed but data is not inserted. Auto increament show execution of query. Your database shows that username and passwords are not of string data type, change its data type and try again. — Hasan Baig, Oct 19 '18 at 14:11

score 2 · Accepted Answer · edited Oct 19 '18 at 14:09

Try this code, which also removes SQL injections.

$con = mysqli_connect('localhost', 'root', '', 'database');

if(! $con )
    die('Unable to connect');

foreach(array('submit', 'username', 'password') as $arg)
    if(! isset($_POST[$arg]) )
        die('Missing argument(s)');

unset($arg);
http_response_code(200);

$username = $con->real_escape_string($_POST['username']);
$password = $con->real_escape_string($_POST['password']);

$query = "INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')";
if(! mysqli_query($con, $query))
    http_response_code(400);

If this code doesn't work, make sure that username and password from your table are varchar's not int's. (Because your script inserts a 0 value)

PHP is not passing proper data to MYSQL

1 Answers1