mysqli insert - not executing

Question

<?php
    require("../inc/header.inc.php");

    if(isset($_POST["username"])) {
        $username  =  strip_tags($_POST["username"]);
        $password  =  strip_tags($_POST["password"]);
        $password2 =  strip_tags($_POST["password2"]);
        $email     =  strip_tags($_POST["email"]);
        $joindate  =  date(Y-m-d);

        if(!empty($_POST["firstname"])) {
            $firstname = strip_tags($_POST["firstname"]);
        }
        else {
            $firstname = "";
        }
        if(!empty($_POST["lastname"])) {
            $lastname = strip_tags($_POST["lastname"]);
        }
        else {
            $lastname = "";
        }
        if($password!=$password2) {
            die("Your passwords don't match! Press your browsers back button to fix it.");
        }
        if(!strlen($username)> 21) {
            die("Your username is too long! Press your browsers back button to fix it.");
        }
        if(strlen($password)< 7) {
            die("Your password is too short! Press your browsers back button to fix it.");
        }
        else {
            mysqli_query($con,"INSERT INTO users(`username`,`password`,`email`,`joindate`,`firstname`,`lastname`) VALUES ('$username','$password','$email,'$date','$firstname','$lastname')");
        }
    }
?>

I made this script today and it all seems to be running apart from the mysqli_query at the end. It doesn't run it. When I entered the valid data, it did what it's supposed to do - refresh the page and clear the inputs.

BUT - it doesn't insert the data. The my_sqli connection is fine, but that certain command doesn't work, any ideas why?

Are you receiving any errors? It doesn't look like you are checking to see if the query was even successful. The online documentation is very handy for learning about RETURN values. http://us2.php.net/manual/en/mysqli.query.php — Rottingham, Jan 03 '14 at 19:29
You are not catching any errors that could tell you what is going wrong. http://stackoverflow.com/a/17053501/187606 — Pekka, Jan 03 '14 at 19:29
the easiest way is to add `or die(mysqli_error());` after `mysqli_query`, and see what it says — Samuel Cook, Jan 03 '14 at 19:30
Check the return value. Make sure your have autocommit is set to true, or if it is not, you are committing the transaction. — cyberconte, Jan 03 '14 at 19:31
I added a custom error message and it did it, but the mysqli_error doesn't do it. — user2999920, Jan 03 '14 at 19:33
The only thing I can think of is, you have `else {$firstname = "";` and others. If one of those are left empty, it's going to continue executing, so you should be doing a `die()` right there, and show an error message to fill in the empty fields. Otherwise, it's going to want to add an empty field to the DB where it might not want an empty field. — Funk Forty Niner, Jan 03 '14 at 19:36
Firstname and Lastname aren't required. If they don't type it, I want the field to be blank. — user2999920, Jan 03 '14 at 19:36
Plus another thing `if(isset($_POST["username"])) {` I'd change that to `if(isset($_POST["submit"])) {` in conjunction with a named submit button, since your POST variables are outside your conditional statement, will return FALSE. — Funk Forty Niner, Jan 03 '14 at 19:38
Try using `if(!empty($_POST["username"])) {` instead of `if(isset($_POST["username"])) {` see if that makes a difference. — Funk Forty Niner, Jan 03 '14 at 19:41
I just realized that, when I submit the form, it takes me to a page, like it's about to die something, but then doesn't. — user2999920, Jan 03 '14 at 19:43
Ok, I found the problem. Missing quote in `'$email` --- `'$email,'$date',` change to `'$email','$date',` and it should kick in. — Funk Forty Niner, Jan 03 '14 at 19:43
**By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.** Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and [this question](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has many examples in detail. — Andy Lester, Jan 03 '14 at 19:44

score 1 · Accepted Answer · answered Jan 03 '14 at 19:44

1

You have a missing quote in '$email --- '$email,'$date',

change to '$email','$date', and it should kick in.

mysqli_query($con,"INSERT INTO users(`username`,`password`,`email`,`joindate`,`firstname`,`lastname`) 
VALUES ('$username','$password','$email,'$date','$firstname','$lastname')");
                                       ^

Use:

mysqli_query($con,"INSERT INTO users(`username`,`password`,`email`,`joindate`,`firstname`,`lastname`) 
VALUES ('$username','$password','$email','$date','$firstname','$lastname')");

answered Jan 03 '14 at 19:44

Funk Forty Niner

74,372
15
66
132

Sadly, no. I'm going to requote my previous comment: I just realized that, when I submit the form, it takes me to a page, like it's about to die something, but then doesn't. – user2999920 Jan 03 '14 at 19:46
What's inside `require("../inc/header.inc.php")`? it is all `mysqli_` and not `mysql_` for DB I hope. You also need to check your column types. Maybe your date column isn't properly set. @user2999920 – Funk Forty Niner Jan 03 '14 at 19:49
Aha! I had the date set as a DATETIME. – user2999920 Jan 03 '14 at 19:51
Plus, are all your form inputs properly named? I.e.: `` etc.? @user2999920 I can't see anything else that could cause this. Letter-case also; `Username` is not the same as `username` etc. You need to double-check everything and no mismatches. – Funk Forty Niner Jan 03 '14 at 19:52
Ahh hah! Good, so that was it then. @user2999920 besides the missing quote for the email column. – Funk Forty Niner Jan 03 '14 at 19:52
You can close the question here if you want. @user2999920 since I commented on how your date column was set to. ;-) – Funk Forty Niner Jan 03 '14 at 19:53
Crap, another error: Warning: mysqli_query() expects parameter 1 to be mysqli, null given. – user2999920 Jan 03 '14 at 19:58
Are you sure you don't have anything that contains `mysql_` in your DB connection file? @user2999920 or you may have a field setting that is `NOT NULL` or `NULL` one or the other. – Funk Forty Niner Jan 03 '14 at 20:00
Ok, and you can trust that I won't use those but I did save it here. I noticed two weird characters at the end of your `db508947169‌..` that may be the problem. @user2999920 – Funk Forty Niner Jan 03 '14 at 20:04
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/44449/discussion-between-user2999920-and-fred-ii) – user2999920 Jan 03 '14 at 20:07

score 0 · Answer 2 · answered Jan 03 '14 at 19:52

0

Aha! I had the date in the database set as DATETIME.

answered Jan 03 '14 at 19:52

user2999920

277
1
2
11

mysqli insert - not executing

2 Answers2