My insert code stop working

MySQL database
#1

I have created a simple mysql database with php code and I put it on server using on server phpmyadmin .
I added an insert button and everything was ok.But then the code stop working without no reason.
Here the URL of my database site: mathcalc.appleschat.com
Here the insertion code

    <?php
 include "connectToDB.php";

 function mksafe($data){
     $data=trim($data);
     $data=strip_tags($data);
     $data=htmlspecialchars($data);
     $data=addslashes( $data);
     return $data

 }
   $value1 = mksafe($_POST['fname']);
   $value2 = mksafe($_POST['lname']);
   $value3 = mksafe($_POST['email']);
   $date = date('Y-m-d');
$sql = "INSERT INTO users (firstname, lastname, email,reg_date)
values( '$value1', '$value2', '$value3','$date')";

if ($conn->query($sql) === TRUE) {
    header("Refresh:0; url=index.php");
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>

Thanks in advance any help will be appreciated.

#2

Every bit of this code is bad.

I would suggest you use PDO with prepared statements. Here is a good tutorial to get you going.

https://phpdelusions.net/pdo

#3

Do you mean to modify it to become like this ? but it still not working

    <?php
$servername = "localhost:3306";
$username = "applesch";
$password = "F16Q45f16q45@";
$dbname = "applesChatdb";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    function mksafe($data){
     $data=trim($data);
     $data=strip_tags($data);
     $data=htmlspecialchars($data);
     $data=addslashes( $data);
     return $data

 }
   $value1 = mksafe($_POST['fname']);
   $value2 = mksafe($_POST['lname']);
   $value3 = mksafe($_POST['email']);
   $date = date('Y-m-d');
    $sql = "INSERT INTO MyGuests (firstname, lastname, email,reg_date)
values( '$value1', '$value2', '$value3','$date')";
    // use exec() because no results are returned
    $conn->exec($sql);
    echo "New record created successfully";
    }
catch(PDOException $e)
    {
    echo $sql . "<br>" . $e->getMessage();
    }

$conn = null;
?>
#4

No! Go back to the link I gave you and study the page.

For one, get rid of that 1990s junk function and use Prepared Statements. NEVER EVER put variables in a query.

#5

Sorry but I couldn’t figure it out.
Could you please write it to me and I’ll be appreciated foryour great help ?

#6

Hello
Any help please…

Sponsor our Newsletter | Privacy Policy | Terms of Service