I'm making a secret diary website for mysql practice. I've set up 4 columns to accept an id, email, password, and diary entry. The id is the primary key and auto increments whenever I use a query to insert the $_POST['email']
and $_POST['password']
. I've successfully been able to add fake entries into the database so that isn't my issue. I'm following a video guide on how to do this and the instructor uses the method mysqli_real_escape_string()
with the POST variable inside before inserting into the database and whenever I use it, only blank text is entered into my database. Whenever I don't use that method, my query writes to my db successfully. Can anyone explain why this is?
I've implemented checks prior to the following php code to add to my $error variable if the user doesn't fill in a field or enters incorrect email format.
if (!empty($error)) {
$error = '<p><strong>There were error(s) in your sign-up:</strong></p>'.$error;
} else {
print_r($_POST);
//$emailInput = mysqli_real_escape_string($_POST['email']);
$emailInput = $_POST['email'];
//$passwordInput = mysqli_real_escape_string($_POST['password']);
$passwordInput = $_POST['password'];
$query = "INSERT INTO `users` (`email`, `password`) VALUES ('$emailInput', '$passwordInput')";
if($result = mysqli_query($link, $query)) {
echo "Sign Up Successful";
} else {
$error .= "<p>Could not sign you up - please try again</p>";
}
}
}