Write to MYSQL table not working

Question

I am trying to write to a MySQL Database / Table with the following code - but for some reason it just won't write! I've changed the "INSERT INTO" line quite a few times, trying different things each time - no luck!!!

The DBsettings.php contains variables with the MySQL connection info - which worked for creating the tables and setting the column types and stuff. For your information, it is running the main code (there are no errors with the user info entered), and echoing "Awesome! No errors!", so I'm not too sure what's not working - the MySQL checking line is saying that I'm able to connect properly... Can someone look over my code?

The PasswordHash.php file contains code for hashing and salting passwords - nothing to see here, got it from another site, no errors at all.

I know I'm not 'cleansing' the MySQL code for more security...

---

    if($error == null){
    include('DBsettings.php');
    $connect = mysqli_connect($dbserver, $dbuser, $dbpass, $dbname);
    if (mysqli_connect_errno()) {
        echo 'Failed to connect to MySQL Database! Error: '.mysqli_connect_error();
    } else {
    include('PasswordHash.php');
    $passinfo = explode(':', create_hash($password));
        $addinfo = "INSERT INTO {$dbprefix}Users (Email, Displayname, Registered, Rank, Status, Password, Salt) VALUES ('{$email}', '{$displayname}', '{date('Y\/m\/d')}', 9999, 1, '{$passinfo[3]}', '{$passinfo[2]}')";

    /* format: algorithm:iterations:salt:hash */
    mysqli_query($connect, $addinfo);
    mysqli_close($connect);
    echo 'Salt: '.$passinfo[2];
    echo '<br>Hash: '.$passinfo[3];
    echo '<br>Awesome! No Errors!';
    }
} else {
    echo $error;
}

---

That's the code in question - I've tried adding;

error_reporting(E_ALL);
ini_set('display_errors', '1');

But all that reveals is undefined localhost errors in my DBsettings.php file - and the file worked when I created the MySQL DB tables, so I don't really have that as a priority.

Thanks!

Answer 1

If you echo your query, you will notice this issue. Following is your final query

INSERT INTO Users (Email, Displayname, Registered, Rank,Status, Password, Salt) 
VALUES ('', '', '{date('Y\/m\/d')}', 9999, 1, '', '')

Notice that your date was not interpolated like you expected it to, and i'm sure if you have that field in MySQL set as a datetime field, it wont accept that value {date('Y\/m\/d')}, Move the date function call outside the string.

Plus you are not getting any error after the query execution because you are simply not checking for one. One example how to check for that can be

if (!mysqli_query($connect, $addinfo)) {
    printf("Error: %s\n", mysqli_error($connect));
}

Answer 2

I saw your INSERT query contains this '{date('Y/m/d')}' ,maybe the single quotes has conflict,You'd better escaping the date('Y/m/d') statement's single quotes.