having problems making a program with PHP

Question

I created two forms, one is registration form the other is picking the dates the user will come and leave. I called the user's username in the 2nd page.. and although i receive it, i get a message "error" and nothing gets updated on my database. Here is my 2nd page file.. What am i doing wrong?

<?php
session_start();
$EntryError=$ExitError="";
    if (isset($_POST['submit'])){
        $entrydate = $exitdate = "";
        $errorOccured = false;

        if (isset($_POST['tsmdate'])){
            $entrydate = trim($_POST['tsmdate']);
            if (strlen($entrydate) == 0){
                $EntryError = "date is missing";
                $errorOccured = true;
            }
        }
        else{
            $EntryError = "date is missing";
        }

        // checking for last name
        if (isset($_POST['tsmexit'])){
            $exitdate = trim($_POST['tsmexit']);
            if (strlen($exitdate) == 0){
                $ExitError = "First Name is missing";
                $errorOccured = true;
            }
        }
        else{
            $ExitError = "last Name is missing";
        }
        $ids=$_SESSION['tsmUserName'];
        var_dump($_SESSION);
        if(!$errorOccured){
            require_once("connection.php");
            $my_query="INSERT INTO timing (No, Entry Date and Time, Exit Date and Time, user_id) VALUES (NULL,'$EntryError','$exitdate','$ids')";
            $result=mysqli_query($connection,$my_query);
            if($result)
            {
                echo 'thank you';
            }
            else
            {
                echo 'error';
            }
            mysqli_close($connection);
        }
    }   
?>
<html>
<head>
</head>
<body>
<form name="dates" id="dates" method="POST" action="">
<table cellpadding="5" border="0" width="100%">
            <tr>
                <td colspan="3" align="center">
                <h1> select dates </h1>
                </td>
            </tr>

        <tr>
                <td width="30%" align="right">
                    <label for="tsmdate">Entry date and time</label>
                </td>
                <td align="left">
                    <input type="text" name="tsmdate" id="tsmdate" required="required">
                </td>
        </tr>
        <tr>
            <td width="30%" align="right">
                    <label for="tsmexit">Exit date and time</label>
                </td>
                <td align="left">
                    <input type="text" name="tsmexit" id="tsmexit" required="required">
                </td>
        </tr>

        <tr>
                <td colspan="2" align="center">
                    <input type="submit" name="submit" value="dates">
                </td>
            </tr>
        </table>
</form>
</body>
</html>

Answer 1

Change INSERT query to this

$my_query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL,'$EntryError','$exitdate','$ids')";

Make sure if any database field name has space in name, then it should be within ` (back tic)

Answer 2

Your insert query isn't a valid query because of the spaces in your column names, I suggest your change the spaces into '_' characters so you won't walk into more trouble. If you like to keep the spaces you have to escape the column names with the "`" character.

Example

$query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL, '$EntryError', '$exitdate', '$ids')";

Your form is very vulnerable to SQL injection, to prevent this you have to escape your variables with the mysqli::real_escape_string function.

Example

$EntryError = mysqli_real_escape_string($connection, $EntryError);
$exitdate = mysqli_real_escape_string($connection, $exitdate);
$query="INSERT INTO timing (`No`, `Entry Date and Time`, `Exit Date and Time`, `user_id`) VALUES (NULL, '$EntryError', '$exitdate', '$ids')";