Unable to insert data into MySQL database using PHP

Question

I am unable to insert data into MySQL database. I do not know the reason since no error is triggered. I am using XAMPP on windows to run local server. Here is the code. It would be great if someone could help.

I am always getting "Values not inserted" output. I also tried printing the $query when I got exact values I entered through a form in the VALUES ('$email', ...) part of the SQL query.

<?php


$dbconnect = mysqli_connect("localhost","root","","id3626001_login_details");

if (!$dbconnect) 
{
    die("Connection Failed" .mysqli_connect_error());
}

if (!mysqli_select_db($dbconnect, "id3626001_login_details"))
{
    echo "Could not connect to Database";
}

if (isset($_REQUEST['username']) && ($_SERVER["REQUEST_METHOD"] == "POST")){

$username = $_REQUEST['username'];
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];

// Inserting values into the database through a query
$query = "INSERT INTO user_registration (ID, email, username, password) VALUES ('$email', $username', '".md5($password)."')";

if (!mysqli_query($dbconnect, $query))
{   
    echo "Values not inserted";     
}

$result = mysqli_query($dbconnect, $query);

if($result){
    echo "Registration Successful";
    }
}
?>

Answer 1

there is a problem in your query,

1) your column counts and count of values you are passing are not the same (must be same

2) you forgot to put ' (quote befor $username' )

change your query to

// Inserting values into the database through a query

$query = "INSERT INTO user_registration ( email, username, password) VALUES ('$email', '$username', '".md5($password)."')";

When you are testing you should not only print only query, you should also copy that query and run it directly into database through [(localhost/phpmyadmin)> select your databse > SQL ] and see what error are displaying there when firing a query.

UPDATE

for @Akintunde 's suggestion

for security concerns you should not be using these kind of insertion methods which is fully open to SQL injections you must follow some rule to avoid to get your script being target of sql injection

use Prepared Statements instead for database operations

Answer 2

Here in your query you forgot to put upper quote ' -> $username' ,

$query = "INSERT INTO user_registration (email, username, password) VALUES ('$email', '$username', '".md5($password)."')";

Here we are not passing Id as a param so you need to make id auto increment in database for that table.

and why are to passing your query twice into mysqli_query() you can check for once like,

$result = mysqli_query($dbconnect, $query);
if ($result)
{   
  echo "Registration Successful";
}
else{
  echo "Values not inserted"; 
}