MySQL&PHP - Invisible data? Wut?

Question

I´am trying to insert values into my MySQL from a form but it results in a white blank columns and nothing else in the table.

The first is manually inserted from SQL console:

My code:

<?php
$servername = "mysql1.000webhost.com";
$username = "a5287585_login";
$password = "********";
$dbname = "a5287585_login";
$nickname = $_POST['nickname'];
$pass = $_POST['password'];

// Vytvorenie pripojenia
$conn = new mysqli($servername, $username, $password, $dbname);

// Kontrola pripojenia
if ($conn->connect_error) 
{
   die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully ";

// Vloženie dát (Nick,ecc..)
$sql = "INSERT INTO UserDB (Name, Password) VALUES ('$nickname', '$pass')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

Thank you for every help.

EDIT Adding form

    <body background="IMG/login/bg.png" >
        <form method="POST" action="login.php">
        <center>
            <input type="image" name="submit" src="IMG/login/userimg.png" border="0" alt="Submit" id="button" />
        </center>
        <center>
            <p id="wcome">Welcome</p>
        </center>
        <center>    
            <div id="form"> 
                    <input id="nick" type="text" name="nickname" placeholder="   Nickname" />
                        <br>
                    <input id="pass" type="password" name="password" placeholder="    Password" />
                </form>
        </center>
            </div>

Answer 1

"are you using the form/PHP/SQL on the same page? – Fred -ii- 8 mins ago"
"I´m using form and PHP&MySQL on the same page. – Jediah 2 mins ago"

You're using your entire code inside the same page and is entering empty data immediately as the page is loaded.

You need to use conditional statements for it and checking if the POST arrays are not empty.

I.e.

if(!empty($_POST['nickname']) && !empty($_POST['password']) )
{ execute the insert and/or place your variables/POST arrays here }

Edit (example rewrite)

First, remove the following from where you have it now, and placed inside the conditional statements.

$nickname = $_POST['nickname'];
$pass = $_POST['password'];

and use:

if(!empty($_POST['nickname']) && !empty($_POST['password']) )
{

   $nickname = $_POST['nickname'];
   $pass = $_POST['password'];

   $sql = "INSERT INTO UserDB (Name, Password) VALUES ('$nickname', '$pass')";

       if ($conn->query($sql) === TRUE) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }

}

Plus, it would be beneficial if you were to ALTER your columns in order not to accept NULL/Empty values.

Then using error handling on the query.

Now, if your data contains characters that MySQL may be complaining about, such as apostrophes and for example John's Bar & Grill, then you will need to escape your data; something you should be doing in any event.

Sidenote: This <input type="image"... may also be failing you. Use a type="submit" as an input.

I.e.: <input type="submit" name="submit" value="Submit">

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

---

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

---

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

• CRYPT_BLOWFISH
• crypt()
• bcrypt()
• scrypt()
• On OPENWALL
• PBKDF2
• PBKDF2 on PHP.net
• PHP 5.5's password_hash() function.
• Compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/

Other links:

• PBKDF2 For PHP