Introduction
When users submit data from a website (like registration forms, contact forms, or feedback forms), that information needs to be stored somewhere. MySQL is commonly used to store such data in tables, and PHP is used to send the form data to the database.
By inserting data into MySQL using PHP, you can save user inputs, manage records, and build dynamic features such as user accounts, admin panels, and content management systems.
In this lesson, we’ll learn how to insert data into MySQL using PHP.
Prerequisites
Before inserting data, make sure:
- Database and table are created
- PHP–MySQL connection is working
- A table exists (example:
users)
Example table structure:
| id | name |
|---|
Basic SQL INSERT Query
INSERT INTO users (name, email) VALUES ('John', 'john@email.com');
PHP executes this query using mysqli.
Insert Data Using PHP (mysqli)
Example
<?php
include "db.php";
$name = "John";
$email = "john@email.com";
$sql = "INSERT INTO users (name, email) VALUES ('$name', '$email')";
if (mysqli_query($conn, $sql)) {
echo "Data inserted successfully";
} else {
echo "Error: " . mysqli_error($conn);
}
?>
Explanation
$sql→ SQL insert statementmysqli_query()→ Executes the query- Data is saved in the database table
Insert Data Using HTML Form
HTML Form
<form method="post">
<input type="text" name="name" placeholder="Name">
<input type="email" name="email" placeholder="Email">
<button type="submit">Submit</button>
</form>
PHP Code
<?php
include "db.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST["name"];
$email = $_POST["email"];
$sql = "INSERT INTO users (name, email) VALUES ('$name', '$email')";
mysqli_query($conn, $sql);
}
?>
Security Note: Prevent SQL Injection
Directly inserting user input into SQL queries can be risky. Malicious users can try to inject harmful SQL code into form fields.
To prevent this, prepared statements should be used. Prepared statements separate SQL logic from user input, making your application more secure.
You can mention that prepared statements are a best practice and link to your detailed tutorial on SQL Injection prevention in PHP.
Practical Use Cases
In real projects, inserting data is used in many situations, such as:
- Saving user registration details
- Storing contact form messages
- Adding products in an admin panel
- Recording student information in a database
This concept forms the foundation of most dynamic websites and web applications.
Checking Inserted Data
You can verify inserted records using:
- phpMyAdmin → Browse table
- SELECT query
- Display data in PHP (next lesson)
Common Mistakes to Avoid
- Not validating form data
- Forgetting database connection
- Using wrong table or column names
- Directly inserting user input (security risk)
- Trying to insert empty values
- Using wrong data types for columns
- Not handling errors properly
Security Warning ⚠️
This method is for learning purposes only.
Direct insertion like this is vulnerable to SQL Injection.
We will fix this using Prepared Statements in a later lesson.
Best Practices
- Always validate and sanitize input
- Use prepared statements
- Handle errors properly
🧪 Practical Tasks (Add This Section)
Practical Task 1
Create a simple HTML form to collect a user’s name and email, then insert this data into a MySQL table using PHP.
Practical Task 2
Design a table for storing student details and insert multiple student records into the database using PHP.
Practical Task 3
Create a basic feedback form and store submitted messages into a MySQL table for later use in an admin panel.
Practical Task 4
Insert product information such as product name and price into a database table using PHP.
Summary
- PHP can insert data into MySQL using mysqli
- INSERT queries are used to add records
- Forms are commonly used for data input
- Security must be handled properly
In the next tutorial, we’ll learn about Fetch Data from MySQL using PHP.