PHP and MySQL connection seems to be working, but table is not updating

Question

I'm using the following code to insert into a MySQL table. I have done some manual testing to determine the variables are all setting correctly. The code is executing the success statement and when I check Heroku logs, it gives status 200. Yet, when I check the table, nothing has been inserted. Can anyone identify an issue with the code, or direct me to where I may find an error message to help me fix it. Thanks.

else {
  $url = parse_url(getenv('CLEARDB_DATABASE_URL'));
  $server = $url['host'];
  $username = $url['user'];
  $password = $url['pass'];
  $db = substr($url['path'], 1);
     
  $conn = mysqli_connect($server, $username, $password, $db);

 $sql = sprintf("INSERT INTO messages (name, email, message) VALUES ('%s', '%s', '%s')",
  mysqli_real_escape_string($conn, $name),
  mysqli_real_escape_string($conn, $email),
  mysqli_real_escape_string($conn, $message));

  $result = mysqli_real_escape_string($conn, $sql);

  if (!$result) {
    echo 'an error occurred.';
  }

  else {
    $success = 'Thank you. Your submission was saved.';
  }
}

Answer 1

Your query has never been executed. You may want to use mysqli_query(...) to execute your SQL statements.

So this line:

$result = mysqli_real_escape_string($conn, $sql);

Should be:

$result = mysqli_query($conn, $sql);

Then it should work and update your table. To ensure your queries are safe, try to use prepared statements. Using mysqli_real_escape_string() is not enough to prevent SQL Injections.