Comments by School Shan (Top 5 by date)

Hmm I guess you are right with the there will always be someone hacking just for the lolz. But as I mentioned, I really just need to show the working website not a secure website.
However, from what you said, I am curious how people can hack something only available in my local network. Does local network mean like connected to the same wifi/internet connection?
Also, I know it is a good practice/habit to always write the 'real' secure codes, but at this moment with this project it will hurt me if it will take me too long to do so since due date.

That said, I do have a code from the tutorial I mentioned. Will this fix the problem I am having right now?

$sql = "INSERT INTO users2 (facId, name, username, password) VALUES (?, ?, ?, ?);";
$stmt = mysqli_stmt_init($conn);

if (!mysqli_stmt_prepare($stmt, $sql)) {
header("location: ../signup.php?error=stmtfailed");
exit();
}

mysqli_stmt_bind_param($stmt, "isss", $facid, $name, $username, $pwd);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
header("location: ../signup.php?error=none");
exit();

And other than pointing out that my code is not secure, do you have a solution to my problem?

I do see a lot of people conserned with SQL injection but from what I read it's what hackers/attackers do to extract data or something. I do understand that that is a big problem but for my use there will never be a hacker/attacker so is it still important for me to be concern about it? Is there other reason for me to be worry about it? Other than it is important for me to make a good practice or something. Because from a Youtube tutorial I followed to make it secure from SQL Injection, it makes the code longer and more complicated for me to understand what is happening.
This is only for my school project, I just need to show working website and that's it. It will never be published online. Well I won't and if someone from the school wants to use my code(which I highly doubt they ever will) then I think they can deal with making it more secure.

"UPDATE users2 SET name = \"$name\" WHERE userId = $userid;";
Thank you, this works for me and I will give the MySQL site a read.
For the name I understand that commas and spaces could be a problem but how about the error for the username? I only tried 4 alphabets like abcd or shan. The error message says something about column in 'field list'. What does that mean? \"$username\" makes it work as I wanted too but since it has the different error so I was curious.

The name column in my database is a varchar type and it is already holding full names of the faculty members with commas separating the last name, first name and I was able to add that data with my createUser() function which is almost identical to the updateFacName() function.
I have $name which is supposed to be a full real name and $username for the username like abc123.
Both of these are varchar type in my database and I have nothing that check if the input is a valid name/username or not.
I just tried editing a name as Shan Min but it still gives me error. Could the space be the error?
I didn't quite understand your first sentence. Where do I need to put the quotes? Quotes as in '' and/or "" , right?