尝试将表单值发送到数据库

i have a problem in sending my form values to mysql database i readed all other topics and i did what they wrote but i didn't get what i want please help me :(

        <?php
      $dbhost = "localhost";
      $dbuser = "root";
      $dbpass = "13838383";
      $dbname = "users";
      $connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
    ?>
    <?php
    include("../includes/functions.php");
    ?>
    <!DOCTYPE html>
    <html>
      <head>
        <link rel="stylesheet" href="../public/stylesheets/style.css" type="text/css">
        <title>Our WebPage</title>
      </head>
      <body>
        <center>
        <form action="input.php" method="post">
          <fieldset>
            <legend>Register</legend>
            <span>UserName: </span><br />
            <input type="text" name="username" placeholder="USERNAME"><br /><br />
            <span>PassWord: </span><br />
            <input type="text" name="lastname" placeholder="PASSWORD"><br /><br />
            <input type="button" name="submit" value="submit"><br /><br />
            <fieldset>
        </form>
        </center>
        <?php
        ?>
        <?php
          if (isset($_POST['submit'])) {
            $username = $_POST['username'];
            $password = $_POST['password'];
            $addUserQuery = "INSERT INTO users (username, password) VALUES ({$username}, {$password});";
            $added = mysqli_query($connection, $addUserQuery);
            if ($added) {
              echo '<br>Input data is successful';
            } else {
              echo '<br>Input data is not valid';
            }
          }
        ?>
      </body>
    </html>

and my problem is i don't know know what should i enter in action attribute in form tag thanks please help

Simply put, your variables aren't quoted, so your query is being turned into this (If someone submitted 1337user as the username, and P@ssw0rd as the password):

INSERT INTO users (username, password) VALUES (1337user, P@ssw0rd);

When it should be:

INSERT INTO users (username, password) VALUES ('1337user', 'P@ssw0rd');

Bind your variables instead: How can I prevent SQL injection in PHP?

if (isset($_POST['submit'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $addUserQuery = mysqli_prepare($connection, "INSERT INTO users (username, password) VALUES (?, ?)");
    mysqli_stmt_bind_param($addUserQuery, "ss", $username, $password);
    $added = mysqli_stmt_execute($addUserQuery);
    if ($added) {
      echo '<br>Input data is successful';
    } else {
      echo '<br>Input data is not valid';
    }
}