Click here to Skip to main content
15,881,089 members
Search within:


You have an error in your SQL syntax;
Please Sign up or sign in to vote.
1.00/5 (1 vote)
ill send a copy of my form and "insert.php"

here is my form


HTML
<pre><!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Opprett Sivilkarakter!</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
        .wrapper{
            width: 500px;
            margin: 0 auto;
        }
    </style>
    </head>
<body>
    <div class="wrapper">
        <div class="container-fluid">
            <div class="row">
                <div class="col-md-12">
                    <div class="page-header">
                        <h2>Opprett Sivilkarakter!</h2>
                    </div>
                    <p>Alle felt MÅ fylles ut for at din karakter skal bli lagret!</p>
                    <form action="insert.php" method="post">
                        <div class="form-group">
                            <label>Fornavn</label>
                            <input type="text" name="fnavn" class="form-control">
                        </div>
                        <div class="form-group">
                            <label>Etternavn</label>
                            <input type="text" name="enavn" class="form-control">
                        </div>
                        <div class="form-group">
                            <label>Personnummer (11 siffer)</label>
                            <input type="text" name="personnr" class="form-control">
                        </div>
                        <div class="form-group">
                            <label>Kjønn</label>
                            <input type="text" name="kjonn" class="form-control">
                        </div>
                        <div class="form-group">
                            <label>Hårfarge</label>
                            <input type="text" name="horfarge" class="form-control">
                        </div>
                        <div class="form-group">
                            <label>Øyefarge</label>
                            <input type="text" name="oyefarge" class="form-control">
                        </div>
                        <div class="form-group">
                            <label>Høyde</label>
                            <input type="text" name="hoyde" class="form-control">
                        </div>
                        <div class="form-group">
                            <label>Førerkort</label><br>
                            <input type="checkbox" id="am146" name="am146" value="am146">
                            <label for="vehicle1"> Klasse AM 146</label><br>
                            <input type="checkbox" id="kb" name="kb" value="kb">
                            <label for="vehicle2"> Klasse B</label><br>
                            <input type="checkbox" id="be" name="be" value="be">
                            <label for="vehicle3"> Klasse BE</label><br>
                            <input type="checkbox" id="kc" name="kc" value="kc">
                            <label for="vehicle1"> Klasse C</label><br>
                            <input type="checkbox" id="ce" name="ce" value="ce">
                            <label for="vehicle1"> Klasse CE</label><br>
                            <input type="checkbox" id="kt" name="kt" value="kt">
                            <label for="vehicle1"> Klasse T</label><br>
                            <input type="checkbox" id="ks" name="ks" value="ks">
                            <label for="vehicle1"> Klasse S</label><br>
                            <input type="checkbox" id="c1" name="c1" value="c1">
                            <label for="vehicle1"> Klasse C1</label><br>
                            <input type="checkbox" id="kd" name="kd" value="kd">
                            <label for="vehicle1"> Klasse D</label><br>
                            <input type="checkbox" id="ka" name="ka" value="ka">
                            <label for="vehicle1"> Klasse A</label><br>
                        </div>
                        
                         <div class="form-group">
                            <label>Ditt Tjenestenummer (ex A123)</label>
                            <input type="text" name="tj" class="form-control">
                        </div>
                        
                        <input type="submit" class="btn btn-primary" name="submit" value="Registrer Karakter">
                               </form>
                        </div>
                        </div>
                        </div>
                        </div>
                        </body>
                        </html>


PHP
<pre><?php
include_once 'db.php';
if(isset($_POST['submit']))
{    
    $fnavn = $_POST['fnavn'];
    $enavn = $_POST['enavn'];
    $personnr = $_POST['personnr'];
    $kjonn = $_POST['kjonn'];
    $horfarge = $_POST['horfarge'];
    $oyefarge = $_POST['oyefarge'];
    $hoyde = $_POST['hoyde'];
    $am146 = $_POST['am146'];
    $kb = $_POST['kb'];
    $be = $_POST['be'];
    $kc = $_POST['kc'];
    $ce = $_POST['ce'];
    $kt = $_POST['kt'];
    $ks = $_POST['ks'];
    $c1 = $_POST['c1'];
    $kd = $_POST['kd'];
    $ka = $_POST['ka']; 
    $tj = $_POST['tj']; 
     $sql = "INSERT INTO users (fnavn, enavn, personnr, kjonn, horfarge, oyefarge, hoyde, am146, kb, be, kc, ce, kt, ks, c1, kd, ka, tj) VALUES ($fnavn,$enavn,$personnr,$kjonn,$horfarge,$oyefarge,$hoyde,$am146,$kb,$be,$kc,$ce,$kt,$ks,$c1,$kd,$ka,$tj)";
     if (mysqli_query($conn, $sql)) {
        echo "Du har nå registrert din karakter!";
     } else {
        echo "Error: " . $sql . ":-" . mysqli_error($conn);
     }
     mysqli_close($conn);
}
?>


What I have tried:

im trying to make my form insert data into my database, but i keep getting a error, the database is connected, and tested before i developed a complete form, anyone see why i get a error?  PS:  i just started learning coding.
Posted
Updated 2-Feb-21 6:54am
Add a Solution
Comments
oLiontas 2-Feb-21 12:34pm    
Could you post the error message?

4 solutions

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

Fix that vulnerability, and you will also fix this error message.
 
Share this answer
 
Posted
To help explain what Richard has - rightly - said: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
 
Share this answer
 
Posted
Please check error text as this might help to fix the issue. The fact that there is "an error" is informative but the error text is still more informative ...
BR
 
Share this answer
 
Posted
Try for your string php variables to set like this (wrap variables into brackets):
SQL
$sql = " INSERT INTO users (fnavn, enavn, personnr, kjonn ) VALUES ({$fnavn},{$enavn},{$personnr},{$kjonn}) ";
 
Share this answer
 
Posted
Comments
Richard Deeming 3-Feb-21 5:54am    
That won't fix the problem, and the code will still be vulnerable to SQL Injection[^].
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
It say's you have an error in your SQL syntax
You have an error in your SQL syntax; check the manual that corresponds to your mariadb server version for the right syntax to use near .. At line 1
I have an error in the SQL syntax that says
Sql query issue "you have an error in your SQL syntax; check the manual that corresponds to your mysql server version for the right syntax"
You have an error in your SQL syntax; check the manual that corresponds to your mariadb server
Problem with wordpress database error: [you have an error in your SQL syntax;
Fatal error: uncaught mysqli_SQL_exception: you have an error in your SQL syntax;
Sql query syntax error
Fatal error: uncaught mysqli_SQL_exception: you have an error in your SQL syntax; check the manual that corresponds to your mariadb server version
You have an error in your SQL syntax; check the manual that corresponds to your mysql server

Advertise
Privacy
Cookies
Terms of Use
Last Updated 2 Feb 2021
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900