Click here to Skip to main content
15,922,650 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
ill send a copy of my form and "insert.php"

here is my form

<pre><!DOCTYPE html>
<html lang="en">
    <meta charset="UTF-8">
    <title>Opprett Sivilkarakter!</title>
    <link rel="stylesheet" href="">
    <style type="text/css">
            width: 500px;
            margin: 0 auto;
    <div class="wrapper">
        <div class="container-fluid">
            <div class="row">
                <div class="col-md-12">
                    <div class="page-header">
                        <h2>Opprett Sivilkarakter!</h2>
                    <p>Alle felt MÅ fylles ut for at din karakter skal bli lagret!</p>
                    <form action="insert.php" method="post">
                        <div class="form-group">
                            <input type="text" name="fnavn" class="form-control">
                        <div class="form-group">
                            <input type="text" name="enavn" class="form-control">
                        <div class="form-group">
                            <label>Personnummer (11 siffer)</label>
                            <input type="text" name="personnr" class="form-control">
                        <div class="form-group">
                            <input type="text" name="kjonn" class="form-control">
                        <div class="form-group">
                            <input type="text" name="horfarge" class="form-control">
                        <div class="form-group">
                            <input type="text" name="oyefarge" class="form-control">
                        <div class="form-group">
                            <input type="text" name="hoyde" class="form-control">
                        <div class="form-group">
                            <input type="checkbox" id="am146" name="am146" value="am146">
                            <label for="vehicle1"> Klasse AM 146</label><br>
                            <input type="checkbox" id="kb" name="kb" value="kb">
                            <label for="vehicle2"> Klasse B</label><br>
                            <input type="checkbox" id="be" name="be" value="be">
                            <label for="vehicle3"> Klasse BE</label><br>
                            <input type="checkbox" id="kc" name="kc" value="kc">
                            <label for="vehicle1"> Klasse C</label><br>
                            <input type="checkbox" id="ce" name="ce" value="ce">
                            <label for="vehicle1"> Klasse CE</label><br>
                            <input type="checkbox" id="kt" name="kt" value="kt">
                            <label for="vehicle1"> Klasse T</label><br>
                            <input type="checkbox" id="ks" name="ks" value="ks">
                            <label for="vehicle1"> Klasse S</label><br>
                            <input type="checkbox" id="c1" name="c1" value="c1">
                            <label for="vehicle1"> Klasse C1</label><br>
                            <input type="checkbox" id="kd" name="kd" value="kd">
                            <label for="vehicle1"> Klasse D</label><br>
                            <input type="checkbox" id="ka" name="ka" value="ka">
                            <label for="vehicle1"> Klasse A</label><br>
                         <div class="form-group">
                            <label>Ditt Tjenestenummer (ex A123)</label>
                            <input type="text" name="tj" class="form-control">
                        <input type="submit" class="btn btn-primary" name="submit" value="Registrer Karakter">

include_once 'db.php';
    $fnavn = $_POST['fnavn'];
    $enavn = $_POST['enavn'];
    $personnr = $_POST['personnr'];
    $kjonn = $_POST['kjonn'];
    $horfarge = $_POST['horfarge'];
    $oyefarge = $_POST['oyefarge'];
    $hoyde = $_POST['hoyde'];
    $am146 = $_POST['am146'];
    $kb = $_POST['kb'];
    $be = $_POST['be'];
    $kc = $_POST['kc'];
    $ce = $_POST['ce'];
    $kt = $_POST['kt'];
    $ks = $_POST['ks'];
    $c1 = $_POST['c1'];
    $kd = $_POST['kd'];
    $ka = $_POST['ka']; 
    $tj = $_POST['tj']; 
     $sql = "INSERT INTO users (fnavn, enavn, personnr, kjonn, horfarge, oyefarge, hoyde, am146, kb, be, kc, ce, kt, ks, c1, kd, ka, tj) VALUES ($fnavn,$enavn,$personnr,$kjonn,$horfarge,$oyefarge,$hoyde,$am146,$kb,$be,$kc,$ce,$kt,$ks,$c1,$kd,$ka,$tj)";
     if (mysqli_query($conn, $sql)) {
        echo "Du har nå registrert din karakter!";
     } else {
        echo "Error: " . $sql . ":-" . mysqli_error($conn);

What I have tried:

im trying to make my form insert data into my database, but i keep getting a error, the database is connected, and tested before i developed a complete form, anyone see why i get a error?  PS:  i just started learning coding. 
Updated 2-Feb-21 6:54am
oLiontas 2-Feb-21 12:34pm    
Could you post the error message?

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

Fix that vulnerability, and you will also fix this error message.
Share this answer
To help explain what Richard has - rightly - said: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Share this answer
Please check error text as this might help to fix the issue. The fact that there is "an error" is informative but the error text is still more informative ...
Share this answer
Try for your string php variables to set like this (wrap variables into brackets):
$sql = " INSERT INTO users (fnavn, enavn, personnr, kjonn ) VALUES ({$fnavn},{$enavn},{$personnr},{$kjonn}) ";
Share this answer
Richard Deeming 3-Feb-21 5:54am    
That won't fix the problem, and the code will still be vulnerable to SQL Injection[^].

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900