0

My problem is that upon loading this code the problem in the title ocours. What is causing this problem? I have spent a lot of time trying to solve it now and i am going nuts. I'm trying to do a simple insertion of input data into my database named 'kurv'. My connection to the database seems to be set up fine.

<form method='POST' action=''>

    Firstname:<input type='text' name='fornavn'><br>
    Lastname:<input type='text' name='efternavn'><br>
    <button>Insert</button>

</form>

<?php

$fornavn = $_POST['fornavn'];
$efternavn = $_POST['efternavn'];

$sql = "INSERT INTO kurv (fornavn, efternavn)
VALUES('$fornavn', '$efternavn')";

if ($conn->query($sql) === TRUE) {
    echo 'New record created successfully';
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

?>

The error in the title is raised on line 12 (First echo in if statement).

Please help

Shadow
  • 33,525
  • 10
  • 51
  • 64
Lau Falke Gammeljord Petersen
  • 13
  • 4
  • 1
    What did you input in the field? The code works fine without any errors on my machine – DZDomi Dec 13 '16 at 21:44
  • 1
    There are a lot of problems (unsafe/ outdated) with your code. With queries, use prepared statements (google), as for your current problem what line is the issue? – Evan Carslake Dec 13 '16 at 21:45
  • @DZDomi I don't have the option to input data since nothing appears other than the error code... – Lau Falke Gammeljord Petersen Dec 13 '16 at 21:49
  • Try using double quotation marks, instead of single. I haven't used PHP in ages, but I would try that first, if not, start commenting out code until it works, and you will find the root of the problem (open brace maybe) – Evan Carslake Dec 13 '16 at 21:49
  • `$conn` is not defined anywhere in your code. – Shadow Dec 13 '16 at 21:51
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Dec 13 '16 at 21:51
  • 1
    I don't get a parse error when I try your code. Either you haven't copied it exactly, or the problem is with something before the code you pasted. – Barmar Dec 13 '16 at 21:53

0 Answers0