|If the user can have any influence over the
id session variables, or the content of the
navn column, then your queries will be vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
If they can influence the
navn column, there's also a danger of a persisted cross-site scripting vulnerability, since you don't properly encode the output.
Cross Site Scripting (XSS) | OWASP[^]
Beyond that, you're setting the
shoes column to the
$getSko variable, which is the object returned by your
mysql_query call. I suspect you wanted to set it to the
$_POST['sko'] value instead.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."