Turning on PHP error reporting would have helped:
$character = $_POST[character]; // -----------^--------^
$character = $_POST['character'];
Also, inserting a variable directly into your query is a very bad practice and makes your site vulnerable to SQL injection. Always treat user input with care!
$sql = mysqli_real_escape_string($con, $sql);
Hope this helps!