Your cleaned up code, such as it is:
<label>Title</label
<input class="form-control" type="text" name="title";
<label>Аuthor</label>
<input class="form-control" type="text" name="author">
<br>
<div style="padding-left: 10px;">
<button type="submit" name="save">save</button>
</div>
<?php
include 'config.php';
if(isset($_POST['save']))
{
if($link->connect_error)
{
die('Connect failed: '.$link->connect_error);
}
else
{
$stmt = $link->prepare("insert into user_books(user_name_books, user_name_author, user_year, user_ISBAN) value(?, ?, ?, ?)");
$stmt->bind_param("ssss", $title, $author, $year, $isban);
$execval = $stmt->execute();
if(!isset($title) || trim($title) == '')
{
echo 'You did not fill out the required fields title';
}
else
{
if(!isset($author) || trim($author) == '')
{
echo " You did not fill out the required fields author";
}
else
{
if(!isset($year) || trim($year) == '')
{
echo 'You did not fill out the required fields year';
}
else
{
if(!isset($isban) || trim($isban)=='')
{
echo 'You did not fill out the required fields isban';
}
else
{
header("Location: homeUserFinish.php");
}
}
You are showing us how you are handling the received POST data. The only thing is where do all of the fields you are editing come from since you don't show us?
It seems that if you don't have any POST data you don't do any of these checks so that is one hole. And since you are asking about the 'save' process, it would be helpful if you showed us THAT code from your other script instead of this one.