[SOLVED] I need help here.. About validation in this form..

[jsmknow]

Iam making a login on my homepage and its going fine in some ways..

its a login that connect to my mysql database, so I want it to be safe..

 

But i got a problem... If you dont type anything in the form it just goes on to a member page for a member that doesnt exist..

Can any here plx help me, tell me how to make it so it tells if you havent typed anything and just stay on that page..?

 

here the piece of code that i know is about that problem..

 

 

/////////////////////

 

  function PWT()

  {

    $afsender=$_POST['afsender'];

    $navn=$_POST['navn'];

 

    if ($afsender=="index")

    {

      $password=$_POST['kodeord'];

      if ($navn=="Admin")

      {

        if ($password=="knowhq") return $navn;

      }

      else

    {

        $query="SELECT kodeord,besog FROM indianer WHERE indianernavn='$navn'";

        $ud=mysql_query($query);

        $data = @mysql_fetch_row($ud);

        $kodeord=$data[0];

        $besog=$data[1];       

        if ($password==$kodeord)

        {

          $besog=$besog+1;

          $query="UPDATE indianer

                  SET besog=$besog

                  WHERE indianernavn='$navn'";

          mysql_query($query);

          return $navn;

      }

  }

     

      return "/passwordfejl";

    }

 

/////////////////////

[ohdang888]

your login is very unsafe. you need to prevent injections...

 

$afsender= mysql_real_escape_string($_POST['afsender']);

$navn=mysql_real_escape_string($_POST['navn']);

 

 

to check to see if its empty:

 

if(empty($navn) or empty($afsender)){

echo "You must type something";

die();

}

 

EDIT:

 

if you want it so that they can't press submit until they've typed something, you've got use to javascript

 

 

 

[jsmknow]

But where do i have to put that piece that check? in the end or?

[ohdang888]

put that in the very beginning