Kryllster Posted July 21, 2010 Share Posted July 21, 2010 Here is my code: <?php // Define form variables and checks $message = "Please do NOT leave any fields empty Thank You!!"; // Start the process of creation $skillname = $_POST['skillname']; $class = $_POST['class']; $type = $_POST['type']; $description = $_POST['description']; $name = $_POST['name']; if ( empty($_POST['skillname']) || empty($_POST['class']) || empty($_POST['type']) || empty($_POST['description']) || empty($_POST['name']) ) { echo $message; exit(); } // connection to database info here include('../database/dbconn.php'); // Test for duplicate Username. If True then back to form. If not continue. $sql = "select * from $tbl_name where skillname='" . $_POST['skillname'] . "'"; $result = mysql_query($sql); if (mysql_num_rows($result) >= 1) { echo "That Skillname is already taken please choose another!"; exit(); } else{ // Populate table from form and defined info mysql_query("INSERT INTO $tbl_name (skillname, class, type, description, name) Values ('$skillname','$class','$type','$description','$name')"); } // Direct on Creation Success header("Location:skillsuccess.html"); ?> Any hints, tips or direction is appreciated. Link to comment https://forums.phpfreaks.com/topic/208482-how-would-i-make-this-more-secure/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.