Code: Select all
andCode: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
i found out that my small web application allow empty field on adding new user from Admin....how to disallow this based on my code below? thanks
************user_add.php***********************Code: Select all
<? include('authenticate.php'); ?>
<html>
<head>
<title>Administrator - Add User</title>
<head>
<body>
<table width = 780>
<tr>
<td width = 20% valign = top><?include('leftbar.php');?></td>
<td width = 80% align = center valign = top>
<font>Add User</font>
<form name = "UserAdd" action = "user_add_response.php" method = "post">
<table>
<tr>
<td>Username:</td>
<td><input type = text name = User size = 30 maxlength = 50></td>
</tr>
<tr>
<td>Password:</td>
<td><input type = password name = Pass size = 30 maxlength = 50></td>
</tr>
<tr>
<td>Name:</td>
<td><input type = text name = Name size = 30 maxlength = 50></td>
</tr>
<tr>
<td>Access Level:</td>
<td><input type = text name = Level size = 10 maxlength = 3></td>
</tr>
<tr>
<td><input type = submit value = 'Add'></td>
<td><input type = reset value = 'Clear'></td>
</tr>
</table>
</form>
</table>
</body>
</html>Code: Select all
<?
include('connection.php');
$Username = $_REQUEST['User'];
$Password = $_REQUEST['Pass'];
$Name = $_REQUEST['Name'];
$Level = $_REQUEST['Level'];
$sql = "select * from TBLLogin where LoginUsername ='$Username'";
$result = mysql_query($sql, $db);
$num_row = mysql_num_rows($result);
if($num_row !== 0)
{
echo "
<script type='text/javascript'>
alert('Username exists!!');
document.location='user_add.php';
</script>
";
}
else
{
$Password = md5($Password);
$sqlInsert = "insert into TBLLogin (LoginUsername, LoginPassword, LoginClass, Name, LoginStatus) values ('$Username', '$Password', '$Level', '$Name', '2')";
$resultInsert = mysql_query($sqlInsert, $db);
if ($resultInsert)
{
echo "
<script type='text/javascript'>
alert('Record added successfully!!');
document.location='user_add.php';
</script>
";
}
else
{
echo "
<script type='text/javascript'>
alert('Record added failed!!');
document.location='user_add.php';
</script>
";
}
}
?>Code: Select all
andCode: Select all
tags where appropriate when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]