Im working on a simple forum script and i made some security feature against posting empty value`s. Problem is its not giving me the right errors its just showing the first error message "U havent filled in a title.".
Can anyone see the error because i cant.
Code:
<?php
include('include/configdb.php');
session_start();
$username = $_SESSION['user_name'];
$title = $_GET['title'];
$message = $_GET['message'];
if ($title == NULL){
echo "U havent filled in a title. Go <a href='post.php'>Back</a>";
} else if($message == NULL) {
echo "U havent filled in a message. Go <a href='post.php'>Back</a>";
} else {
$sql = "SELECT * FROM forumuser WHERE username='$username'";
$query = mysqli_query($mysqli, $sql);
$row = mysqli_fetch_array($query);
$beforep = $row['num_posts'];
$newposts = $beforep + 1;
$newsql = "UPDATE forumuser SET num_posts='$newposts' WHERE username='$username'";
mysqli_query($mysqli, $newsql);
header("location: index.php");
}
?>
Form code:
<form method="POST" name="post" id="post" action="insert.php">
<b>Title of the topic</b><br />
<input name="title" type="text" id="title">
<br />
<b>the topic u want to post</b><br />
<textarea name="message" type="text" id="message" colls="50" rows="5">
</textarea>
<br />
<input type="submit" name="submit" value="Post Topic">
</form>