There are a few things wrong:
- You are using $_REQUEST, please stick to $_POST or $_GET. Depending on which one you use.
- You don't wrap your variables in single quotes, will not work without that.
- You don't escape your variables, SQL injection will be possible.
- Your INSERT query contained "INSERT INTO TABLE", that's not valid.
In case you use $_POST, you can do something like:
PHP Code:
/////////////////////// add if ( $_POST['do'] == 'add' ) { if ( empty($_POST['game']) OR empty($_POST['abbrev']) OR empty($_POST['acctname']) OR empty($_POST['proffield']) OR empty($_POST['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }
<?php /////////////////////// add if ( $_GET['do'] == 'add' ) { if ( empty($_GET['game']) OR empty($_GET['abbrev']) OR empty($_GET['acctname']) OR empty($_GET['proffield']) OR empty($_GET['status'])) { rpm_print_stop_back('Please be sure every field is filled out before submitting.'); }