From d84d69d50b08c764e00a5f2ce14ba89d77c2f8dc Mon Sep 17 00:00:00 2001
From: mauirixxx <mauirixxx@users.noreply.github.com>
Date: Thu, 25 May 2017 16:34:23 -1000
Subject: [PATCH] newb form validation

---
 gw-create.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/gw-create.php b/gw-create.php
index 80b78c8..0812082 100644
--- a/gw-create.php
+++ b/gw-create.php
@@ -10,7 +10,7 @@ include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
 $createnew = mysqli_real_escape_string($con, $_POST['docreate']);
 $userid = $_SESSION['userid'];
-echo '<CENTER>Character creation isn\'t enabled yet!<BR />Your userid is ' . $userid . '<BR />';
+echo '<CENTER>Character creation isn\'t enabled yet!<BR />Your userid is ' . $userid . '<BR />'; //delete this line when script is done
 if ($createnew === "1"){
 	$cname = mysqli_real_escape_string($con, $_POST['cname']);
 	$bdate = mysqli_real_escape_string($con, $_POST['bdate']);
@@ -22,6 +22,16 @@ if ($createnew === "1"){
 		echo 'Please click <A HREF="gw-create.php">HERE</A> to try again';
 		echo '<BR /><BR />Return to <A HREF="gw-index.php">home</A>.</CENTER></BODY></HTML>';
 		exit();
+	} else if ($cname === ""){
+		echo 'Please enter a name for your character<BR />';
+		echo 'Please click <A HREF="gw-create.php">HERE</A> to try again';
+		echo '<BR /><BR />Return to <A HREF="gw-index.php">home</A>.</CENTER></BODY></HTML>';
+		exit();
+	} else if ($profid === ""){
+		echo 'Please choose a profession<BR />';
+		echo 'Please click <A HREF="gw-create.php">HERE</A> to try again';
+		echo '<BR /><BR />Return to <A HREF="gw-index.php">home</A>.</CENTER></BODY></HTML>';
+		exit();
 	}
 	$sqlcreate = "INSERT INTO `playername` (charname, birthdate, userid, professionid) VALUES ('$cname', '$bdate', $userid, $profid)";
 	echo 'SQL Code w/ variables is: ' . $sqlcreate . '';