Rabastan Posted February 17, 2013 Share Posted February 17, 2013 This is my first attempt at a registration script. Where do I need improve it? Thanks in advance Rab // Get values from form $username=$_POST['username']; $password=$_POST['password']; $confirm=$_POST['confirm']; $firstname=$_POST['firstname']; $lastname=$_POST['lastname']; $email=$_POST['email']; $address=$_POST['address']; $address2=$_POST['address2']; $city=$_POST['city']; $state=$_POST['state']; $zip=$_POST['zip']; $phone=$_POST['phone']; $dob=$_POST['dob']; // Strip any escape characters $username = stripslashes($username); $password = stripslashes($password); $confirm = stripslashes($confirm); $firstname = stripslashes($firstname); $lastname = stripslashes($lastname); $email = stripslashes($email); $address = stripslashes($address); $address2 = stripslashes($address2); $city = stripslashes($city); $state = stripslashes($state); $zip = stripslashes($zip); $phone = stripslashes($phone); $dob = stripslashes($dob); //Check for empty fields if(empty($_POST['username'])){ echo (USERNAME_BLANK_ERROR); } if(empty($_POST['password'])){ echo (PASSWORD_BLANK_ERROR); } if(empty($_POST['confirm'])){ echo (CONFIRM_BLANK_ERROR); } if(empty($_POST['firstname'])){ echo (FIRSTNAME_BLANK_ERROR); } if(empty($_POST['lastname'])){ echo (LASTNAME_BLANK_ERROR); } if(empty($_POST['email'])){ echo (EMAIL_BLANK_ERROR); } if(empty($_POST['address'])){ echo (ADDRESS_BLANK_ERROR); } if(empty($_POST['city'])){ echo (CITY_BLANK_ERROR); } if(empty($_POST['state'])){ echo (STATE_BLANK_ERROR); } if(empty($_POST['zip'])){ echo (ZIP_BLANK_ERROR); } if(empty($_POST['phone'])){ echo (PHONE_BLANK_ERROR); } if(empty($_POST['dob'])){ echo (DOB_BLANK_ERROR); } // Verify field lengths if(strlen($username) < 6){ echo (USERNAME_SHORT_ERROR); } if(strlen($username) > 15){ echo (USERNAME_LONG_ERROR); } if(strlen($password) < 6){ echo (PASSWORD_SHORT_ERROR); } if(strlen($password) > 15){ echo (PASSWORD_LONG_ERROR); } if(strlen($firstname) < 2){ echo (FIRSTNAME_SHORT_ERROR); } if(strlen($firstname) > 25){ echo (FIRSTNAME_LONG_ERROR); } if(strlen($lastname) < 2){ echo (LASTNAME_SHORT_ERROR); } if(strlen($laststname) > 25){ echo (LASTNAME_LONG_ERROR); } if(strlen($email) < 10){ echo (EMAIL_SHORT_ERROR); } if(strlen($email) > 100){ echo (EMAIL_LONG_ERROR); } if(strlen($address) < 5){ echo (ADDRESS_SHORT_ERROR); } if(strlen($address) > 200){ echo (ADDRESS_LONG_ERROR); } if(strlen($city) < 3){ echo (CITY_SHORT_ERROR); } if(strlen($city) > 22){ echo (CITY_LONG_ERROR); } if(strlen($zip) < 5){ echo (ZIP_SHORT_ERROR); } if(strlen($zip) > 5){ echo (ZIP_LONG_ERROR); } // Compare Passwords if ($password != $confirm) { echo(PASSWORD_MATCH_ERROR); } // Validate Phone Number if( !preg_match("/^([1]-)?[0-9]{3}-[0-9]{3}-[0-9]{4}$/i", $phone) ) { echo (PHONE_VALIDATE_ERROR); } // Validate Email Address if( !preg_match("/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i", $email) ) { echo (EMAIL_VALIDATE_ERROR); } // Hash password and validate hash $hash = $hasher->HashPassword($password); if(strlen($hash) <= 20){ echo (HASH_ERROR); } // Insert User into database $sql="INSERT INTO $users(user_username, user_password, user_email, user_firstname, user_lastname, user_address, user_address2, user_city, user_state, user_zip, user_phone, user_dob)VALUES('$username', '$hash', '$firstname', '$lastname', '$address', '$address2', '$city', '$state', '$zip', '$phone', '$dob')"; $result=mysql_query($sql); if($result){ echo (REGISTRATION_SUCCESS); echo "<BR>"; echo "<a href='reg_thankyou.php'>Back to main page</a>"; } else { echo (REGISTRATION_ERROR); } ?> <?php // close connection mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted February 17, 2013 Share Posted February 17, 2013 The obvious omission is the lack of mysql_real_escape_string() or intval() for numeric inputs Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted February 17, 2013 Share Posted February 17, 2013 (edited) There are too much ifs,empties, strlens. I don't see arrays in your script. Edited February 17, 2013 by jazzman1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.