BrianM Posted May 11, 2008 Share Posted May 11, 2008 The form here is suppose to submit only when all fields are filled in, otherwise it should return an error. Well it does return an error if the fields aren't completely filled in but it still inserts the information into the database, which it's not suppose to do :| Can anyone look this over or skim through and see if they see anything wrong that's causing this problem. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Game Zero - Community</title> <link rel="stylesheet" type="text/css" href="../css/gamezero.css" /> </head> <?php /* MySQL database connection */ mysql_connect('localhost', 'brian', '*password*') or die(mysql_error()); mysql_select_db('gamezero') or die(mysql_error()); if (isset($_POST['register'])) { /* If any field is left blank, return an error */ if (!$_POST['firstName'] | !$_POST['lastName'] | !$_POST['email'] |!$_POST['password'] | !$_POST['gender']) { echo 'You have failed to complete all required fields.'; } /* Is the email already registered in the database? */ $email_check = $_POST['email']; $check_one = mysql_query("SELECT email FROM gamezero_members WHERE email = '$email_check'") or die(mysql_error()); $check_two = mysql_num_rows($check_one); if ($check_two != 0) { echo ''.$_POST['email'].' is already a registered email address.'; } /* Do the passwords match? If not, return an error */ if ($_POST['password'] != $_POST['password_two']) { echo 'Your passwords did not match.'; } /* Store the password using md5 */ $_POST['password'] = md5($_POST['password']); /* Insert values into the database adding the new member */ $insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')"; $add_member = mysql_query($insert); ?> Registration complete! <?php /* Show form if `if (isset($_POST['register']))` has not been sent */ } else { ?> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table> <tr><td>First Name:</td><td> <input type="text" name="firstName" maxlength="60" /> </td></tr> <tr><td>Last Name:</td><td> <input type="text" name="lastName" maxlength="60" /> </td></tr> <tr><td>Email:</td><td> <input type="text" name="email" maxlength="60" /> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="60" /> </td></tr> <tr><td>Password Confirm:</td><td> <input type="password" name="password_two" maxlength="60" /> </td></tr> <tr><td>Gender:</td><td> <input type="radio" name="gender" value="Male" /> Male <input type="radio" name="gender" value="Female" /> Female </td></tr> <tr><th> <input type="submit" name="register" value="Register" /> </th></tr> </table> </form> </body> </html> <?php /* End of script */ } ?> Thank you for any help! Quote Link to comment Share on other sites More sharing options...
ionik Posted May 11, 2008 Share Posted May 11, 2008 if (isset($_POST['register'])) { /* If any field is left blank, return an error */ if (!$_POST['firstName'] | !$_POST['lastName'] | !$_POST['email'] |!$_POST['password'] | !$_POST['gender']) { echo 'You have failed to complete all required fields.'; } else { /* Is the email already registered in the database? */ $email_check = $_POST['email']; $check_one = mysql_query("SELECT email FROM gamezero_members WHERE email = '$email_check'") or die(mysql_error()); $check_two = mysql_num_rows($check_one); if ($check_two != 0) { echo ''.$_POST['email'].' is already a registered email address.'; } elseif ($_POST['password'] != $_POST['password_two']) { echo 'Your passwords did not match.'; } else { /* Store the password using md5 */ $_POST['password'] = md5($_POST['password']); /* Insert values into the database adding the new member */ $insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')"; $add_member = mysql_query($insert); } } } ?> try that out Quote Link to comment Share on other sites More sharing options...
BrianM Posted May 11, 2008 Author Share Posted May 11, 2008 Before I start dismantling my code, just insert the extra else statement you put in? Quote Link to comment Share on other sites More sharing options...
play_ Posted May 11, 2008 Share Posted May 11, 2008 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Game Zero - Community</title> <link rel="stylesheet" type="text/css" href="../css/gamezero.css" /> </head> <?php /* MySQL database connection */ mysql_connect('localhost', 'brian', '*password*') or die(mysql_error()); mysql_select_db('gamezero') or die(mysql_error()); if (isset($_POST['register'])) { /* If any field is left blank, return an error */ if( (empty($_POST['firstName'])) }| (empty($_POST['lastName'])) || (empty($_POST['email'])) || (empty($_POST['password'])) || (empty($_POST['gender'])) ) { echo 'You have failed to complete all required fields.'; } /* Is the email already registered in the database? */ $email_check = $_POST['email']; $check_one = mysql_query("SELECT email FROM gamezero_members WHERE email = '$email_check'") or die(mysql_error()); $check_two = mysql_num_rows($check_one); if ($check_two != 0) { echo ''.$_POST['email'].' is already a registered email address.'; } /* Do the passwords match? If not, return an error */ if ($_POST['password'] != $_POST['password_two']) { echo 'Your passwords did not match.'; } /* Store the password using md5 */ $_POST['password'] = md5($_POST['password']); /* Insert values into the database adding the new member */ $insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')"; $add_member = mysql_query($insert); ?> Registration complete! <?php /* Show form if `if (isset($_POST['register']))` has not been sent */ } else { ?> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table> <tr><td>First Name:</td><td> <input type="text" name="firstName" maxlength="60" /> </td></tr> <tr><td>Last Name:</td><td> <input type="text" name="lastName" maxlength="60" /> </td></tr> <tr><td>Email:</td><td> <input type="text" name="email" maxlength="60" /> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="60" /> </td></tr> <tr><td>Password Confirm:</td><td> <input type="password" name="password_two" maxlength="60" /> </td></tr> <tr><td>Gender:</td><td> <input type="radio" name="gender" value="Male" /> Male <input type="radio" name="gender" value="Female" /> Female </td></tr> <tr><th> <input type="submit" name="register" value="Register" /> </th></tr> </table> </form> </body> </html> <?php /* End of script */ } ?> In case the above doesn't work, try this. not tested btw. Mod edit:code tags added - be nice Quote Link to comment Share on other sites More sharing options...
BrianM Posted May 11, 2008 Author Share Posted May 11, 2008 Now I get this: You have failed to complete all required fields. is already a registered email address. Notice: Undefined index: gender in C:\Program Files\Apache Group\Apache2\htdocs\community\register.php on line 35 Registration complete! AND, it still inserts the data into the db ... hmm, not sure what to make of this. edit: and I changed the }| after the first empty($_POST to || still didn't work Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 11, 2008 Share Posted May 11, 2008 it inserts into the db because you never tell it not to. there is no if condition preventing the SQL from being executed. what i would do is set a var, $errors = array(). then for each error, set a new item in $errors like this: $errors = array(); if ($somecondition == $error_value) { $errors[] = "somecondition has an error"; } // After all conditions are checked if (count($errors) == 0) { // Put your insert here. /* Store the password using md5 */ $_POST['password'] = md5($_POST['password']); /* Insert values into the database adding the new member */ $insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')"; $add_member = mysql_query($insert); } to print out all of the errors, I'd use something like: if (count($errors) > 0) { echo "Errors ".implode("<BR>",$errors); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.