Jump to content

Form submits even if not complete

BrianM

By BrianM
in PHP Coding Help

 Share

Recommended Posts

BrianM Regular Member

BrianM

Posted
Posted

The form here is suppose to submit only when all fields are filled in, otherwise it should return an error. Well it does return an error if the fields aren't completely filled in but it still inserts the information into the database, which it's not suppose to do :| Can anyone look this over or skim through and see if they see anything wrong that's causing this problem.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Game Zero - Community</title>
<link rel="stylesheet" type="text/css" href="../css/gamezero.css" />
</head>
<?php
/* MySQL database connection */
mysql_connect('localhost', 'brian', '*password*')
or die(mysql_error());
mysql_select_db('gamezero')
or die(mysql_error());

if (isset($_POST['register'])) {
/* If any field is left blank, return an error */
if (!$_POST['firstName'] | !$_POST['lastName'] | !$_POST['email'] |!$_POST['password'] | !$_POST['gender']) {
	echo 'You have failed to complete all required fields.';
	}
/* Is the email already registered in the database? */
$email_check = $_POST['email'];
$check_one = mysql_query("SELECT email FROM gamezero_members WHERE email = '$email_check'")
	or die(mysql_error());
$check_two = mysql_num_rows($check_one);
if ($check_two != 0) {
	echo ''.$_POST['email'].' is already a registered email address.';
	}
/* Do the passwords match? If not, return an error */
if ($_POST['password'] != $_POST['password_two']) {
	echo 'Your passwords did not match.';
	}
/* Store the password using md5 */
$_POST['password'] = md5($_POST['password']);
/* Insert values into the database adding the new member */
$insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')";
$add_member = mysql_query($insert);

?>

Registration complete!

<?php
/* Show form if `if (isset($_POST['register']))` has not been sent */
} else {

?>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table>
<tr><td>First Name:</td><td>
<input type="text" name="firstName" maxlength="60" />
</td></tr>
<tr><td>Last Name:</td><td>
<input type="text" name="lastName" maxlength="60" />
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="60" />
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="60" />
</td></tr>
<tr><td>Password Confirm:</td><td>
<input type="password" name="password_two" maxlength="60" />
</td></tr>
<tr><td>Gender:</td><td>
<input type="radio" name="gender" value="Male" /> Male <input type="radio" name="gender" value="Female" /> Female
</td></tr>
<tr><th>
<input type="submit" name="register" value="Register" />
</th></tr>
</table>
</form>
</body>
</html>
<?php
/* End of script */
}

?>

 

Thank you for any help!

Link to comment
Share on other sites
ionik Regular Member

ionik

Posted
Posted 

if (isset($_POST['register'])) 
{
/* If any field is left blank, return an error */
if (!$_POST['firstName'] | !$_POST['lastName'] | !$_POST['email'] |!$_POST['password'] | !$_POST['gender']) {
	echo 'You have failed to complete all required fields.';
}
else
{
/* Is the email already registered in the database? */
$email_check = $_POST['email'];
$check_one = mysql_query("SELECT email FROM gamezero_members WHERE email = '$email_check'")
	or die(mysql_error());
$check_two = mysql_num_rows($check_one);
if ($check_two != 0) 
       {
	echo ''.$_POST['email'].' is already a registered email address.';
}
        elseif ($_POST['password'] != $_POST['password_two']) {
	echo 'Your passwords did not match.';
}
       else
       {
/* Store the password using md5 */
$_POST['password'] = md5($_POST['password']);
/* Insert values into the database adding the new member */
$insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')";
$add_member = mysql_query($insert);
       }
}
}
?>

 

try that out :)

Link to comment
Share on other sites
play_ Advanced Member

play_

Posted
Posted 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Game Zero - Community</title>
<link rel="stylesheet" type="text/css" href="../css/gamezero.css" />
</head>
<?php
/* MySQL database connection */
mysql_connect('localhost', 'brian', '*password*')
or die(mysql_error());
mysql_select_db('gamezero')
or die(mysql_error());

if (isset($_POST['register'])) {
/* If any field is left blank, return an error */
if(  (empty($_POST['firstName'])) }| (empty($_POST['lastName'])) ||  (empty($_POST['email'])) || (empty($_POST['password'])) || (empty($_POST['gender'])) ) {
	echo 'You have failed to complete all required fields.';
	}
/* Is the email already registered in the database? */
$email_check = $_POST['email'];
$check_one = mysql_query("SELECT email FROM gamezero_members WHERE email = '$email_check'")
	or die(mysql_error());
$check_two = mysql_num_rows($check_one);
if ($check_two != 0) {
	echo ''.$_POST['email'].' is already a registered email address.';
	}
/* Do the passwords match? If not, return an error */
if ($_POST['password'] != $_POST['password_two']) {
	echo 'Your passwords did not match.';
	}
/* Store the password using md5 */
$_POST['password'] = md5($_POST['password']);
/* Insert values into the database adding the new member */
$insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')";
$add_member = mysql_query($insert);

?>

Registration complete!

<?php
/* Show form if `if (isset($_POST['register']))` has not been sent */
} else {

?>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table>
<tr><td>First Name:</td><td>
<input type="text" name="firstName" maxlength="60" />
</td></tr>
<tr><td>Last Name:</td><td>
<input type="text" name="lastName" maxlength="60" />
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="60" />
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="60" />
</td></tr>
<tr><td>Password Confirm:</td><td>
<input type="password" name="password_two" maxlength="60" />
</td></tr>
<tr><td>Gender:</td><td>
<input type="radio" name="gender" value="Male" /> Male <input type="radio" name="gender" value="Female" /> Female
</td></tr>
<tr><th>
<input type="submit" name="register" value="Register" />
</th></tr>
</table>
</form>
</body>
</html>
<?php
/* End of script */
}

?>

 

In case the above doesn't work, try this.

 

not tested btw.

 

Mod edit:code tags added - be nice :)

Link to comment
Share on other sites
BrianM Regular Member

BrianM

Posted
  • Author
Posted

Now I get this:

 

You have failed to complete all required fields. is already a registered email address.

Notice: Undefined index: gender in C:\Program Files\Apache Group\Apache2\htdocs\community\register.php on line 35

Registration complete!

 

AND, it still inserts the data into the db ... hmm, not sure what to make of this.

 

edit: and I changed the }| after the first empty($_POST to || still didn't work

Link to comment
Share on other sites
BlueSkyIS Newbie

BlueSkyIS

Posted
Posted

it inserts into the db because you never tell it not to. there is no if condition preventing the SQL from being executed. what i would do is set a var, $errors = array(). then for each error, set a new item in $errors like this:

 

$errors = array();

if ($somecondition == $error_value) {
     $errors[] = "somecondition has an error";
}

// After all conditions are checked
if (count($errors) == 0) {
     // Put your insert here.
/* Store the password using md5 */
$_POST['password'] = md5($_POST['password']);
/* Insert values into the database adding the new member */
$insert = "INSERT INTO gamezero_members (firstName, lastName, email, password, gender) VALUES ('".$_POST['firstName']."', '".$_POST['lastName']."', '".$_POST['email']."', '".$_POST['password']."', '".$_POST['gender']."')";
$add_member = mysql_query($insert);
}

 

to print out all of the errors, I'd use something like:

 

if (count($errors) > 0) {
      echo "Errors ".implode("<BR>",$errors);
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.