Jump to content

better error handling without nested if statements


showyoudawei

Recommended Posts

Hi, I'm creating a user registration page and the code for error check is getting messy... Is there a better way to clean this up?

<?php
  if (isset($_POST['register'])) {
    $username = mysql_real_escape_string($_POST['username']);
    $password = strtolower(mysql_real_escape_string($_POST['password']));
    $email = mysql_real_escape_string($_POST['email']);

    if ((strlen($username) > 2) && (strlen($username) < 17)) {
      if ((strlen($password) > 5) && (strlen($password) < 17)) {
        if (eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
          $userQuery = mysql_query("SELECT userID FROM user WHERE userID='$username'") or die(mysql_error());

          if (!mysql_num_rows($userQuery)) {
            $password = md5($password);

            $userQuery = mysql_query(
              "INSERT INTO user (userID, password, email) VALUES($username, $password, $email)"
            ) or die(mysql_error());

            header("Location: login.php");
            return;
          }
        }
        else {
          $error = "User registration error: invalid email";
        }
      }
      else {
        $error = "User registration error: password length must be between 6 and 16 characters";
      }
    }
    else {
      $error = "User registration error: username length must be between 3 and 16 characters";
    }
  }
?>

<Html code for the user registration page follows>

 

Is there a better way to handle all the error checks than using a bunch of nested if statements? It would be much cleaner if I could simply return to the end of the php block ie: ...

 

if (strlen($username) < 3) || (strlen($username) > 16) {
  $error = "User registration error: username length must be between 3 and 16 characters";
  return;
}

 

But that does not display the rest of the html form. Any help is appreciated. Thanks.

Wrap the logic in a function, then use returns.

 

<?php
function login(){
    $username = mysql_real_escape_string($_POST['username']);
    $password = strtolower(mysql_real_escape_string($_POST['password']));
    $email = mysql_real_escape_string($_POST['email']);

    if (! ((strlen($username) > 2) && (strlen($username) < 17))) return "User registration error: username length must be between 3 and 16 characters";

    if (! ((strlen($password) > 5) && (strlen($password) < 17))) return "User registration error: password length must be between 6 and 16 characters";
    
    if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) return "User registration error: invalid email";

    $userQuery = mysql_query("SELECT userID FROM user WHERE userID='$username'") or die(mysql_error());

    if (!mysql_num_rows($userQuery)){
      $password = md5($password);

      $userQuery = mysql_query("INSERT INTO user (userID, password, email) VALUES($username, $password, $email)") or die(mysql_error());

      header("Location: login.php");
    }
    return false;
}

  if (isset($_POST['register'])) {
   $error = login();
  }
?>

<Html code for the user registration page follows>

 

That's the correct way to do it in PHP. You could also use try... catch statements, which is the correct way to do it in java, but will get you made fun of here.

I don;t think exceptions should be used for this task neither in Java nor in PHP. Checking if user input correct data is nothing exceptional after all.

 

I know, I'm just making a point.  Exceptions are SO useful when something goes wrong.

The ideal user experience would be to check all the values submitted and display all the validation errors at one time, rather than handling one at a time. Something like -

 

<?php

$errors = array();

if(check for an error condition) {

   $errors[0] = "some error message";

}

if(check for the next error condition) {

   $errors[1] = "some other error message";

}

 

if(!empty($errors)) {

   // do error processing here

   return $errors;

}

// do next step in normal processing here

?>

I know, I'm just making a point.  Exceptions are SO useful when something goes wrong.

 

They are. I was also pleasantly surprised when I noticed that assert() is available in PHP. :)

 

Ah yeah.  I don't use it that often though. D:

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.