PHP and AJAX

[9three]

Hey,

 

I have a method that registers users through an AJAX form.

 

HTML:

<form method="POST" id="nameForm">
Firstname:
<br />
<input type="text" id="fname" />
<br /><br />
Lastname:
<br />
<input type="text" id="lname" />
<br /><br />
Username:
<br />
<input type="text" id="username" />
<br /><br />
Password:
<br />
<input type="text" id="password" />
<br /><br />
Email:
<br />
<input type="text" id="email" />
<br />
<input type="submit" name="submit" value="Submit" />
<div class="msgbox"></div>
</form>

 

When you click submit the ajax file is called:

$('#screen').show();
      setTimeout(function () {$('#screen').fadeOut();}, 3000);
      $.post('ajax.Register.php', {
        fname: fname,
        lname: lname,
        username: username,
        password: password,
        email: email
        }, function (data) {
        if (data == 0) {
          setTimeout(function() {
            $('.msgbox').fadeIn('def', function () {$(this).html('Ok!');});
          }, 3002);
        }
        else {
          setTimeout(function() {
            $('.msgbox').fadeIn('def', function () {$(this).html('There was an error registering you. Please try again.');});
          }, 3002);
        }
      });

 

My ajax file calls a php file

require_once('package/class.User.php');



try {

  $objUser = new User('localhost', 'root', '', 'ajax');

}

catch (PDOException $e) {

  echo 'Unable to connect';

}



$strFirstname = $_POST['fname'];

$strLastname = $_POST['lname'];

$strUsername = $_POST['username'];

$strPassword = $_POST['password'];

$strEmail = $_POST['email'];



try {

  $objUser->Register($strFirstname, $strLastname, $strUsername, $strPassword, $strEmail);

}

catch(Exception $e) {

  echo 'Unable to query';

} 

This php file initiates an object which I created in my class User:

 

public function Register($strFirstname, $strLastname, $strUsername, $strPassword, $strEmail) {

    $strFirstname = $this->hDB->real_escape_string(ucfirst($strFirstname));

    $strLastname = $this->hDB->real_escape_string(ucfirst($strLastname));

    $strUsername = $this->hDB->real_escape_string($strUsername);

    $strPassword = $this->hDB->real_escape_string(trim($strPassword));

    $strEmail = $this->hDB->real_escape_string(trim($strEmail));

    

    if (!$this->validateRegisterFirstname($strFirstname))

      $errors = true;

    if (!$this->validateRegisterLastname($strLastname))

      $errors = true;

    if (!$this->validateRegisterUsername($strUsername))

      $errors = true;

    if (!$this->validateRegisterPassword($strPassword))

      $errors = true;

    if (!$this->validateRegisterEmail($strEmail))

      $errors = true;

    

    if ($errors) {

      echo 1;

      return false;

    }

    

    $register = $this->hDB->query("INSERT INTO users 

                                   (firstname, lastname, username, password, email) 

                                   VALUES ('$strFirstname', '$strLastname', '$strUsername', '$strPassword', '$strEmail')");

    if (mysqli_connect_error())

      throw new Exception('Query failed');

    

    if ($register) {

      echo 0;

      return true;

    }

  } 

 

If I remove the validation methods then my form allows the POST variables to be passed whenever. It's the only way I've been able to get it to work.

 

If I don't remove the validation it will validate to false because when the PHP is ran, it can never find the variables it needs.

 

Is there a way around this?