Database Insert Prevention

[nblackwood]

I have this custom registration page I'm working on with some custom server-side validation. Everything works peachy keen. My problem is even though the script is returning the proper validation errors when it should, every time the submit button is pressed upon correction of the errors, it inserts the data to the database, regardless of any errors.  Here is the PHP portion of the code. How might I get the two sets of scripts working together so the data won't be inserted every time the submit button is pressed? Also if there's any way to clean up the code, cuz i realize it's not the prettiest way to handle validation, or should I go with javascript for validating?

 

 

<?php

$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

 

srand ((double) microtime()*1000000);

$AccountID = rand();

 

$Name = $_POST['Name'];

$Username = $_POST['Username'];

$Email = $_POST['Email'];

$Password = $_POST['Password'];

$Password2 = $_POST['Password2'];

$Address = $_POST['Address'];

$Address2 = $_POST['Address2'];

$City = $_POST['City'];

$State = $_POST['State'];

$Country = $_POST['Country'];

$Zip = $_POST['Zip'];

$Date = $_POST['Date'];

$IPAddress = $_POST['IP'];

 

 

 

//Validation Rules

 

if (isset($_POST['submit']))

 

 

{

if(empty($Name))

$error1 = 'Name cannot be empty';

else

$Name = $_POST['Name'];

 

if(empty($Username))

$error2 = ' Username cannot be empty';

else

$Username = $_POST['Username'];

 

if(!preg_match("^[a-zA-Z0-9_]+@[a-zA-Z0-9\-]+\.[com]^", $_POST['Email']))

$error3 = ' Missing or invalid email address';

else

$Email = $_POST['Email'];

 

if(empty($Password))

$error4 = (' You must enter a password');

else

$Password = $_POST['Password'];

 

if($Password != $Password2)

$error5 = ' Passwords must match';

else

$Passsword2 = $_POST['Password2'];

 

 

if(empty($Address))

$error6 = ' Address cannot be empty';

else

$Address = $_POST['Address'];

$Address2 = $_POST['Address2'];

 

if (empty($City))

$error7 = ' You must enter a city';

else

$City = $_POST['City'];

 

 

if(empty($Zip))

$error7 = ' Missing or invalid  zip code';

exit;

 

 

 

 

 

 

 

}

{

 

if (!$error1)

$change1 = '';

 

if (!$error2)

$change2 = '';

 

if (!$error3)

$change2 = '';

 

if (!$error4)

$change2 = '';

 

if (!$error5)

$change2 = '';

 

if (!$error6)

$change2 = '';

 

if (!$error7)

$change2 = '';

 

if (!$error8)

$change2 = '';

 

 

 

 

}

 

 

 

 

?>

[Bladescope]

Looking at the script now, just a note to wrap your code in [ code ] or [ php ] tags, it helps keep pages clean :3.

 

Edit:

 

Javascript is a good way of handling form validation, but it's also very insecure as users can diasble javascript.

 

Best case scenario is to use both, but never use JS alone.

 

Edit Edit:

 

Based on the way you have structure your code, there's a few things you need to change.

 

First off, it's always good practice to indent your code properly.

 

Next, it's also good practice to use braces for each conditional statement.

 

e.g.

 

if(empty($Password))
	$error4 = (' You must enter a password');
else
	$Password = $_POST['Password'];

 

into

 

if(empty($Password)) {
	$error4 = (' You must enter a password');
} else {
	$Password = $_POST['Password'];
}

 

On one of your checks, you use two lines to set two variables. Without braces, the conditional statement only checks one line. This is why braces are important!

 

Also, near the end of your script, after the strangly placed exit(); and closing brace is an opening brace following it straight away without else or elseif.