Jump to content

Recommended Posts

Hi all

 

I'm a relative newbie to PHP but have been programming for 15+ years.

 

I have created a PHP page for users to register their details which works fine when a user enters their details correctly but if they enter an email address that is already in use and then correct it, none of the form fields are passed through to the form submission page. (I have included the relevant value="'<?php $_POST['forename']?>" where necessary and these values are displayed when the form redisplays.)

 

Apologies if this is a very basic question but I've been stuck on this for a number of days now and although I can't really afford any more time trying to resolve this I know I have to get it right.

 

Thanks in advance.

 

My codes is as follows:

 

<?php

  header("Cache-Control: no-cache, must-revalidate");

  header("Expires: Fri, 31 Dec 1999 00:00:00 GMT");

 

  include('/inc/db.php');

 

  $email_msg = '';

 

  if (!empty($_POST))

  {

    $email = mysql_real_escape_string($_POST['email']);

    $query = mysql_query("SELECT * FROM table WHERE email = '$email'");

    $check = mysql_num_rows($query);

 

    if ($check > 0)

    {

      $email_msg = "<label for='email' class='error'>This email address is already in use</label>";

 

      $forename = mysql_real_escape_string($_POST['forename']);

      $surname = mysql_real_escape_string($_POST['surname']);

      $username = mysql_real_escape_string($_POST['username']);

      $password = mysql_real_escape_string($_POST['password']);

      $password2 = mysql_real_escape_string($_POST['password2']);

      $email = mysql_real_escape_string($_POST['email']);

      $dob = mysql_real_escape_string($_POST['dob']);

    }

    else

    {

      // register_db.php doesn't receive a value for $_POST['forename'] or any of the other fields

      header('location: /inc/register_db.php');

 

      exit;

    }

  }

 

  echo "

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>

<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>

<head>

  <script type='text/javascript' src='/js/jquery-1.3.2.min.js'></script>

  <script type='text/javascript' src='/js/jquery.validate.pack.js'></script>

  <link rel='stylesheet' type='text/css' media='projection, screen' href='/css/ui-lightness/jquery-ui-1.7.2.custom.css' />

</head>

 

<body id='register-body'>

  <div id='page-header'>

    <div id='logo'>

    <h1><a accesskey='1' href='index.php'>HOMEPAGE</a></h1>

  </div>

  </div>

 

  <div id='register-page'>

    <form id='register-details' method='post' action='/inc/register_db.php'>

      <div id='column1'>

        <h3><label for='forename'>FORENAME</label></h3>

        <input type='text' id='forename' name='forename' class='required' tabindex='1000' value='$forename' />

        <br />

        <br />

 

        <h3><label for='surname'>SURNAME</label></h3>

        <input type='text' id='surname' name='surname' class='required' tabindex='1010' value='$surname' />

        <br />

        <br />

 

        <h3><label for='username'>USERNAME</label></h3>

        <input type='text' id='username' name='username' class='required' tabindex='1020' value='$username' />

        <br />

        <br />

 

        <h3><label for='password'>PASSWORD</label></h3>

        <input type='password' id='password' name='password' class='required' tabindex='1030' value='$password' />

        <br />

        <br />

 

        <h3><label for='password2'>RETYPE PASSWORD</label></h3>

        <input type='password' id='password2' name='password2' class='required' tabindex='1040' value='$password2' />

        <br />

      </div>

 

      <div id='column2'>

        <h3><label for='email'>EMAIL ADDRESS</label></h3>

        <input type='text' id='email' name='email' class='required email' tabindex='1050' value='$email' />

        $email_msg

        <br />

      </div>

 

      <div id='column3'>

        <h3><label for='country'>LOCATION</label></h3>

        <select id='country' name='country' class='required' tabindex='1060'>

          <option value=''>Please select</option>

          <option value='1'>United Kingdom</option>

          <option value='2'>United States</option>

          <option value='3'>Canada</option>

        </select><br />

      </div>

 

      <div id='column4'>

        <h3><label for='dob'>DATE OF BIRTH</label></h3>

        <input type='text' id='dob' name='dob' class='required date' tabindex='1070' value='$dob' />

        <br />

        <input type='submit' id='register-button' name='register-button' value='register!' />

      </div>

    </form>

  </div>

</body>

</html>";

?>

Link to comment
https://forums.phpfreaks.com/topic/203148-validationcoding-structure/
Share on other sites

  <?php
  header("Cache-Control: no-cache, must-revalidate");
  header("Expires: Fri, 31 Dec 1999 00:00:00 GMT");

  include('/inc/db.php');

  $email_msg = '';

  if (!empty($_POST))
  {
    $email = mysql_real_escape_string($_POST['email']);
    $query = mysql_query("SELECT * FROM table WHERE email = '$email'");
    $check = mysql_num_rows($query);

    if ($check > 0)
    {
      $email_msg = "<label for='email' class='error'>This email address is already in use</label>";

      $forename = mysql_real_escape_string($_POST['forename']);
      $surname = mysql_real_escape_string($_POST['surname']);
      $username = mysql_real_escape_string($_POST['username']);
      $password = mysql_real_escape_string($_POST['password']);
      $password2 = mysql_real_escape_string($_POST['password2']);
      $email = mysql_real_escape_string($_POST['email']);
      $dob = mysql_real_escape_string($_POST['dob']);
    }
    else
    {
      // register_db.php doesn't receive a value for $_POST['forename'] or any of the other fields
      header('location: /inc/register_db.php');

      exit;
    }
  }

  echo "
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
  <script type='text/javascript' src='/js/jquery-1.3.2.min.js'></script>
  <script type='text/javascript' src='/js/jquery.validate.pack.js'></script>
  <link rel='stylesheet' type='text/css' media='projection, screen' href='/css/ui-lightness/jquery-ui-1.7.2.custom.css' />
</head>

<body id='register-body'>
  <div id='page-header'>
    <div id='logo'>
          <h1><a accesskey='1' href='index.php'>HOMEPAGE</a></h1>
     </div>
  </div>

  <div id='register-page'>
    <form id='register-details' method='post' action='/inc/register_db.php'>
      <div id='column1'>
        <h3><label for='forename'>FORENAME</label></h3>
        <input type='text' id='forename' name='forename' class='required' tabindex='1000' value='".$forename."' />
        <br />
        <br />

        <h3><label for='surname'>SURNAME</label></h3>
        <input type='text' id='surname' name='surname' class='required' tabindex='1010' value='".$surname."' />
        <br />
        <br />

        <h3><label for='username'>USERNAME</label></h3>
        <input type='text' id='username' name='username' class='required' tabindex='1020' value='".$username."' />
        <br />
        <br />

        <h3><label for='password'>PASSWORD</label></h3>
        <input type='password' id='password' name='password' class='required' tabindex='1030' value='".$password."' />
        <br />
        <br />

        <h3><label for='password2'>RETYPE PASSWORD</label></h3>
        <input type='password' id='password2' name='password2' class='required' tabindex='1040' value='".$password2."' />
        <br />
      </div>

      <div id='column2'>
        <h3><label for='email'>EMAIL ADDRESS</label></h3>
        <input type='text' id='email' name='email' class='required email' tabindex='1050' value='".$email."' />
        $email_msg
        <br />
      </div>

      <div id='column3'>
        <h3><label for='country'>LOCATION</label></h3>
        <select id='country' name='country' class='required' tabindex='1060'>
          <option value=''>Please select</option>
          <option value='1'>United Kingdom</option>
          <option value='2'>United States</option>
          <option value='3'>Canada</option>
        </select><br />
      </div>

      <div id='column4'>
        <h3><label for='dob'>DATE OF BIRTH</label></h3>
        <input type='text' id='dob' name='dob' class='required date' tabindex='1070' value='".$dob."' />
        <br />
        <input type='submit' id='register-button' name='register-button' value='register!' />
      </div>
    </form>
  </div>
</body>
</html>";
?>

 

Try that.

Why are you posting the form to /inc/register_db.php and performing a header redirect to that page when the form data is correct? The postdata will not be passed to the page in a header redirect. And in the case that the form is filled out incorrectly, the page will still be directed to /inc/register_db.php because of the form action.

 

Also, you don't need to mysql_real_escape_string the data if you aren't using it for a query, to protect it from javascript injection use htmlentities

When you do a header() to redirct to another page it is considered a new request from the server - POST values are not sent. Instead, you should simply do an include.

 

Here is the page with that correction and a little more rewrite as well.

<?php
  header("Cache-Control: no-cache, must-revalidate");
  header("Expires: Fri, 31 Dec 1999 00:00:00 GMT");

  include('/inc/db.php');

  $email_msg = '';

  if (!empty($_POST))
  {
    $email     = trim($_POST['email']);
    $sql_email = mysql_real_escape_string($email);
    $query = "SELECT email FROM table WHERE email = '{$sql_email}'";
    $result = mysql_query($query);
    $check = mysql_num_rows($result);

    if ($check > 0)
    {
      $email_msg = "<label for='email' class='error'>This email address is already in use</label>";

//The following lines should NOT use mysql_real_escape_string() as they
//will change the values if any characters are escaped. Instead, you
//should use trim
      $forename  = trim($_POST['forename']);
      $surname   = trim($_POST['surname']);
      $username  = trim($_POST['username']);
      $password  = trim($_POST['password']);
      $password2 = trim($_POST['password2']);
      $email     = trim($_POST['email']);
      $dob       = trim($_POST['dob']);
    }
    else
    {
      // register_db.php doesn't receive a value for $_POST['forename'] or any of the other fields
      include('/inc/register_db.php');
      exit();
    }
  }

?>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
  <script type="text/javascript" src="/js/jquery.validate.pack.js"></script>
  <link rel="stylesheet" type="text/css" media="projection, screen" href="/css/ui-lightness/jquery-ui-1.7.2.custom.css" />
</head>

<body id="register-body">
  <div id="page-header">
    <div id="logo">
          <h1><a accesskey="1" href="index.php">HOMEPAGE</a></h1>
     </div>
  </div>

  <div id="register-page">
    <form id="register-details" method="post" action="/inc/register_db.php">
      <div id="column1">
        <h3><label for="forename">FORENAME</label></h3>
        <input type="text" id="forename" name="forename" class="required" tabindex="1000" value="<?php $forename; ?>" />
        <br /><br />

        <h3><label for="surname">SURNAME</label></h3>
        <input type="text" id="surname" name="surname" class="required" tabindex="1010" value="<?php $surname; ?>" />
        <br /><br />

        <h3><label for="username">USERNAME</label></h3>
        <input type="text" id="username" name="username" class="required" tabindex="1020" value="<?php $username; ?>" />
        <br /><br />

        <h3><label for="password">PASSWORD</label></h3>
        <input type="password" id="password" name="password" class="required" tabindex="1030" value="<?php $password; ?>" />
        <br /><br />

        <h3><label for="password2">RETYPE PASSWORD</label></h3>
        <input type="password" id="password2" name="password2" class="required" tabindex="1040" value="<?php $password2; ?>" />
        <br />
      </div>

      <div id="column2">
        <h3><label for="email">EMAIL ADDRESS</label></h3>
        <input type="text" id="email" name="email" class="required email" tabindex="1050" value="<?php $email; ?>" />
        <?php $email_msg; ?>
        <br />
      </div>

      <div id="column3">
        <h3><label for="country">LOCATION</label></h3>
        <select id="country" name="country" class="required" tabindex="1060">
          <option value="">Please select</option>
          <option value="1">United Kingdom</option>
          <option value="2">United States</option>
          <option value="3">Canada</option>
        </select><br />
      </div>

      <div id="column4">
        <h3><label for="dob">DATE OF BIRTH</label></h3>
        <input type="text" id="dob" name="dob" class="required date" tabindex="1070" value="<?php $dob; ?>" />
        <br />
        <input type="submit" id="register-button" name="register-button" value="register!" />
      </div>
    </form>
  </div>
</body>
</html>

@mjdamato You also need to change the form action to $_SERVER['PHP_SELF'];

You should never use $_SERVER['PHP_SELF'] as your form action, it leaves you vulnerable to XSS attacks. It's a better idea to just type the name of the file.

Hey guys

 

Many thanks for your suggestions. I've changed the form to attempt to incorporate them but have had no success at all so tonight I created a minimal version so that I can post it here. Hopefully someone will be able to see whatever stupid mistake I've made...

 

The version of reg.php as it currently exists doesn't seem to hit any of the php code that performs validation.

 

If I change it to post to itself (form action='reg.php') nothing ever gets submitted and the php validation code never seems to be run either.

 

If anyone could help I'd be extremely grateful.

 

Many thanks

 

<?php

  header("Cache-Control: no-cache, must-revalidate");

  header("Expires: Fri, 31 Dec 1999 00:00:00 GMT");

 

  include('/inc/db.php');

 

  $email_msg = '';

 

  $forename = '';

  $surname = '';

  $email = '';

 

  if (!empty($_POST))

  {

    $email = mysql_real_escape_string($_POST['email']);

    $query = mysql_query("SELECT mem_email FROM member WHERE mem_email = '$email'");

    $check = mysql_num_rows($query);

 

    if ($check > 0)

    {

      $email_msg = "<label for='email' class='error'>This email address is already in use</label>";

 

      $forename = $_POST['forename'];

      $surname = $_POST['surname'];

      $email = $_POST['email'];

    }

    else

    {

      // register_db.php doesn't receive a value for $_POST['forename'] or any of the other fields

      $email_msg = "It's all ok!";

 

      include('/inc/register_db.php');

 

      exit();

    }

  }

?>

 

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>

<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>

<head>

</head>

 

<body id='register-body'>

  <div id='register-page'>

    <form id='register-details' method='post' action='/inc/register_db.php'>

      <div id='column1'>

        <h3><label for='forename'>FORENAME</label></h3>

        <input type='text' id='forename' name='forename' class='required' tabindex='1000' value='<?php $forename;?>' />

 

        <h3><label for='surname'>SURNAME</label></h3>

        <input type='text' id='surname' name='surname' class='required' tabindex='1010' value='<?php $surname;?>' />

 

        <h3><label for='email'>EMAIL ADDRESS</label></h3>

        <input type='text' id='email' name='email' class='required email' tabindex='1050' value='<?php $email;?>' />

        <?php $email_msg;?>

        <br />

        <input type='submit' id='register-button' name='register-button' value='register!' />

      </div>

    </form>

  </div>

</body>

</html>

<?php
  header("Cache-Control: no-cache, must-revalidate");
  header("Expires: Fri, 31 Dec 1999 00:00:00 GMT");

  include('/inc/db.php');

  $email_msg = '';

  $forename = isset($_POST['forename']) ? $_POST['forename'] : '';
  $surname  = isset($_POST['surname'])  ? $_POST['surname']  : '';
  $email    = isset($_POST['email'])    ? $_POST['email']    : '';

  if (!empty($_POST))
  {
    if (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL))
    {
      $email_msg = "<label for='email' class='error'>This email address is not a valid email address</label>";
    }
    else
    {
    
       $email = mysql_real_escape_string($email);
       $query = mysql_query("SELECT mem_email FROM member WHERE mem_email = '$email' LIMIT 1");
       $check = mysql_num_rows($query);

       if ($check > 0)
       {
         $email_msg = "<label for='email' class='error'>This email address is already in use</label>";
       }
       else
       {
         // register_db.php doesn't receive a value for $_POST['forename'] or any of the other fields
         $email_msg = "It's all ok!";
         
         $forename = mysql_real_escape_string($forename);
         $surname  = mysql_real_escape_string($surname);

         include('/inc/register_db.php');

         exit();
       }
    }
  }
?>

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
</head>

<body id='register-body'>
  <div id='register-page'>
    <form id='register-details' method='post' action='<?php echo htmlentities($_SERVER['PHP_SELF']); ?>'>
      <div id='column1'>
        <h3><label for='forename'>FORENAME</label></h3>
        <input type='text' id='forename' name='forename' class='required' tabindex='1000' value='<?php $forename;?>' />

        <h3><label for='surname'>SURNAME</label></h3>
        <input type='text' id='surname' name='surname' class='required' tabindex='1010' value='<?php $surname;?>' />

        <h3><label for='email'>EMAIL ADDRESS</label></h3>
        <input type='text' id='email' name='email' class='required email' tabindex='1050' value='<?php $email;?>' />
        <?php $email_msg;?>
        <br />
        <input type='submit' id='register-button' name='register-button' value='register!' />
      </div>
    </form>
  </div>
</body>
</html>

Hi all

 

Many thanks for your help and suggestions with this problem. I have now got it working!

 

The changes I made (and I appreciate some of them might not have had any effect on the original problem!) were:

[*]Removing the calls to mysql_real_escape_string() and replacing them with trim()

[*]Replacing header("location:/inc/register_db.php") with include("inc/register_db.php")

[*]Changing form action from /inc/register_db.php to <?php echo htmlentities($_SERVER['PHP_SELF']); ?>

[*]Changing all html value clauses from value='$forename' to value='<?php echo $forename?>'

[*]Removing 'echo ' from around all html (only a newbie would have thought they were necessary;-)

 

Unfortunately I couldn't incorporate filter_input() as I'm running on PHP version 4.

 

(I think there may be a few more changes that I made but it's late and I've spent a week of late nights trying to fix this so I'm off to bed :))

 

Many many thanks again to all of those who helped and have improved my php coding immensely in just a few short days.

 

Patrick

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.