djlfreak Posted June 3, 2010 Share Posted June 3, 2010 Hi There, I attempted some form validation but I seem to have made a complete balls of it. Can anyone see where I went wrong. Before I introduced the validation and regular expressions it was working fine but because I'm not really sure of this topic I made syntax errors everywhere. I would appreciate any help with this as I really want to learn. case 'Create Account': $error=array(); $name = (isset($_POST['name'])) trim(? $_POST['name']) : ''; if(empty($name)){ $error[]=urlencode('Please enter your fullname.'); } $email = (isset($_POST['email'])) trim(? $_POST['email']) : ''; if(empty($email)){ $error[]=urlencode('Please enter your email.'); if (strpos($email, ".") > 0) && (strpos($email, "@") > 0)) || preg_match("/[^a-zA-Z0-9.@_-]/", $email)) $error[] = urlencode('The Email address is invalid.'); } $username = (isset($_POST['username'])) trim(? $_POST['username']) : ''; if(empty($username)){ $error[]=urlencode('Please enter a username.'); if (strlen($username)) < 5){ $error[] = urlencode('Usernames must be at least 5 characters long.'); } // check if username already is registered $sql = 'SELECT username FROM site_users WHERE username = "' . $username . '"'; $result = mysql_query($sql, $db) or die(mysql_error()); if (mysql_num_rows($result) > 0) { $errors[] = 'Username ' . $username . ' is already registered.'; $username = ''; } $age = (isset($_POST['age'])) trim(? $_POST['age']) : ''; if(empty($age)){ $error[]=urlencode('Please enter your age.'); if (!is_numeric($age)) { $error[] = urlencode('Please enter a numeric value for age.'); } else if ($age < 18 || $age > 110) { $error[] = urlencode('Please enter age between 18 and 110.'); } $phone = (isset($_POST['phone'])) trim(? $_POST['phone']) : ''; if(empty($phone)){ $error[]=urlencode('Please enter your phone number.'); if (!is_numeric($phone)) { $error[] = urlencode('Please enter a numeric value for phone number.'); } $address = (isset($_POST['address'])) trim(? $_POST['address']) : ''; if(empty($address)){ $error[]=urlencode('Please enter your address.'); } $county = (isset($_POST['county'])) trim(? $_POST['county']) : ''; if(empty($county)){ $error[]=urlencode('Please enter your county.'); if (strlen($username)) < 4){ $error[] = urlencode('County names must be at least 4 characters long.'); } $password_1 = (isset($_POST['password_1'])) trim(? $_POST['password_1']) : ''; if(empty($password_1)){ $error[]=urlencode('Please enter password 1.'); if (strlen($password_1)) < 6){ $error[] = urlencode('Passwords must be at least 6 characters long.'); } $password_2 = (isset($_POST['password_2'])) trim(? $_POST['password_2']) : ''; if(empty($password_2)){ $error[]=urlencode('Please enter password 2.'); if (strlen($password_2)) < 6){ $error[] = urlencode('Passwords must be at least 6 characters long.'); } $password = ($password_1 == $password_2) ? $password_1 : ''; if (empty($error)) { $sql = 'INSERT INTO site_users (email, password, name, username, age, phone, address, county) VALUES ("' . mysql_real_escape_string($email, $db) . '", PASSWORD("' . mysql_real_escape_string($password, $db) . '"), "' . mysql_real_escape_string($name, $db) . '", "' . mysql_real_escape_string($username, $db) . '", "' . mysql_real_escape_string($age, $db) . '", "' . mysql_real_escape_string($phone, $db) . '", "' . mysql_real_escape_string($address, $db) . '", "' . mysql_real_escape_string($county, $db) . '")'; mysql_query($sql, $db) or die(mysql_error($db)); session_start(); $_SESSION['user_id'] = mysql_insert_id($db); $_SESSION['access_level'] = 1; $_SESSION['name'] = $name; $_SESSION['username'] = $username; }else{ header('Location:register.php?action=create account' . '&error=' . join($error, urlencode('<br/>'))); } redirect('cms_index.php'); break; Sign Up Form <form method="post" action="cms_transact_user.php"> <td> <table> <tr> <td><label for="name">Full Name: </label></td> <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" value="<?php echo htmlspecialchars($name); ?>"/></td> </tr> <tr> ETC...ETC... <td> <input type="submit" name="action" value="Create Account"/> </td> </tr> </table> </form> There shouln't be too much wrong with it, I could just do with some guidance. Thanks in advance Quote Link to comment Share on other sites More sharing options...
Psycho Posted June 3, 2010 Share Posted June 3, 2010 I really don't want to go through all that code trying to find out what errors you are having. I'd suggest you remove ALL the validation then add each validation feature one at a time. Test each validation feature and if it works add the next one.If a validation feature doesn't work then post the relevant code and explain what is/is not happenign and what you are wanting to happen. Quote Link to comment Share on other sites More sharing options...
Psycho Posted June 3, 2010 Share Posted June 3, 2010 OK, after a second review it looks like you are only using regex on the email. But, you are also doing additional string validations for specific characters. You just need to do a regex validation. Here is my email format validation function. function is_email($email) { $formatTest = '/^[\w!#$%&\'*+\-\/=?^`{|}~]+(\.[\w!#$%&\'*+\-\/=?^`{|}~]+)*@[a-z\d]([a-z\d-]{0,62}[a-z\d])?(\.[a-z\d]([a-z\d-]{0,62}[a-z\d])?)*\.[a-z]{2,6}$/i'; $lengthTest = '/^(.{1,64})@(.{4,255})$/'; return (preg_match($formatTest, $email) && preg_match($lengthTest, $email)); } Just include it in your page and call it from your current validation script $email = (isset($_POST['email'])) trim(? $_POST['email']) : ''; if(empty($email)) { $error[]=urlencode('Please enter your email.'); } elseif (!is_email($email)) { $error[] = urlencode('The Email address is invalid.'); } here is a complete explanation of the validation done //===================================================== // Function: is_email ( string $email ) // // Description: Finds whether the given string variable // is a properly formatted email. // // Parameters: $email the string being evaluated // // Return Values: Returns TRUE if $email is valid email // format, FALSE otherwise. //===================================================== // Format test // - Username: // - Can contain the following characters: // - Uppercase and lowercase English letters (a-z, A-Z) // - Digits 0 to 9 // - Characters _ ! # $ % & ' * + - / = ? ^ ` { | } ~ // - May contain '.' (periods), but cannot begin or end with a period // and they may not appear in succession (i.e. 2 or more in a row) // - Must be between 1 and 64 characters // - Domain: // - Can contain the following characters: 'a-z', 'A-Z', '0-9', '-' (hyphen), and '.' (period). // - There may be subdomains, separated by a period (.), but the combined domain may not // begin with a period and they not appear in succession (i.e. 2 or more in a row) // - Domain/Subdomain name parts may not begin or end with a hyphen // - Domain/Subdomain name parts must be between 1-64 characters // - TLD accepts: 'a-z' & 'A-Z' // // Note: the domain and tld parts must be between 4 and 256 characters total // // Length test // - Username: 1 to 64 characters // - Domain: 4 to 255 character Quote Link to comment Share on other sites More sharing options...
djlfreak Posted June 4, 2010 Author Share Posted June 4, 2010 Thank you for the tip mjdamato, I will try that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.