Jump to content

Recommended Posts

Hi There,

I attempted some form validation but I seem to have made a complete balls of it. Can anyone see where I went wrong. Before I introduced the validation and regular expressions it was working fine but because I'm not really sure of this topic I made syntax errors everywhere. I would appreciate any help with this as I really want to learn.

 

case 'Create Account':
	$error=array();
        $name = (isset($_POST['name'])) trim(? $_POST['name']) : '';
	if(empty($name)){
	$error[]=urlencode('Please enter your fullname.');
	}

        $email = (isset($_POST['email'])) trim(? $_POST['email']) : '';
	if(empty($email)){
	$error[]=urlencode('Please enter your email.');
	if (strpos($email, ".") > 0) &&
		       (strpos($email, "@") > 0)) ||
				preg_match("/[^a-zA-Z0-9.@_-]/", $email))
	$error[] = urlencode('The Email address is invalid.');
	}

	$username = (isset($_POST['username'])) trim(? $_POST['username']) : '';
	if(empty($username)){
	$error[]=urlencode('Please enter a username.');
	if (strlen($username)) < 5){
	 $error[] = urlencode('Usernames must be at least 5 characters long.');
	}

	// check if username already is registered
	$sql = 'SELECT username FROM site_users WHERE username = "' .
        $username . '"';
	$result = mysql_query($sql, $db) or die(mysql_error());
	if (mysql_num_rows($result) > 0) {
        $errors[] = 'Username ' . $username . ' is already registered.';
        $username = '';
    }
	$age = (isset($_POST['age'])) trim(? $_POST['age']) : '';
	if(empty($age)){
	$error[]=urlencode('Please enter your age.');
	if (!is_numeric($age)) {
            $error[] = urlencode('Please enter a numeric value for age.');
        } else if ($age < 18 || $age > 110) {
            $error[] = urlencode('Please enter age between 18 and 110.');
        }

	$phone = (isset($_POST['phone'])) trim(? $_POST['phone']) : '';
	if(empty($phone)){
	$error[]=urlencode('Please enter your phone number.');
	if (!is_numeric($phone)) {
            $error[] = urlencode('Please enter a numeric value for phone number.');
	}

	$address = (isset($_POST['address'])) trim(? $_POST['address']) : '';
	if(empty($address)){
	$error[]=urlencode('Please enter your address.');
	}

	$county = (isset($_POST['county'])) trim(? $_POST['county']) : '';
	if(empty($county)){
	$error[]=urlencode('Please enter your county.');
	if (strlen($username)) < 4){
	 $error[] = urlencode('County names must be at least 4 characters long.');
	}

        $password_1 = (isset($_POST['password_1'])) trim(? $_POST['password_1']) : '';
	if(empty($password_1)){
	$error[]=urlencode('Please enter password 1.');
	if (strlen($password_1)) < 6){
	$error[] = urlencode('Passwords must be at least 6 characters long.');
	}

        $password_2 = (isset($_POST['password_2'])) trim(? $_POST['password_2']) : '';
	if(empty($password_2)){
	$error[]=urlencode('Please enter password 2.');
	if (strlen($password_2)) < 6){
	$error[] = urlencode('Passwords must be at least 6 characters long.');
	}

        $password = ($password_1 == $password_2) ? $password_1 : '';
        if (empty($error)) { 
            $sql = 'INSERT INTO site_users
                    (email, password, name, username, age, phone, address, county)
                VALUES
                ("' . mysql_real_escape_string($email, $db) . '",
                PASSWORD("' . mysql_real_escape_string($password, $db) . '"), 
                "' . mysql_real_escape_string($name, $db) . '",
			"' . mysql_real_escape_string($username, $db) . '",
			  "' . mysql_real_escape_string($age, $db) . '",
			   "' . mysql_real_escape_string($phone, $db) . '",
			   "' . mysql_real_escape_string($address, $db) . '",
			"' . mysql_real_escape_string($county, $db) . '")';

            mysql_query($sql, $db) or die(mysql_error($db));

            session_start();
            $_SESSION['user_id'] = mysql_insert_id($db);
            $_SESSION['access_level'] = 1;
            $_SESSION['name'] = $name;
		$_SESSION['username'] = $username;
        
	}else{
	header('Location:register.php?action=create account' .
              '&error=' . join($error, urlencode('<br/>')));
	}
        redirect('cms_index.php');
        break;

Sign Up Form

<form method="post" action="cms_transact_user.php">
<td>
<table>
  <tr>
   <td><label for="name">Full Name: </label></td>
   <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;"
     value="<?php echo htmlspecialchars($name); ?>"/></td>
  </tr>
<tr> ETC...ETC...
   <td>
    <input type="submit" name="action" value="Create Account"/>
   </td>
  </tr>
   </table>
  </form>

 

There shouln't be too much wrong with it, I could just do with some guidance.

Thanks in advance

;D

I really don't want to go through all that code trying to find out what errors you are having. I'd suggest you remove ALL the validation then add each validation feature one at a time. Test each validation feature and if it works add the next one.If a validation feature doesn't work then post the relevant code and explain what is/is not happenign and what you are wanting to happen.

OK, after a second review it looks like you are only using regex on the email. But, you are also doing additional string validations for specific characters. You just need to do a regex validation. Here is my email format validation function.

 

function is_email($email) 
{
    $formatTest = '/^[\w!#$%&\'*+\-\/=?^`{|}~]+(\.[\w!#$%&\'*+\-\/=?^`{|}~]+)*@[a-z\d]([a-z\d-]{0,62}[a-z\d])?(\.[a-z\d]([a-z\d-]{0,62}[a-z\d])?)*\.[a-z]{2,6}$/i';
    $lengthTest = '/^(.{1,64})@(.{4,255})$/';
    return (preg_match($formatTest, $email) && preg_match($lengthTest, $email));
}

 

Just include it in your page and call it from your current validation script

$email = (isset($_POST['email'])) trim(? $_POST['email']) : '';
if(empty($email))
{
    $error[]=urlencode('Please enter your email.');
}
elseif (!is_email($email))
{
    $error[] = urlencode('The Email address is invalid.');
}

 

here is a complete explanation of the validation done

//=====================================================
// Function: is_email ( string $email )
//
// Description: Finds whether the given string variable
//              is a properly formatted email.
//
// Parameters: $email the string being evaluated
//
// Return Values: Returns TRUE if $email is valid email
//                format, FALSE otherwise.
//=====================================================

// Format test
// - Username:
//     - Can contain the following characters: 
//         - Uppercase and lowercase English letters (a-z, A-Z) 
//         - Digits 0 to 9 
//         - Characters _ ! # $ % & ' * + - / = ? ^ ` { | } ~ 
//     - May contain '.' (periods), but cannot begin or end with a period
//       and they may not appear in succession (i.e. 2 or more in a row) 
//     - Must be between 1 and 64 characters 
// - Domain:
//     - Can contain the following characters: 'a-z', 'A-Z', '0-9', '-' (hyphen), and '.' (period). 
//     - There may be subdomains, separated by a period (.), but the combined domain may not
//       begin with a period and they not appear in succession (i.e. 2 or more in a row) 
//     - Domain/Subdomain name parts may not begin or end with a hyphen 
//     - Domain/Subdomain name parts must be between 1-64 characters
// - TLD accepts: 'a-z' & 'A-Z'
//
// Note: the domain and tld parts must be between 4 and 256 characters total 
//
// Length test
// - Username: 1 to 64 characters
// - Domain: 4 to 255 character

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.