Sylsky Posted July 18, 2011 Author Share Posted July 18, 2011 Sorry for triple post. I involved my code a little bit: added e-mail filter using a flag + a little "noob trick" which replace every "big spaces" by normal ones. $drap = 0; if (empty ($_POST['pseudo'])) { echo "Certains champs n'ont pas été remplis!<br>Veuillez <a href='formulaireinsc.php'>réessayer</a>."; } elseif (empty($_POST['mdp'])) { echo "Certains champs n'ont pas été remplis!<br>Veuillez <a href='formulaireinsc.php'>réessayer</a>."; } elseif (empty($_POST['email'])) { echo "Certains champs n'ont pas été remplis!<br>Veuillez <a href='formulaireinsc.php'>réessayer</a>."; } elseif (filter_var(($_POST['email']), FILTER_VALIDATE_EMAIL)) { $drap = 1; mysql_select_db("apprentissage", $con); $pseudo = mysql_real_escape_string($_POST['pseudo']); $mdp = mysql_real_escape_string($_POST['mdp']); $email = mysql_real_escape_string($_POST['email']); //retrait des espaces $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); $pseudo = str_replace(' ' ,' ',$pseudo); //fin retrait des espaces mysql_query("INSERT INTO membres (pseudo,mdp,email) VALUES ('$pseudo', '$mdp', '$email')"); echo "Vous êtes bien inscrit!"; } elseif ($drap == 0) { echo "L'adresse mail est incorrecte!"; } Now 2 problems: - People can still register with the same pseudo than the others (i heard about an "UNIQUE" to add somewhere, tried on UNIQUE VALUES but it didn't work). - People can still register with spaces only Could you help me, please? I have the feeling that my code is getting bigger and bigger, is it normal or i'm going the bad way? Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244270 Share on other sites More sharing options...
cyberRobot Posted July 18, 2011 Share Posted July 18, 2011 Did you try using trim()? $pseudo = mysql_real_escape_string( trim($_POST['pseudo']) ); Once you get trim() working, you shouldn't need all those str_replace() calls. Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244276 Share on other sites More sharing options...
Sylsky Posted July 18, 2011 Author Share Posted July 18, 2011 Even with trim people can still create accounts with spaces only: $pseudo = mysql_real_escape_string(htmlspecialchars(trim($_POST['pseudo']))); I also added htmlspecialchars because I readed it's better for pseudos. Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244282 Share on other sites More sharing options...
cyberRobot Posted July 18, 2011 Share Posted July 18, 2011 Whoops, the trim() needs to go before your tests: $_POST['pseudo'] = trim($_POST['pseudo']); if (empty ($_POST['pseudo'])) { //... Sorry about the confusion. Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244285 Share on other sites More sharing options...
Sylsky Posted July 18, 2011 Author Share Posted July 18, 2011 Alright, working now! Thanks! I let all those str_replace because trim is working only on the start/end of characters. So if someone put: super pseudo it will be transformed to: super pseudo Now, the last problem, how can I protect the pseudos/mail. I mean, I don't want people to register with the same pseudo/mail? I gotta select from the database all the pseudo/mails and compare with the new entries, but I really have no idea how to o.O Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244291 Share on other sites More sharing options...
Sylsky Posted July 18, 2011 Author Share Posted July 18, 2011 Tried to add this: $listedespseudos = mysql_query("SELECT pseudo FROM membres"); $pseudos = mysql_fetch_assoc($listedespseudos); elseif (ereg($_POST['pseudo'],$pseudos['pseudo'])) { echo "Pseudo déjà utilisé!"; } But not working: Parse error: syntax error, unexpected T_ELSEIF in C:\Users\Sylvain\Desktop\apprentissagePHP\insertion.php on line 28 Is it the way I should go? Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244312 Share on other sites More sharing options...
TeNDoLLA Posted July 19, 2011 Share Posted July 19, 2011 Replace the "else if" with just an "if". Else if's are supposed to be after an IF always. Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244463 Share on other sites More sharing options...
Psycho Posted July 19, 2011 Share Posted July 19, 2011 You could try: $_POST['pseudo'] = trim($_POST['pseudo']); if(isset($_POST['pseudo']) && $_POST['pseudo'] != '') { I realize this was back on page 1, but I wanted to comment on it nonetheless to prevent issues for others. The isset() in that code is worthless. The line before that you are explicitly setting a value for $_POST['pseudo'], so it will always be "set" once the if() condition is tested. A better method, in my opinion is as follows: $pseudo = (isset($_POST['pseudo'])) ? trim($_POST['pseudo']) : false; if(!empty($pseudo)) { Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244465 Share on other sites More sharing options...
Sylsky Posted July 19, 2011 Author Share Posted July 19, 2011 Ok, thanks, I took your comments in note. How can I verify if the user already exists in the database when the person is registering? I'm really blocked on this :/ Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244509 Share on other sites More sharing options...
cyberRobot Posted July 19, 2011 Share Posted July 19, 2011 I let all those str_replace because trim is working only on the start/end of characters. So if someone put: super pseudo it will be transformed to: super pseudo Instead or running all those str_replace() function. You could do the same thing with one preg_replace() function. For more information on regular expressions and the function, visit http://php.net/manual/en/function.preg-replace.php Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244587 Share on other sites More sharing options...
Sylsky Posted July 19, 2011 Author Share Posted July 19, 2011 Ok done x) and... How can I verify if the user already exists in the database when the person is registering? I'm really blocked on this :/ Link to comment https://forums.phpfreaks.com/topic/242231-question-about-insert/page/2/#findComment-1244883 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.