Jump to content

Recommended Posts

Hi,

 

I am getting un-wanted error messages with this register form. It should just go through to insert into db table but i keep getting:

 

"You must enter a valid address

Your invalid company description was:"

 

Here's the code.... register00.php:

 

<?PHP
session_start();
include('db.php');
/* set some validation variables */	 
if (isset($_POST['Submit'])){
$error_message = "";

/* DEFINE THE FUNCTION */
/* ============================================== */
/* ============================================== */
/* DO NOT MODIFY THIS FUNCTION */
function Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path) {
$s_path = trim($s_path);
$o_path = trim($o_path);
$save = $s_path . $save;
$file = $o_path . $file;
//	$ext = strtolower(end(explode('.',$save)));	
$a = explode('.', $save);
$ext = strtolower(end($a)); unset($a);

list($width, $height) = getimagesize($file) ; 
if(($width>$t_w) OR ($height>$t_h)) {
	$r1 = $t_w/$width;
	$r2 = $t_h/$height;
	if($r1<$r2) {
	  $size = $t_w/$width;
	}else{
	  $size = $t_h/$height;
	}
}else{
	$size=1;
}
$modwidth = $width * $size; 
$modheight = $height * $size; 
$tn = imagecreatetruecolor($modwidth, $modheight) ; 
switch ($ext) {
	case 'jpg':
	case 'jpeg':
				$image = imagecreatefromjpeg($file) ; 
	break;
	case 'gif':
				$image = imagecreatefromgif($file) ; 
	break;
	case 'png':
				$image = imagecreatefrompng($file) ; 
	break;
}
imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
imagejpeg($tn, $save, 100) ; 
return;
}
/* 		END OF RESIZE FUNCTION */

//This is the directory where images will be saved 
$target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; 
$target = $target . basename( $_FILES['upload']['name']); 

// Connects to your Database 
// session_start();
// include ('db.php');

//This gets all the other information from the form 
/* ============================================== */
/* ============================================== */
/* YOU NEED TO DO SOME VALIDATION AND SANITIZING OF YOUR FORM DATA */


if((!isset($_POST['company_name'])) || (strlen(trim($_POST['company_name'])) <5) || (trim($_POST['company_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['company_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid company name<br>";
$error_message .= "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .="Your invalid company name was: <font color=\"red\">" . $_POST['company_name'] . "</font><hr>";
}
/* END validating company_name */
/* =============================================== */

if((!isset($_POST['contact_name'])) || (strlen(trim($_POST['contact_name'])) <5) || (trim($_POST['contact_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['contact_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid contact name<br>";
$error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid contact name was: <font color=\"red\">" . $_POST['contact_name'] . "</font><hr>";
}
/* END validating contact_name */
/* =============================================== */



if((!isset($_POST['phone'])) || (strlen(trim($_POST['phone'])) <5) || (trim($_POST['phone']) != preg_replace("/[^0-9\s\-\_]/", "", trim($_POST['phone'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid phone<br>";
$error_message .= "Valid phones are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid phone was: <font color=\"red\">" . $_POST['phone'] . "</font><hr>";
}else{
$phone = trim($_POST['phone']);
}

/* END validating phone */
/* =============================================== */

/* =============================================== */
/* validating the email */
/* create a function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) {
$error_message .= "You must enter a valid email address<br>";
$error_message .= "The invalid email was: <font color=\"red\">" . $_POST['email'] . "</font><hr>";
}
/* END validating email */
/* =============================================== */

if((!isset($_POST['street1'])) || (strlen(trim($_POST['street1'])) <5) || (trim($_POST['street1']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street1'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid address<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['street1'] . "</font><hr>";
}
/* END validating street1 */
/* =============================================== */
/*
if((!isset($_POST['street2'])) || (strlen(trim($_POST['street2'])) <5) || (trim($_POST['street2']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street2'])))) { 
*/
/* if username is bad start building the error message */
/*
$error_message = "You must enter a valid address<br>";
$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['street2'] . "</font><hr>";
}
*/
/* END validating street2 */
/* =============================================== */

if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['premiumuser_description'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a Please add a Company Description<br>";
$error_message .= "Your invalid Please add a Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>";
}
/* END validating premiumuser_description */
/* =============================================== *


/* =============================================== */
/*
this section of code will set up an error message for the
username if ANY of the conditions occur
1) checks to see if $_POST['username'] is NOT set
2) if length of username is less than 5
3) if username has anything other than letter, numbers or underscores
*/
if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid username<br>";
$error_message .= "Valid usernames are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['username'] . "</font><hr>";
}
/* END validating username */
/* =============================================== */


/* =============================================== */
/*
this section of code will set up an error message for the
password if ANY of the conditions occur
1) checks to see if $_POST['upassword'] is NOT set
2) if length of upassword is less than 5
3) if upassword has anything other than letter, numbers or underscores
*/
if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid password<br>";
$error_message .= "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid password was: <font color=\"red\">" . $_POST['password'] . "</font><hr>";
}else{
$password = trim($_POST['password']);
}
/* END validating password */
/* =============================================== */

/* =============================================== */
/* check to see if username is already taken */
$username = mysql_real_escape_string(trim($_POST['username']));

$query1 = "SELECT username from companies WHERE username = '$username'";
$result1 = mysql_query($query1)  or die(mysql_error());
$count = mysql_num_rows($result1);
if($count>0) {
$error_message .= "The username: <font color=\"red\">" . $_POST['username'] . "</font> is taken.<hr>";
}

/* =============================================== */
/* if any of the post variables are invalid */
/* set the session variable and send back to the form page */
/*
NOT USED IN THIS EXAMPLE
if(strlen(trim($error_message))>0) {
$_SESSION['error_message'] =$error_message;
//	header("Location: register00.php");
//	exit();
}
*/
/* =============================================== */

$uploadDir = 'images/COMPANIES'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", 	"image/pjpeg", "image/jpeg", 	"image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height

//Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
/* ============================================== */
/* ============================================== */
/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
$upload = $_FILES['upload']['name'];
$o_path ="images/COMPANIES/";
$s_path = "images/thumbs/";
$file = $upload;
$save = $file;
$t_w = 200;
$t_h = 150;
/* ============================================== */
/* ============================================== */
/* DO NOT CHANGE THIS NEXT LINE */
Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);

 //Tells you if its all ok 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "The file ". $file . " has been uploaded, and your information has been added to the directory"; 

}else { 
//Gives and error if its not 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "Sorry, there was a problem uploading your file."; 
}


/* =============================================== */
/* PREPARE DATA FOR INSERTION INTO TABLE */
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}


//Writes the information to the database 
/* ============================================== */
/* ============================================== */
/* 
ALWAYS WRITE YOUR QUERIES AS STRINGS
THAT WAY WHEN TESTING, YOU CAN MAKE
SURE THAT THE VALUES CONTAIN WHAT YOU EXPECT
*/

if(empty($error_message)){  
$salt = createsalt();
$password = trim($_POST['password']);
$hash = hash('sha256', $salt, $password);
$approved = 0; 

$company_name = mysql_real_escape_string(trim($_POST['company_name']));
$contact_name = mysql_real_escape_string(trim($_POST['contact_name']));
$location = mysql_real_escape_string(trim($_POST['location']));
$postcode = mysql_real_escape_string(trim($_POST['postcode']));
$street1 = mysql_real_escape_string(trim($_POST['street1']));
$street2 = mysql_real_escape_string(trim($_POST['street2']));
$city = mysql_real_escape_string(trim($_POST['city']));
$phone = mysql_real_escape_string(trim($_POST['phone']));
$email = mysql_real_escape_string(trim($_POST['email']));
$premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description']));
$salt = mysql_real_escape_string($salt);
$upload = mysql_real_escape_string($upload);	
$query ="INSERT INTO `companies` (company_name, contact_name, location, postcode, street1, street2, city, phone, email, premiumuser_description, password, salt, approved, upload) VALUES ('$company_name', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$email', '$premiumuser_description', '$password', '$salt', '$approved', '$upload')";
$result = mysql_query($query) or die(mysql_error()); 
/* =============================================== */

/*
at this point we can send an email to the admin as well
as the user. 
DO NOT send the user's password to ANYONE!!!!
*/ 

}//if(empty($error_message))
}//if (isset($_POST['submit']))
?>

<html>
<body>
<?php
if (!empty($error_message)){ echo $error_message; }
?>
<form enctype="multipart/form-data" method="post" action="register00.php">
<table width="316" border="0"> 
<tr><td colspan=2><h1>Register/Sign Up</h1></td></tr> 
<tr><td>Company Name:</td><td> 
<input name="company_name" type="text" id="company_name" value="<?php
if (isset($_POST['company_name'])){ echo $_POST['company_name']; } ?>" />
</td></tr>
<tr><td>Contact Name:</td><td> 
<input name="contact_name" type="text" id="contact_name" value="<?php
if (isset($_POST['contact_name'])){ echo $_POST['contact_name']; } ?>" />
</td></tr>
<tr><td>Contact Number:</td><td> 
<input name="phone" type="number" id="phone" value="<?php
if (isset($_POST['phone'])){ echo $_POST['phone']; }else{ echo "incl. area code";} ?>" />
</td></tr>
<tr><td>Address line 1:</td><td> 
<input name="street1" type="text" id="street1" value="<?php
if (isset($_POST['street1'])){ echo $_POST['street1']; } ?>" />
</td></tr>
<tr><td>Address line 2:</td><td> 
<input name="street2" type="text" id="street2" value="<?php
if (isset($_POST['street2'])){ echo $_POST['street2']; } ?>" />
</td></tr>
<tr><td>Area:</td><td> 
<input name="location" type="text" id="location" value="<?php
if (isset($_POST['location'])){ echo $_POST['location']; } ?>" />
</td></tr>
<tr><td>City:</td><td> 
<input name="city" type="text" id="city" value="<?php
if (isset($_POST['city'])){ echo $_POST['city']; } ?>" />
</td></tr>
<tr><td>Postcode:</td><td> 
<input name="postcode" type="text" id="postcode" value="<?php
if (isset($_POST['postcode'])){ echo $_POST['postcode']; } ?>" />
</td></tr>
<tr><td>Username:</td><td> 
<input name="username" type="text" id="username" value="<?php
if (isset($_POST['username'])){ echo $_POST['username']; } ?>" />
</td></tr> 
<tr><td>Password:</td><td> 
<input name="password" type="password" class="style7" id="password" value="<?php
if (isset($_POST['password'])){ echo $_POST['password']; } ?>" /> 
</td></tr> 
<tr><td>Email:</td><td> 
<input name="email" type="text" class="style7" id="email" value="<?php
if (isset($_POST['email'])){ echo $_POST['email']; } ?>" />
</td></tr> 
<tr><td>Company Logo:</td><td> 
<input name="upload" type="file" class="style7" id="upload">
</td></tr>
<tr><td>Company Description:</td><td> 
<textarea rows="20" cols="50" name="premiumuser_description" id="premiumuser_description"><?php
if (isset($_POST['premiumuser_description'])){ echo "{$_POST['premiumuser_description']}"; } ?></textarea>
</td></tr>
<tr><td>
<input name="Submit" type="submit" value="Register" /> 
</td></tr> 
</table> 
</form>
</body>
</html>

 

Just a note to say that the image DOES upload to the folder(s) /COMPANIES and /thumbs but DOES NOT show up on display of the table? all other information isnt inserted/uploaded...

Link to comment
https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/
Share on other sites

Its this bit:

 

if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['premiumuser_description'])))) {
/* if username is bad start building the error message */
$error_message .= "Please add a Company Description<br>";
$error_message .= "Please add a Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>";
}
/* END validating premiumuser_description */
/* =============================================== *

 

The error message im getting is:

 

Please add a Company Description

YPlease add a Company Description was: If you require a fast and reliable transport service here\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide.

--------------------------------------------------------------------------------

The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory

 

 

Its odd becasue ive just put in the company description as: "testtesttesttesttesttesttesttesttesttesttesttest" and it uploaded??

 

Any light?

Please add a Company Description

Please add a Company Description was: If you require a fast and reliable transport service here\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide.

--------------------------------------------------------------------------------

The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory

 

 

 

Nothing is inserted to the db.?

Changed the normal_pattern to upper case P on patteren.

 

I get this error message:

 

Please add a Company Description

Please add a Company Description was:

 

If you require a fast and reliable transport service here\\\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\\\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide.

--------------------------------------------------------------------------------

The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory

<?PHP
session_start();
include('db.php');
/* set some validation variables */	 
if (isset($_POST['Submit'])){
$error_message = "";

/* DEFINE THE FUNCTION */
/* ============================================== */
/* ============================================== */
/* DO NOT MODIFY THIS FUNCTION */
function Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path) {
$s_path = trim($s_path);
$o_path = trim($o_path);
$save = $s_path . $save;
$file = $o_path . $file;
//	$ext = strtolower(end(explode('.',$save)));	
$a = explode('.', $save);
$ext = strtolower(end($a)); unset($a);

list($width, $height) = getimagesize($file) ; 
if(($width>$t_w) OR ($height>$t_h)) {
	$r1 = $t_w/$width;
	$r2 = $t_h/$height;
	if($r1<$r2) {
	  $size = $t_w/$width;
	}else{
	  $size = $t_h/$height;
	}
}else{
	$size=1;
}
$modwidth = $width * $size; 
$modheight = $height * $size; 
$tn = imagecreatetruecolor($modwidth, $modheight) ; 
switch ($ext) {
	case 'jpg':
	case 'jpeg':
				$image = imagecreatefromjpeg($file) ; 
	break;
	case 'gif':
				$image = imagecreatefromgif($file) ; 
	break;
	case 'png':
				$image = imagecreatefrompng($file) ; 
	break;
}
imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
imagejpeg($tn, $save, 100) ; 
return;
}
/* 		END OF RESIZE FUNCTION */

//This is the directory where images will be saved 
$target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; 
$target = $target . basename( $_FILES['upload']['name']); 

// Connects to your Database 
// session_start();
// include ('db.php');

//This gets all the other information from the form 
/* ============================================== */
/* ============================================== */
/* YOU NEED TO DO SOME VALIDATION AND SANITIZING OF YOUR FORM DATA */


if((!isset($_POST['company_name'])) || (strlen(trim($_POST['company_name'])) <5) || (trim($_POST['company_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['company_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid company name<br>";
$error_message .= "Valid names  are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .="Your invalid company name was: <font color=\"red\">" . $_POST['company_name'] . "</font><hr>";
}
/* END validating company_name */
/* =============================================== */

if((!isset($_POST['contact_name'])) || (strlen(trim($_POST['contact_name'])) <5) || (trim($_POST['contact_name']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['contact_name'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid contact name<br>";
$error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid contact name was: <font color=\"red\">" . $_POST['contact_name'] . "</font><hr>";
}
/* END validating contact_name */
/* =============================================== */



if((!isset($_POST['phone'])) || (strlen(trim($_POST['phone'])) <5) || (trim($_POST['phone']) != preg_replace("/[^0-9\s\-\_]/", "", trim($_POST['phone'])))) {	/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid phone<br>";
$error_message .= "Valid phones are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid phone was: <font color=\"red\">" . $_POST['phone'] . "</font><hr>";
}else{
$phone = trim($_POST['phone']);
}

/* END validating phone */
/* =============================================== */

/* =============================================== */
/* validating the email */
/* create a function */
function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) {
$error_message .= "You must enter a valid email address<br>";
$error_message .= "The invalid email was: <font color=\"red\">" . $_POST['email'] . "</font><hr>";
}
/* END validating email */
/* =============================================== */

if((!isset($_POST['street1'])) || (strlen(trim($_POST['street1'])) <5) || (trim($_POST['street1']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street1'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid address<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['street1'] . "</font><hr>";
}
/* END validating street1 */
/* =============================================== */
/*
if((!isset($_POST['street2'])) || (strlen(trim($_POST['street2'])) <5) || (trim($_POST['street2']) != 
preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", 
trim($_POST['street2'])))) { 
*/
/* if username is bad start building the error message */
/*
$error_message = "You must enter a valid address<br>";
$error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['street2'] . "</font><hr>";
}
*/
/* END validating street2 */
/* =============================================== */
$normal_Pattern = "/[^a-zA-Z0-9\s\-\'\,\.\_\(\)\&\"\!\`\~\!\@\#\$\%\^\*\+\[\]\{\}\:\;\?\/]/";
if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != 
preg_replace($normal_Pattern, "", 
trim($_POST['premiumuser_description'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a Company Description<br>";
$error_message .= "Your invalid Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>";
}
/* END validating premiumuser_description */
/* =============================================== *


/* =============================================== */
/*
this section of code will set up an error message for the
username if ANY of the conditions occur
1) checks to see if $_POST['username'] is NOT set
2) if length of username is less than 5
3) if username has anything other than letter, numbers or underscores
*/
if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) {
/* if username is bad start building the error message */
$error_message .= "You must enter a valid username<br>";
$error_message .= "Valid usernames are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['username'] . "</font><hr>";
}
/* END validating username */
/* =============================================== */


/* =============================================== */
/*
this section of code will set up an error message for the
password if ANY of the conditions occur
1) checks to see if $_POST['upassword'] is NOT set
2) if length of upassword is less than 5
3) if upassword has anything other than letter, numbers or underscores
*/
if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) {
/* if it is NOT set, then set the error variable and start building the error message */
$error_message .= "You must enter a valid password<br>";
$error_message .= "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>";
$error_message .= "Your invalid password was: <font color=\"red\">" . $_POST['password'] . "</font><hr>";
}else{
$password = trim($_POST['password']);
}
/* END validating password */
/* =============================================== */

/* =============================================== */
/* check to see if username is already taken */
$username = mysql_real_escape_string(trim($_POST['username']));

$query1 = "SELECT username from companies WHERE username = '$username'";
$result1 = mysql_query($query1)  or die(mysql_error());
$count = mysql_num_rows($result1);
if($count>0) {
$error_message .= "The username: <font color=\"red\">" . $_POST['username'] . "</font> is taken.<hr>";
}

/* =============================================== */
/* if any of the post variables are invalid */
/* set the session variable and send back to the form page */
/*
NOT USED IN THIS EXAMPLE
if(strlen(trim($error_message))>0) {
$_SESSION['error_message'] =$error_message;
//	header("Location: register00.php");
//	exit();
}
*/
/* =============================================== */

$uploadDir = 'images/COMPANIES'; /* main picture folder */
$max_height = 450;	/* 	largest height you allowed; 0 means any */
$max_width = 450; /*  largest width you allowed; 0 means any */
$max_file = 2000000;  /*  set the max file size in bytes */
$image_overwrite = 1;	 /* 0 means overwite; 1 means new name */
/* add or delete allowed image types */
$allowed_type01 = array(	"image/gif", 	"image/pjpeg", "image/jpeg", 	"image/png", "image/x-png", "image/jpg");
$do_thumb = 1;	 /*  1 make thumbnails; 0 means do NOT make */
$thumbDir = "/images/thumbs";  /*  thumbnail folder */
$thumb_prefix = "";  /*  prefix for thumbnails */
$thumb_width = 90; /*  max thumb width */
$thumb_height = 70;	// max thumb height

//Writes the photo to the server 
if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { 
/* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ 
/* ============================================== */
/* ============================================== */
/* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */
$upload = $_FILES['upload']['name'];
$o_path ="images/COMPANIES/";
$s_path = "images/thumbs/";
$file = $upload;
$save = $file;
$t_w = 200;
$t_h = 150;
/* ============================================== */
/* ============================================== */
/* DO NOT CHANGE THIS NEXT LINE */
Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path);

 //Tells you if its all ok 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "The file ". $file . " has been uploaded, and your information has been added to the directory"; 

}else { 
//Gives and error if its not 
/* ============================================== */
/* ============================================== */
/* PROVIDE A WAY FOR THEM TO GO SOMWHERE */
$error_message .= "Sorry, there was a problem uploading your file."; 
}


/* =============================================== */
/* PREPARE DATA FOR INSERTION INTO TABLE */
/* FUNCTION TO CREATE SALT */
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}


//Writes the information to the database 
/* ============================================== */
/* ============================================== */
/* 
ALWAYS WRITE YOUR QUERIES AS STRINGS
THAT WAY WHEN TESTING, YOU CAN MAKE
SURE THAT THE VALUES CONTAIN WHAT YOU EXPECT
*/

if(empty($error_message)){  
$salt = createsalt();
$password = trim($_POST['password']);
$hash = hash('sha256', $salt, $password);
$approved = 0; 

$company_name = mysql_real_escape_string(trim($_POST['company_name']));
$contact_name = mysql_real_escape_string(trim($_POST['contact_name']));
$location = mysql_real_escape_string(trim($_POST['location']));
$postcode = mysql_real_escape_string(trim($_POST['postcode']));
$street1 = mysql_real_escape_string(trim($_POST['street1']));
$street2 = mysql_real_escape_string(trim($_POST['street2']));
$city = mysql_real_escape_string(trim($_POST['city']));
$phone = mysql_real_escape_string(trim($_POST['phone']));
$email = mysql_real_escape_string(trim($_POST['email']));
$premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description']));
$salt = mysql_real_escape_string($salt);
$upload = mysql_real_escape_string($upload);	
$query ="INSERT INTO `companies` (company_name, contact_name, location, postcode, street1, street2, city, phone, email, premiumuser_description, password, salt, approved, upload) VALUES ('$company_name', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$email', '$premiumuser_description', '$password', '$salt', '$approved', '$upload')";
$result = mysql_query($query) or die(mysql_error()); 
/* =============================================== */

/*
at this point we can send an email to the admin as well
as the user. 
DO NOT send the user's password to ANYONE!!!!
*/ 

}//if(empty($error_message))
}//if (isset($_POST['submit']))
?>

<html>
<body>
<?php
if (!empty($error_message)){ echo $error_message; }
?>
<form enctype="multipart/form-data" method="post" action="register00.php">
<table width="316" border="0"> 
<tr><td colspan=2><h1>Register/Sign Up</h1></td></tr> 
<tr><td>Company Name:</td><td> 
<input name="company_name" type="text" id="company_name" value="<?php
if (isset($_POST['company_name'])){ echo $_POST['company_name']; } ?>" />
</td></tr>
<tr><td>Contact Name:</td><td> 
<input name="contact_name" type="text" id="contact_name" value="<?php
if (isset($_POST['contact_name'])){ echo $_POST['contact_name']; } ?>" />
</td></tr>
<tr><td>Contact Number:</td><td> 
<input name="phone" type="number" id="phone" value="<?php
if (isset($_POST['phone'])){ echo $_POST['phone']; }else{ echo "incl. area code";} ?>" />
</td></tr>
<tr><td>Address line 1:</td><td> 
<input name="street1" type="text" id="street1" value="<?php
if (isset($_POST['street1'])){ echo $_POST['street1']; } ?>" />
</td></tr>
<tr><td>Address line 2:</td><td> 
<input name="street2" type="text" id="street2" value="<?php
if (isset($_POST['street2'])){ echo $_POST['street2']; } ?>" />
</td></tr>
<tr><td>Area:</td><td> 
<input name="location" type="text" id="location" value="<?php
if (isset($_POST['location'])){ echo $_POST['location']; } ?>" />
</td></tr>
<tr><td>City:</td><td> 
<input name="city" type="text" id="city" value="<?php
if (isset($_POST['city'])){ echo $_POST['city']; } ?>" />
</td></tr>
<tr><td>Postcode:</td><td> 
<input name="postcode" type="text" id="postcode" value="<?php
if (isset($_POST['postcode'])){ echo $_POST['postcode']; } ?>" />
</td></tr>
<tr><td>Username:</td><td> 
<input name="username" type="text" id="username" value="<?php
if (isset($_POST['username'])){ echo $_POST['username']; } ?>" />
</td></tr> 
<tr><td>Password:</td><td> 
<input name="password" type="password" class="style7" id="password" value="<?php
if (isset($_POST['password'])){ echo $_POST['password']; } ?>" /> 
</td></tr> 
<tr><td>Email:</td><td> 
<input name="email" type="text" class="style7" id="email" value="<?php
if (isset($_POST['email'])){ echo $_POST['email']; } ?>" />
</td></tr> 
<tr><td>Company Logo:</td><td> 
<input name="upload" type="file" class="style7" id="upload">
</td></tr>
<tr><td>Company Description:</td><td> 
<textarea rows="20" cols="50" name="premiumuser_description" id="premiumuser_description"><?php
if (isset($_POST['premiumuser_description'])){ echo "{$_POST['premiumuser_description']}"; } ?></textarea>
</td></tr>
<tr><td>
<input name="Submit" type="submit" value="Register" /> 
</td></tr> 
</table> 
</form>
</body>
</html>

The reason your validation of the description is failing is because magic_quotes_gpc is turned on and it is adding \ escape characters to the data (don't simply add the \ character to the preg_replace pattern because that will create a mess, you must fix what magic_quotes_gpc is doing to the data.)

 

You either need to turn magic_quotes_gpc off or you need to detect if magic_quotes_gpc is on (see get_magic_quotes_gpc ) and remove the \ characters (see stripslashes) from all external data (thanks php.net for more wasted time btw.) If you don't do this, your data will be double escaped (because you are properly escaping it using mysql_real_escape_string before putting it into the query statement) and you will end up with a mess in your database (thanks again php.net for creating a mess.)

Here's some code that will fix what magic_quotes_gpc (get/post/cookie) does, in case you cannot turn the setting off or you want your code to work on any server without needing to mess with a setting that cannot be turned off at runtime -

 

<?php
if(get_magic_quotes_gpc()){
$_GET = array_map('stripslashes',$_GET);
$_POST = array_map('stripslashes',$_POST);
$_COOKIE = array_map('stripslashes',$_COOKIE);
}

That validation logic is foobar. The isset() doesn't do anything because text/textarea form fields are set, even if they are empty (you already know the form has been submitted with the isset($_POST['Submit']) statement). When validating user supplied input, you should NEVER lump tests together. You need to specifically tell the user what was wrong with his input.

 

Here is what that specific validation logic should do -

 

<?php
$min_description_length = 5; // the minimum you want to allow
$max_description_length = 2000; // set to your database table field size

$_POST['premiumuser_description'] = trim($_POST['premiumuser_description']); // condition input
if($_POST['premiumuser_description'] == ''){
// empty string
$error_message .= "You must enter a Company Description<br>";
$error_message .= "Your Company Description was empty<hr>";
} else {
// not empty
$desc_length = strlen($_POST['premiumuser_description']);
if($desc_length < $min_description_length){
	// less than minimum characters (this bed is too small)
	$error_message .= "You must enter a Company Description<br>";
	$error_message .= "Your Company Description was less than $min_description_length characters<hr>";
}
if($desc_length > $max_description_length){
	// greater than maximum (this bed is too big)
	$error_message .= "You must enter a Company Description<br>";
	$error_message .= "Your Company Description was: " . number_format($desc_length) . "characters. The maximum permitted is: " . number_format($max_description_length) ." characters<hr>";
}
if($desc_length >= 5 && $desc_length <= $max_description_length){
	// length is okay (this bed is just right)
	// check for invalid characters
	// NOTE: This is not the same anti (^) pattern that was used in the starting code
	$rep = preg_replace("/[a-zA-Z0-9\s\-\'\,\.\_]/", "", $_POST['premiumuser_description']); // strip out allowed characters
	if($rep != ''){
		// some invalid characters found
		$error_message .= "You must enter a Company Description<br>";
		$error_message .= "Your Company Description contained the following invalid characters: <font color='red'>$rep</font><hr>";	

		// if you want to display the whole message for reference, do that here...
	}
}
}

And if you really wanted to maximize the user's experience on your site, you can even highlight the invalid characters when you redisplay the data -

 

<?php
	if($rep != ''){
		// some invalid characters found
		$search = str_replace('/','\/',addslashes(implode('|',array_unique(str_split($rep))))); // form a replace pattern
		$string = preg_replace("/($search)/i",'<span class="highlight">[ \1 ]</span>',$_POST['premiumuser_description']);
		$error_message .= "You must enter a Company Description<br>";
		$error_message .= "Your Company Description contained the following invalid characters: <span class='highlight'>$rep</span>, ";
		$error_message .= "highlighted in the following:<br><br>$string<hr>";
	}

 

The css for the above would be -

 

<style type="text/css">
span.highlight {font-weight:bold; color:red;} 
</style>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.