andy_b_1502 Posted April 6, 2012 Share Posted April 6, 2012 Hi, I am getting un-wanted error messages with this register form. It should just go through to insert into db table but i keep getting: "You must enter a valid address Your invalid company description was:" Here's the code.... register00.php: <?PHP session_start(); include('db.php'); /* set some validation variables */ if (isset($_POST['Submit'])){ $error_message = ""; /* DEFINE THE FUNCTION */ /* ============================================== */ /* ============================================== */ /* DO NOT MODIFY THIS FUNCTION */ function Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path) { $s_path = trim($s_path); $o_path = trim($o_path); $save = $s_path . $save; $file = $o_path . $file; // $ext = strtolower(end(explode('.',$save))); $a = explode('.', $save); $ext = strtolower(end($a)); unset($a); list($width, $height) = getimagesize($file) ; if(($width>$t_w) OR ($height>$t_h)) { $r1 = $t_w/$width; $r2 = $t_h/$height; if($r1<$r2) { $size = $t_w/$width; }else{ $size = $t_h/$height; } }else{ $size=1; } $modwidth = $width * $size; $modheight = $height * $size; $tn = imagecreatetruecolor($modwidth, $modheight) ; switch ($ext) { case 'jpg': case 'jpeg': $image = imagecreatefromjpeg($file) ; break; case 'gif': $image = imagecreatefromgif($file) ; break; case 'png': $image = imagecreatefrompng($file) ; break; } imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; imagejpeg($tn, $save, 100) ; return; } /* END OF RESIZE FUNCTION */ //This is the directory where images will be saved $target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; $target = $target . basename( $_FILES['upload']['name']); // Connects to your Database // session_start(); // include ('db.php'); //This gets all the other information from the form /* ============================================== */ /* ============================================== */ /* YOU NEED TO DO SOME VALIDATION AND SANITIZING OF YOUR FORM DATA */ if((!isset($_POST['company_name'])) || (strlen(trim($_POST['company_name'])) <5) || (trim($_POST['company_name']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['company_name'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid company name<br>"; $error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .="Your invalid company name was: <font color=\"red\">" . $_POST['company_name'] . "</font><hr>"; } /* END validating company_name */ /* =============================================== */ if((!isset($_POST['contact_name'])) || (strlen(trim($_POST['contact_name'])) <5) || (trim($_POST['contact_name']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['contact_name'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid contact name<br>"; $error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid contact name was: <font color=\"red\">" . $_POST['contact_name'] . "</font><hr>"; } /* END validating contact_name */ /* =============================================== */ if((!isset($_POST['phone'])) || (strlen(trim($_POST['phone'])) <5) || (trim($_POST['phone']) != preg_replace("/[^0-9\s\-\_]/", "", trim($_POST['phone'])))) { /* if it is NOT set, then set the error variable and start building the error message */ $error_message .= "You must enter a valid phone<br>"; $error_message .= "Valid phones are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid phone was: <font color=\"red\">" . $_POST['phone'] . "</font><hr>"; }else{ $phone = trim($_POST['phone']); } /* END validating phone */ /* =============================================== */ /* =============================================== */ /* validating the email */ /* create a function */ function validateEmailAddress($email) { return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email); } if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) { $error_message .= "You must enter a valid email address<br>"; $error_message .= "The invalid email was: <font color=\"red\">" . $_POST['email'] . "</font><hr>"; } /* END validating email */ /* =============================================== */ if((!isset($_POST['street1'])) || (strlen(trim($_POST['street1'])) <5) || (trim($_POST['street1']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['street1'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid address<br>"; $error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['street1'] . "</font><hr>"; } /* END validating street1 */ /* =============================================== */ /* if((!isset($_POST['street2'])) || (strlen(trim($_POST['street2'])) <5) || (trim($_POST['street2']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['street2'])))) { */ /* if username is bad start building the error message */ /* $error_message = "You must enter a valid address<br>"; $error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['street2'] . "</font><hr>"; } */ /* END validating street2 */ /* =============================================== */ if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['premiumuser_description'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a Please add a Company Description<br>"; $error_message .= "Your invalid Please add a Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>"; } /* END validating premiumuser_description */ /* =============================================== * /* =============================================== */ /* this section of code will set up an error message for the username if ANY of the conditions occur 1) checks to see if $_POST['username'] is NOT set 2) if length of username is less than 5 3) if username has anything other than letter, numbers or underscores */ if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid username<br>"; $error_message .= "Valid usernames are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['username'] . "</font><hr>"; } /* END validating username */ /* =============================================== */ /* =============================================== */ /* this section of code will set up an error message for the password if ANY of the conditions occur 1) checks to see if $_POST['upassword'] is NOT set 2) if length of upassword is less than 5 3) if upassword has anything other than letter, numbers or underscores */ if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) { /* if it is NOT set, then set the error variable and start building the error message */ $error_message .= "You must enter a valid password<br>"; $error_message .= "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid password was: <font color=\"red\">" . $_POST['password'] . "</font><hr>"; }else{ $password = trim($_POST['password']); } /* END validating password */ /* =============================================== */ /* =============================================== */ /* check to see if username is already taken */ $username = mysql_real_escape_string(trim($_POST['username'])); $query1 = "SELECT username from companies WHERE username = '$username'"; $result1 = mysql_query($query1) or die(mysql_error()); $count = mysql_num_rows($result1); if($count>0) { $error_message .= "The username: <font color=\"red\">" . $_POST['username'] . "</font> is taken.<hr>"; } /* =============================================== */ /* if any of the post variables are invalid */ /* set the session variable and send back to the form page */ /* NOT USED IN THIS EXAMPLE if(strlen(trim($error_message))>0) { $_SESSION['error_message'] =$error_message; // header("Location: register00.php"); // exit(); } */ /* =============================================== */ $uploadDir = 'images/COMPANIES'; /* main picture folder */ $max_height = 450; /* largest height you allowed; 0 means any */ $max_width = 450; /* largest width you allowed; 0 means any */ $max_file = 2000000; /* set the max file size in bytes */ $image_overwrite = 1; /* 0 means overwite; 1 means new name */ /* add or delete allowed image types */ $allowed_type01 = array( "image/gif", "image/pjpeg", "image/jpeg", "image/png", "image/x-png", "image/jpg"); $do_thumb = 1; /* 1 make thumbnails; 0 means do NOT make */ $thumbDir = "/images/thumbs"; /* thumbnail folder */ $thumb_prefix = ""; /* prefix for thumbnails */ $thumb_width = 90; /* max thumb width */ $thumb_height = 70; // max thumb height //Writes the photo to the server if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { /* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ /* ============================================== */ /* ============================================== */ /* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */ $upload = $_FILES['upload']['name']; $o_path ="images/COMPANIES/"; $s_path = "images/thumbs/"; $file = $upload; $save = $file; $t_w = 200; $t_h = 150; /* ============================================== */ /* ============================================== */ /* DO NOT CHANGE THIS NEXT LINE */ Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path); //Tells you if its all ok /* ============================================== */ /* ============================================== */ /* PROVIDE A WAY FOR THEM TO GO SOMWHERE */ $error_message .= "The file ". $file . " has been uploaded, and your information has been added to the directory"; }else { //Gives and error if its not /* ============================================== */ /* ============================================== */ /* PROVIDE A WAY FOR THEM TO GO SOMWHERE */ $error_message .= "Sorry, there was a problem uploading your file."; } /* =============================================== */ /* PREPARE DATA FOR INSERTION INTO TABLE */ /* FUNCTION TO CREATE SALT */ function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } //Writes the information to the database /* ============================================== */ /* ============================================== */ /* ALWAYS WRITE YOUR QUERIES AS STRINGS THAT WAY WHEN TESTING, YOU CAN MAKE SURE THAT THE VALUES CONTAIN WHAT YOU EXPECT */ if(empty($error_message)){ $salt = createsalt(); $password = trim($_POST['password']); $hash = hash('sha256', $salt, $password); $approved = 0; $company_name = mysql_real_escape_string(trim($_POST['company_name'])); $contact_name = mysql_real_escape_string(trim($_POST['contact_name'])); $location = mysql_real_escape_string(trim($_POST['location'])); $postcode = mysql_real_escape_string(trim($_POST['postcode'])); $street1 = mysql_real_escape_string(trim($_POST['street1'])); $street2 = mysql_real_escape_string(trim($_POST['street2'])); $city = mysql_real_escape_string(trim($_POST['city'])); $phone = mysql_real_escape_string(trim($_POST['phone'])); $email = mysql_real_escape_string(trim($_POST['email'])); $premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description'])); $salt = mysql_real_escape_string($salt); $upload = mysql_real_escape_string($upload); $query ="INSERT INTO `companies` (company_name, contact_name, location, postcode, street1, street2, city, phone, email, premiumuser_description, password, salt, approved, upload) VALUES ('$company_name', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$email', '$premiumuser_description', '$password', '$salt', '$approved', '$upload')"; $result = mysql_query($query) or die(mysql_error()); /* =============================================== */ /* at this point we can send an email to the admin as well as the user. DO NOT send the user's password to ANYONE!!!! */ }//if(empty($error_message)) }//if (isset($_POST['submit'])) ?> <html> <body> <?php if (!empty($error_message)){ echo $error_message; } ?> <form enctype="multipart/form-data" method="post" action="register00.php"> <table width="316" border="0"> <tr><td colspan=2><h1>Register/Sign Up</h1></td></tr> <tr><td>Company Name:</td><td> <input name="company_name" type="text" id="company_name" value="<?php if (isset($_POST['company_name'])){ echo $_POST['company_name']; } ?>" /> </td></tr> <tr><td>Contact Name:</td><td> <input name="contact_name" type="text" id="contact_name" value="<?php if (isset($_POST['contact_name'])){ echo $_POST['contact_name']; } ?>" /> </td></tr> <tr><td>Contact Number:</td><td> <input name="phone" type="number" id="phone" value="<?php if (isset($_POST['phone'])){ echo $_POST['phone']; }else{ echo "incl. area code";} ?>" /> </td></tr> <tr><td>Address line 1:</td><td> <input name="street1" type="text" id="street1" value="<?php if (isset($_POST['street1'])){ echo $_POST['street1']; } ?>" /> </td></tr> <tr><td>Address line 2:</td><td> <input name="street2" type="text" id="street2" value="<?php if (isset($_POST['street2'])){ echo $_POST['street2']; } ?>" /> </td></tr> <tr><td>Area:</td><td> <input name="location" type="text" id="location" value="<?php if (isset($_POST['location'])){ echo $_POST['location']; } ?>" /> </td></tr> <tr><td>City:</td><td> <input name="city" type="text" id="city" value="<?php if (isset($_POST['city'])){ echo $_POST['city']; } ?>" /> </td></tr> <tr><td>Postcode:</td><td> <input name="postcode" type="text" id="postcode" value="<?php if (isset($_POST['postcode'])){ echo $_POST['postcode']; } ?>" /> </td></tr> <tr><td>Username:</td><td> <input name="username" type="text" id="username" value="<?php if (isset($_POST['username'])){ echo $_POST['username']; } ?>" /> </td></tr> <tr><td>Password:</td><td> <input name="password" type="password" class="style7" id="password" value="<?php if (isset($_POST['password'])){ echo $_POST['password']; } ?>" /> </td></tr> <tr><td>Email:</td><td> <input name="email" type="text" class="style7" id="email" value="<?php if (isset($_POST['email'])){ echo $_POST['email']; } ?>" /> </td></tr> <tr><td>Company Logo:</td><td> <input name="upload" type="file" class="style7" id="upload"> </td></tr> <tr><td>Company Description:</td><td> <textarea rows="20" cols="50" name="premiumuser_description" id="premiumuser_description"><?php if (isset($_POST['premiumuser_description'])){ echo "{$_POST['premiumuser_description']}"; } ?></textarea> </td></tr> <tr><td> <input name="Submit" type="submit" value="Register" /> </td></tr> </table> </form> </body> </html> Just a note to say that the image DOES upload to the folder(s) /COMPANIES and /thumbs but DOES NOT show up on display of the table? all other information isnt inserted/uploaded... Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/ Share on other sites More sharing options...
cpd Posted April 6, 2012 Share Posted April 6, 2012 I can't even find the phrase "Your invalid company description was". Are you sure this is your error? Moreover, you need to rethink your password validation as it prevents people from using common characters found in passwords... Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1334912 Share on other sites More sharing options...
andy_b_1502 Posted April 6, 2012 Author Share Posted April 6, 2012 Its this bit: if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['premiumuser_description'])))) { /* if username is bad start building the error message */ $error_message .= "Please add a Company Description<br>"; $error_message .= "Please add a Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>"; } /* END validating premiumuser_description */ /* =============================================== * The error message im getting is: Please add a Company Description YPlease add a Company Description was: If you require a fast and reliable transport service here\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide. -------------------------------------------------------------------------------- The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory Its odd becasue ive just put in the company description as: "testtesttesttesttesttesttesttesttesttesttesttest" and it uploaded?? Any light? Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1334918 Share on other sites More sharing options...
litebearer Posted April 6, 2012 Share Posted April 6, 2012 try the attached 17994_.php Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1334929 Share on other sites More sharing options...
andy_b_1502 Posted April 6, 2012 Author Share Posted April 6, 2012 Please add a Company Description Please add a Company Description was: If you require a fast and reliable transport service here\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide. -------------------------------------------------------------------------------- The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory Nothing is inserted to the db.? Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1334966 Share on other sites More sharing options...
litebearer Posted April 6, 2012 Share Posted April 6, 2012 replace this (notice the lowercase p in pattern)... preg_replace($normal_pattern with this... preg_replace($normal_Pattern Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1334972 Share on other sites More sharing options...
andy_b_1502 Posted April 6, 2012 Author Share Posted April 6, 2012 Changed the normal_pattern to upper case P on patteren. I get this error message: Please add a Company Description Please add a Company Description was: If you require a fast and reliable transport service here\\\'s bit about 360 Transport Solutions Ltd... 360 Transport Solutions LTD are a small independent, Midland\\\'s-based company just off the M6 toll road, Transporting goods from emergency parcels to high value products nationwide. We are open 24 hours a day seven days a week. We offer competitive based pricing on an easy: postcode to postcode structure. Our vehicle range at this current moment is 8 long wheel based sprinters with a capacity of 1.3 tonne in weight per vehicle and a maximum of 5 pallets. Our aim is to give you the customer a first class service keeping you up to date with your delivery goods. We deliver throughout the UK and Europe, same day/ next day, All our colleagues are fully uniformed and put 100% effort into creating the best delivery service we can provide. -------------------------------------------------------------------------------- The file 360transportheader2012.jpg has been uploaded, and your information has been added to the directory Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1334995 Share on other sites More sharing options...
andy_b_1502 Posted April 7, 2012 Author Share Posted April 7, 2012 There's a lot of code commented out, what's the reason for this? Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335162 Share on other sites More sharing options...
andy_b_1502 Posted April 7, 2012 Author Share Posted April 7, 2012 <?PHP session_start(); include('db.php'); /* set some validation variables */ if (isset($_POST['Submit'])){ $error_message = ""; /* DEFINE THE FUNCTION */ /* ============================================== */ /* ============================================== */ /* DO NOT MODIFY THIS FUNCTION */ function Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path) { $s_path = trim($s_path); $o_path = trim($o_path); $save = $s_path . $save; $file = $o_path . $file; // $ext = strtolower(end(explode('.',$save))); $a = explode('.', $save); $ext = strtolower(end($a)); unset($a); list($width, $height) = getimagesize($file) ; if(($width>$t_w) OR ($height>$t_h)) { $r1 = $t_w/$width; $r2 = $t_h/$height; if($r1<$r2) { $size = $t_w/$width; }else{ $size = $t_h/$height; } }else{ $size=1; } $modwidth = $width * $size; $modheight = $height * $size; $tn = imagecreatetruecolor($modwidth, $modheight) ; switch ($ext) { case 'jpg': case 'jpeg': $image = imagecreatefromjpeg($file) ; break; case 'gif': $image = imagecreatefromgif($file) ; break; case 'png': $image = imagecreatefrompng($file) ; break; } imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; imagejpeg($tn, $save, 100) ; return; } /* END OF RESIZE FUNCTION */ //This is the directory where images will be saved $target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES/"; $target = $target . basename( $_FILES['upload']['name']); // Connects to your Database // session_start(); // include ('db.php'); //This gets all the other information from the form /* ============================================== */ /* ============================================== */ /* YOU NEED TO DO SOME VALIDATION AND SANITIZING OF YOUR FORM DATA */ if((!isset($_POST['company_name'])) || (strlen(trim($_POST['company_name'])) <5) || (trim($_POST['company_name']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['company_name'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid company name<br>"; $error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .="Your invalid company name was: <font color=\"red\">" . $_POST['company_name'] . "</font><hr>"; } /* END validating company_name */ /* =============================================== */ if((!isset($_POST['contact_name'])) || (strlen(trim($_POST['contact_name'])) <5) || (trim($_POST['contact_name']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['contact_name'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid contact name<br>"; $error_message .= "Valid names are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid contact name was: <font color=\"red\">" . $_POST['contact_name'] . "</font><hr>"; } /* END validating contact_name */ /* =============================================== */ if((!isset($_POST['phone'])) || (strlen(trim($_POST['phone'])) <5) || (trim($_POST['phone']) != preg_replace("/[^0-9\s\-\_]/", "", trim($_POST['phone'])))) { /* if it is NOT set, then set the error variable and start building the error message */ $error_message .= "You must enter a valid phone<br>"; $error_message .= "Valid phones are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid phone was: <font color=\"red\">" . $_POST['phone'] . "</font><hr>"; }else{ $phone = trim($_POST['phone']); } /* END validating phone */ /* =============================================== */ /* =============================================== */ /* validating the email */ /* create a function */ function validateEmailAddress($email) { return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email); } if(!isset($_POST['email']) || validateEmailAddress($_POST['email']) !=1) { $error_message .= "You must enter a valid email address<br>"; $error_message .= "The invalid email was: <font color=\"red\">" . $_POST['email'] . "</font><hr>"; } /* END validating email */ /* =============================================== */ if((!isset($_POST['street1'])) || (strlen(trim($_POST['street1'])) <5) || (trim($_POST['street1']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['street1'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid address<br>"; $error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['street1'] . "</font><hr>"; } /* END validating street1 */ /* =============================================== */ /* if((!isset($_POST['street2'])) || (strlen(trim($_POST['street2'])) <5) || (trim($_POST['street2']) != preg_replace("/[^a-zA-Z0-9\s\-\'\,\.\_]/", "", trim($_POST['street2'])))) { */ /* if username is bad start building the error message */ /* $error_message = "You must enter a valid address<br>"; $error_message = $error_message . 'Your invalid name was: <font color="red">' . $_POST['street2'] . "</font><hr>"; } */ /* END validating street2 */ /* =============================================== */ $normal_Pattern = "/[^a-zA-Z0-9\s\-\'\,\.\_\(\)\&\"\!\`\~\!\@\#\$\%\^\*\+\[\]\{\}\:\;\?\/]/"; if((!isset($_POST['premiumuser_description'])) || (strlen(trim($_POST['premiumuser_description'])) <5) || (trim($_POST['premiumuser_description']) != preg_replace($normal_Pattern, "", trim($_POST['premiumuser_description'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a Company Description<br>"; $error_message .= "Your invalid Company Description was: <font color=\"red\">" . $_POST['premiumuser_description'] . "</font><hr>"; } /* END validating premiumuser_description */ /* =============================================== * /* =============================================== */ /* this section of code will set up an error message for the username if ANY of the conditions occur 1) checks to see if $_POST['username'] is NOT set 2) if length of username is less than 5 3) if username has anything other than letter, numbers or underscores */ if((!isset($_POST['username'])) || (strlen(trim($_POST['username'])) <5) || (trim($_POST['username']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['username'])))) { /* if username is bad start building the error message */ $error_message .= "You must enter a valid username<br>"; $error_message .= "Valid usernames are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid name was: <font color=\"red\">" . $_POST['username'] . "</font><hr>"; } /* END validating username */ /* =============================================== */ /* =============================================== */ /* this section of code will set up an error message for the password if ANY of the conditions occur 1) checks to see if $_POST['upassword'] is NOT set 2) if length of upassword is less than 5 3) if upassword has anything other than letter, numbers or underscores */ if((!isset($_POST['password'])) || (strlen(trim($_POST['password'])) <5) || (trim($_POST['password']) != preg_replace("/[^a-zA-Z0-9\_]/", "", trim($_POST['password'])))) { /* if it is NOT set, then set the error variable and start building the error message */ $error_message .= "You must enter a valid password<br>"; $error_message .= "Valid passwords are min 5 characters and use letters, numbers and underscores only.<br>"; $error_message .= "Your invalid password was: <font color=\"red\">" . $_POST['password'] . "</font><hr>"; }else{ $password = trim($_POST['password']); } /* END validating password */ /* =============================================== */ /* =============================================== */ /* check to see if username is already taken */ $username = mysql_real_escape_string(trim($_POST['username'])); $query1 = "SELECT username from companies WHERE username = '$username'"; $result1 = mysql_query($query1) or die(mysql_error()); $count = mysql_num_rows($result1); if($count>0) { $error_message .= "The username: <font color=\"red\">" . $_POST['username'] . "</font> is taken.<hr>"; } /* =============================================== */ /* if any of the post variables are invalid */ /* set the session variable and send back to the form page */ /* NOT USED IN THIS EXAMPLE if(strlen(trim($error_message))>0) { $_SESSION['error_message'] =$error_message; // header("Location: register00.php"); // exit(); } */ /* =============================================== */ $uploadDir = 'images/COMPANIES'; /* main picture folder */ $max_height = 450; /* largest height you allowed; 0 means any */ $max_width = 450; /* largest width you allowed; 0 means any */ $max_file = 2000000; /* set the max file size in bytes */ $image_overwrite = 1; /* 0 means overwite; 1 means new name */ /* add or delete allowed image types */ $allowed_type01 = array( "image/gif", "image/pjpeg", "image/jpeg", "image/png", "image/x-png", "image/jpg"); $do_thumb = 1; /* 1 make thumbnails; 0 means do NOT make */ $thumbDir = "/images/thumbs"; /* thumbnail folder */ $thumb_prefix = ""; /* prefix for thumbnails */ $thumb_width = 90; /* max thumb width */ $thumb_height = 70; // max thumb height //Writes the photo to the server if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { /* HERE IS WHERE WE WILL DO THE ACTUAL RESIZING */ /* ============================================== */ /* ============================================== */ /* THESE SIX PARAMETERS MAY BE CHANGED TO SUIT YOUR NEEDS */ $upload = $_FILES['upload']['name']; $o_path ="images/COMPANIES/"; $s_path = "images/thumbs/"; $file = $upload; $save = $file; $t_w = 200; $t_h = 150; /* ============================================== */ /* ============================================== */ /* DO NOT CHANGE THIS NEXT LINE */ Resize_Image($save,$file,$t_w,$t_h,$s_path,$o_path); //Tells you if its all ok /* ============================================== */ /* ============================================== */ /* PROVIDE A WAY FOR THEM TO GO SOMWHERE */ $error_message .= "The file ". $file . " has been uploaded, and your information has been added to the directory"; }else { //Gives and error if its not /* ============================================== */ /* ============================================== */ /* PROVIDE A WAY FOR THEM TO GO SOMWHERE */ $error_message .= "Sorry, there was a problem uploading your file."; } /* =============================================== */ /* PREPARE DATA FOR INSERTION INTO TABLE */ /* FUNCTION TO CREATE SALT */ function createSalt() { $string = md5(uniqid(rand(), true)); return substr($string, 0, 3); } //Writes the information to the database /* ============================================== */ /* ============================================== */ /* ALWAYS WRITE YOUR QUERIES AS STRINGS THAT WAY WHEN TESTING, YOU CAN MAKE SURE THAT THE VALUES CONTAIN WHAT YOU EXPECT */ if(empty($error_message)){ $salt = createsalt(); $password = trim($_POST['password']); $hash = hash('sha256', $salt, $password); $approved = 0; $company_name = mysql_real_escape_string(trim($_POST['company_name'])); $contact_name = mysql_real_escape_string(trim($_POST['contact_name'])); $location = mysql_real_escape_string(trim($_POST['location'])); $postcode = mysql_real_escape_string(trim($_POST['postcode'])); $street1 = mysql_real_escape_string(trim($_POST['street1'])); $street2 = mysql_real_escape_string(trim($_POST['street2'])); $city = mysql_real_escape_string(trim($_POST['city'])); $phone = mysql_real_escape_string(trim($_POST['phone'])); $email = mysql_real_escape_string(trim($_POST['email'])); $premiumuser_description = mysql_real_escape_string(trim($_POST['premiumuser_description'])); $salt = mysql_real_escape_string($salt); $upload = mysql_real_escape_string($upload); $query ="INSERT INTO `companies` (company_name, contact_name, location, postcode, street1, street2, city, phone, email, premiumuser_description, password, salt, approved, upload) VALUES ('$company_name', '$contact_name', '$location', '$postcode', '$street1', '$street2', '$city', '$phone', '$email', '$premiumuser_description', '$password', '$salt', '$approved', '$upload')"; $result = mysql_query($query) or die(mysql_error()); /* =============================================== */ /* at this point we can send an email to the admin as well as the user. DO NOT send the user's password to ANYONE!!!! */ }//if(empty($error_message)) }//if (isset($_POST['submit'])) ?> <html> <body> <?php if (!empty($error_message)){ echo $error_message; } ?> <form enctype="multipart/form-data" method="post" action="register00.php"> <table width="316" border="0"> <tr><td colspan=2><h1>Register/Sign Up</h1></td></tr> <tr><td>Company Name:</td><td> <input name="company_name" type="text" id="company_name" value="<?php if (isset($_POST['company_name'])){ echo $_POST['company_name']; } ?>" /> </td></tr> <tr><td>Contact Name:</td><td> <input name="contact_name" type="text" id="contact_name" value="<?php if (isset($_POST['contact_name'])){ echo $_POST['contact_name']; } ?>" /> </td></tr> <tr><td>Contact Number:</td><td> <input name="phone" type="number" id="phone" value="<?php if (isset($_POST['phone'])){ echo $_POST['phone']; }else{ echo "incl. area code";} ?>" /> </td></tr> <tr><td>Address line 1:</td><td> <input name="street1" type="text" id="street1" value="<?php if (isset($_POST['street1'])){ echo $_POST['street1']; } ?>" /> </td></tr> <tr><td>Address line 2:</td><td> <input name="street2" type="text" id="street2" value="<?php if (isset($_POST['street2'])){ echo $_POST['street2']; } ?>" /> </td></tr> <tr><td>Area:</td><td> <input name="location" type="text" id="location" value="<?php if (isset($_POST['location'])){ echo $_POST['location']; } ?>" /> </td></tr> <tr><td>City:</td><td> <input name="city" type="text" id="city" value="<?php if (isset($_POST['city'])){ echo $_POST['city']; } ?>" /> </td></tr> <tr><td>Postcode:</td><td> <input name="postcode" type="text" id="postcode" value="<?php if (isset($_POST['postcode'])){ echo $_POST['postcode']; } ?>" /> </td></tr> <tr><td>Username:</td><td> <input name="username" type="text" id="username" value="<?php if (isset($_POST['username'])){ echo $_POST['username']; } ?>" /> </td></tr> <tr><td>Password:</td><td> <input name="password" type="password" class="style7" id="password" value="<?php if (isset($_POST['password'])){ echo $_POST['password']; } ?>" /> </td></tr> <tr><td>Email:</td><td> <input name="email" type="text" class="style7" id="email" value="<?php if (isset($_POST['email'])){ echo $_POST['email']; } ?>" /> </td></tr> <tr><td>Company Logo:</td><td> <input name="upload" type="file" class="style7" id="upload"> </td></tr> <tr><td>Company Description:</td><td> <textarea rows="20" cols="50" name="premiumuser_description" id="premiumuser_description"><?php if (isset($_POST['premiumuser_description'])){ echo "{$_POST['premiumuser_description']}"; } ?></textarea> </td></tr> <tr><td> <input name="Submit" type="submit" value="Register" /> </td></tr> </table> </form> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335163 Share on other sites More sharing options...
litebearer Posted April 7, 2012 Share Posted April 7, 2012 Andy ... email me your most recent code Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335164 Share on other sites More sharing options...
litebearer Posted April 7, 2012 Share Posted April 7, 2012 check your email, upload it, test it Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335165 Share on other sites More sharing options...
PFMaBiSmAd Posted April 7, 2012 Share Posted April 7, 2012 The reason your validation of the description is failing is because magic_quotes_gpc is turned on and it is adding \ escape characters to the data (don't simply add the \ character to the preg_replace pattern because that will create a mess, you must fix what magic_quotes_gpc is doing to the data.) You either need to turn magic_quotes_gpc off or you need to detect if magic_quotes_gpc is on (see get_magic_quotes_gpc ) and remove the \ characters (see stripslashes) from all external data (thanks php.net for more wasted time btw.) If you don't do this, your data will be double escaped (because you are properly escaping it using mysql_real_escape_string before putting it into the query statement) and you will end up with a mess in your database (thanks again php.net for creating a mess.) Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335168 Share on other sites More sharing options...
PFMaBiSmAd Posted April 7, 2012 Share Posted April 7, 2012 Here's some code that will fix what magic_quotes_gpc (get/post/cookie) does, in case you cannot turn the setting off or you want your code to work on any server without needing to mess with a setting that cannot be turned off at runtime - <?php if(get_magic_quotes_gpc()){ $_GET = array_map('stripslashes',$_GET); $_POST = array_map('stripslashes',$_POST); $_COOKIE = array_map('stripslashes',$_COOKIE); } Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335171 Share on other sites More sharing options...
PFMaBiSmAd Posted April 7, 2012 Share Posted April 7, 2012 That validation logic is foobar. The isset() doesn't do anything because text/textarea form fields are set, even if they are empty (you already know the form has been submitted with the isset($_POST['Submit']) statement). When validating user supplied input, you should NEVER lump tests together. You need to specifically tell the user what was wrong with his input. Here is what that specific validation logic should do - <?php $min_description_length = 5; // the minimum you want to allow $max_description_length = 2000; // set to your database table field size $_POST['premiumuser_description'] = trim($_POST['premiumuser_description']); // condition input if($_POST['premiumuser_description'] == ''){ // empty string $error_message .= "You must enter a Company Description<br>"; $error_message .= "Your Company Description was empty<hr>"; } else { // not empty $desc_length = strlen($_POST['premiumuser_description']); if($desc_length < $min_description_length){ // less than minimum characters (this bed is too small) $error_message .= "You must enter a Company Description<br>"; $error_message .= "Your Company Description was less than $min_description_length characters<hr>"; } if($desc_length > $max_description_length){ // greater than maximum (this bed is too big) $error_message .= "You must enter a Company Description<br>"; $error_message .= "Your Company Description was: " . number_format($desc_length) . "characters. The maximum permitted is: " . number_format($max_description_length) ." characters<hr>"; } if($desc_length >= 5 && $desc_length <= $max_description_length){ // length is okay (this bed is just right) // check for invalid characters // NOTE: This is not the same anti (^) pattern that was used in the starting code $rep = preg_replace("/[a-zA-Z0-9\s\-\'\,\.\_]/", "", $_POST['premiumuser_description']); // strip out allowed characters if($rep != ''){ // some invalid characters found $error_message .= "You must enter a Company Description<br>"; $error_message .= "Your Company Description contained the following invalid characters: <font color='red'>$rep</font><hr>"; // if you want to display the whole message for reference, do that here... } } } Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335182 Share on other sites More sharing options...
PFMaBiSmAd Posted April 7, 2012 Share Posted April 7, 2012 And if you really wanted to maximize the user's experience on your site, you can even highlight the invalid characters when you redisplay the data - <?php if($rep != ''){ // some invalid characters found $search = str_replace('/','\/',addslashes(implode('|',array_unique(str_split($rep))))); // form a replace pattern $string = preg_replace("/($search)/i",'<span class="highlight">[ \1 ]</span>',$_POST['premiumuser_description']); $error_message .= "You must enter a Company Description<br>"; $error_message .= "Your Company Description contained the following invalid characters: <span class='highlight'>$rep</span>, "; $error_message .= "highlighted in the following:<br><br>$string<hr>"; } The css for the above would be - <style type="text/css"> span.highlight {font-weight:bold; color:red;} </style> Quote Link to comment https://forums.phpfreaks.com/topic/260444-getting-un-wanted-errors/#findComment-1335191 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.