pottrell Posted November 8, 2012 Share Posted November 8, 2012 (edited) I'm trying to get my form to print an error message when the user doesn't input a username, first name, password etc (will get to the others eventually). This is what I've managed to do by myself so far, but I'm at a loss as to why it's not working now <?php $host = 'localhost'; $user = ''; $password = ''; $database = ''; $conn = mysql_connect($host,$user,$password) or die('Database Information incorrect'); //Establish connection with database and error message mysql_select_db($database,$conn); //$conn = mysql_connect("localhost", "pottrell", "dp132435"); //mysql_select_db("pottrell_wrdp1"); if (isset($_POST['submitted'])) { $error = array(); if (empty($_POST['user_name'])) { $error[] = 'Please Enter a username';} else {$user_name = mysql_real_escape_string($_POST['user_name']);} if (empty($_POST['password'])) { $error[] = 'Please enter a password';} else {$password = mysql_real_escape_string($_POST['password']);} if (empty($_POST['first_name'])) { $error[] = 'Please enter a first name';} else {$first_name = mysql_real_escape_string($_POST['first_name']);} $last_name = mysql_real_escape_string($_POST['last_name']); $day = mysql_real_escape_string($_POST['day']); $month = mysql_real_escape_string($_POST['month']); $year = mysql_real_escape_string($_POST['year']); $date = getDate(); $tday = $date["mday"]; $tmon = $date["mon"]; $tyea = $date["year"]; $sixteen = (($tyea - 16)*10000) + ($tmon*100) + $tday; $dd = $_POST["dob_day"]; $mm = $_POST["dob_month"]; $yy = $_POST["year"]; $dob = ($yy*10000) + ($mm*100) + $dd; if ($dob >= $sixteen) { echo "Age Error"; } else if (empty($error)) { $query = "insert into user(user_name,password,first_name,last_name,day,month,year)values('$user_name','$password','$first_name','$last_name','$day','$month','$year')"; $res = mysql_query($query); echo "Sign up successful - Thank you $first_name <br/>"; echo "Your details are as follows:<br/><br/>"; echo "<strong>Username:</strong> $user_name:<br/>"; echo "<strong>First name:</strong> $first_name:<br/>"; echo "<strong>Last name:</strong> $last_name:<br/>"; echo "<strong>Password:</strong> <i>[Hidden]</i>:<br/>"; echo "<strong>Date of Birth:</strong> $day / $month / $year:<br/>"; } } //header('location:signup_success.php'); ?> Can anyone help me with this? Edited November 8, 2012 by pottrell Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 8, 2012 Share Posted November 8, 2012 Remove your database connection details. Also go change them now. As for your error, I see no where that you are printing said errors? Quote Link to comment Share on other sites More sharing options...
White_Lily Posted November 8, 2012 Share Posted November 8, 2012 This is how I am doing my registration forms at the moment, however it requires 1 error message for all the empties it finds. if($_POST["submitReg"]){ $validateArray = array("name" => "text", "email" => "email"); foreach($validateArray as $key => $value) { if($value == "text") $$key = htmlspecialchars(mysql_real_escape_string($_POST[$key])); else $$key = mysql_real_escape_string($_POST[$key]); if(empty($$key)) { } } } Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 8, 2012 Author Share Posted November 8, 2012 Remove your database connection details. Also go change them now. As for your error, I see no where that you are printing said errors? Oops! Thanks for pointing that out! I'm not actually sure how to print the errors unfortunately! Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 8, 2012 Share Posted November 8, 2012 (edited) <?php if (isset($_POST['submitted'])) { // not sure what the point of this is so I changed it to blank $error = ""; if (empty($_POST['user_name'])) { $error = 'Please Enter a username';} else {$user_name = mysql_real_escape_string($_POST['user_name']);} if (empty($_POST['password'])) { $error = 'Please enter a password';} // SALT AND HASH PASSWORDS else {$password = mysql_real_escape_string($_POST['password']);} if (empty($_POST['first_name'])) { $error = 'Please enter a first name';} else {$first_name = mysql_real_escape_string($_POST['first_name']);} $last_name = mysql_real_escape_string($_POST['last_name']); $day = mysql_real_escape_string($_POST['day']); $month = mysql_real_escape_string($_POST['month']); $year = mysql_real_escape_string($_POST['year']); $date = getDate(); $tday = $date["mday"]; $tmon = $date["mon"]; $tyea = $date["year"]; $sixteen = (($tyea - 16)*10000) + ($tmon*100) + $tday; $dd = $_POST["dob_day"]; $mm = $_POST["dob_month"]; $yy = $_POST["year"]; $dob = ($yy*10000) + ($mm*100) + $dd; if ($dob >= $sixteen) { $error = "Age Error"; } if (empty($error)) { // YOU NEVER EVER!!! want to submit passwords in plain text. $query = "insert into user(user_name,password,first_name,last_name,day,month,year)values('$user_name','$password','$first_name','$last_name','$day','$month','$year')"; $res = mysql_query($query); // want to filter everything that gets echoed to avoid javascript issues echo "Sign up successful - Thank you $first_name <br/>"; echo "Your details are as follows:<br/><br/>"; echo "<strong>Username:</strong> $user_name:<br/>"; echo "<strong>First name:</strong> $first_name:<br/>"; echo "<strong>Last name:</strong> $last_name:<br/>"; echo "<strong>Password:</strong> <i>[Hidden]</i>:<br/>"; echo "<strong>Date of Birth:</strong> $day / $month / $year:<br/>"; } else { // Output errors here echo $error; } } //header('location:signup_success.php'); ?> A few things. ^^ This should work. You're still showing database connection details in your commenting. You NEVER want to submit passwords in plain text (look into salting and hashing them). And your header that is commented out will not work because you are echoing information before it. Edited November 8, 2012 by ExtremeGaming Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 8, 2012 Author Share Posted November 8, 2012 php code A few things. ^^ This should work. You're still showing database connection details in your commenting. You NEVER want to submit passwords in plain text (look into salting and hashing them). And your header that is commented out will not work because you are echoing information before it. Oops! (again) - I changed my password etc, my bad. That works great, with regards to the password, do you mean using md5? Also, is there anyway to ensure the error messages are ordered? Or combine the code so the date of birth will return inside the same error messages being used by the other validation rules? So If i left Username empty and password empty as well as the birthday - It will present the error message "Please fill in a username" "Please fill in a password" "Please fill in your date of birth" Would this involve too much change from the original code? Many thanks again, I understand this to an extent, just those little subtle errors throw me.. Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 8, 2012 Share Posted November 8, 2012 (edited) Well, you could do something like: <?php if (isset($_POST['submitted'])) { // Set errors equal to 0 $error = "0"; if (empty($_POST['user_name'])) { // Change error to 1 so that the user will not be registered echo 'Please Enter a username<br />'; $error = "1"; } else { $user_name = mysql_real_escape_string($_POST['user_name']); } if (empty($_POST['password'])) { // Change error to 1 so that the user will not be registered echo 'Please enter a password<br />'; $error = "1"; } else { $password = mysql_real_escape_string($_POST['password']); } if (empty($_POST['first_name'])) { // Change error to 1 so that the user will not be registered echo 'Please enter a first name<br />'; $error = "1"; } else { $first_name = mysql_real_escape_string($_POST['first_name']); } // If there were no errors if($error == "0") { $query = "insert into user(user_name,password,first_name,last_name,day,month,year)values('$user_name','$password','$first_name','$last_name','$day','$month','$year')"; $res = mysql_query($query); // want to filter everything that gets echoed to avoid javascript issues echo "Sign up successful - Thank you $first_name <br/>"; echo "Your details are as follows:<br/><br/>"; echo "<strong>Username:</strong> $user_name:<br/>"; echo "<strong>First name:</strong> $first_name:<br/>"; echo "<strong>Last name:</strong> $last_name:<br/>"; echo "<strong>Password:</strong> <i>[Hidden]</i>:<br/>"; echo "<strong>Date of Birth:</strong> $day / $month / $year:<br/>"; } } ?> md5 is a hashing method (somewhat insecure as there are websites that store md5 hashes to look up) Salting and hashing is combining the password with a secret password that only you should know then hashing it Edited November 8, 2012 by ExtremeGaming Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 8, 2012 Author Share Posted November 8, 2012 In that case (your latest example). Is there a way to use the method of ensuring the user is over 16 like i had before? I've tried to use your latest code and apply it to the method but failed, badly Thanks again for this! Even if you can't help me further, you've been a great help! Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 8, 2012 Share Posted November 8, 2012 (edited) Yes I just removed all the filtering and age check etc. for purposes of keeping it short you can add in your filtering the way you had it. But where you're checking for the age just change if($dob >= $sixteen) { $error = "Age Error"; } to: if($dob >= $sixteen) { echo "Age Error"; $error = "1"; } And make sure it's before you check if $error == "0" Edited November 8, 2012 by ExtremeGaming Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 8, 2012 Author Share Posted November 8, 2012 Yes I just removed all the filtering and age check etc. for purposes of keeping it short you can add in your filtering the way you had it. But where you're checking for the age just change if($dob >= $sixteen) { $error = "Age Error"; } to: if($dob >= $sixteen) { echo "Age Error"; $error = "1"; } And make sure it's before you check if $error == "0" Aha! Perfect! I've just tested it all, there's one mystery now, it's suddenly stopped writing to the database, i've checked all the details and they're all correct, weird! Thanks again though, the error messages appear perfectly Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 8, 2012 Share Posted November 8, 2012 (edited) echo mysql_error(); Add this after your query and $res and post the message that shows Edited November 8, 2012 by ExtremeGaming Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 8, 2012 Author Share Posted November 8, 2012 Strange! I just recreated the table and now it works! The last thing I need to try to do is to ensure the username is unique. Do you know of any tutorials I could follow to try and do this if possible? All I know is it would involve connecting to the database, looking for the same username as what is entered and returning true or false... :/ Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 8, 2012 Share Posted November 8, 2012 (edited) It's quite simple really. Here's an example <?php // Build the query and get your result $query = "SELECT * FROM `table` WHERE `username` = '$user_name'"; $result = mysql_query($query); // $num will get the amount of users with the same username in the table $num = mysql_num_rows($result); // If $num does not equal 0 (there is a match in the database) return an error if($num != "0") { echo "That username already exists"; $error = "1"; } ?> Edited November 8, 2012 by ExtremeGaming Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 8, 2012 Author Share Posted November 8, 2012 Would that appear after "if (isset($_POST['submitted']))" or before? I can see how this would work at least! Thanks Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 8, 2012 Share Posted November 8, 2012 (edited) The information needs to be supplied before it can be checked so yes it would be after. Edited November 8, 2012 by ExtremeGaming Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 8, 2012 Author Share Posted November 8, 2012 (edited) <?php $host = 'localhost'; $user = '#########'; $password = '#########'; $database = '#########'; $conn = mysql_connect($host,$user,$password) or die('Database Information incorrect'); //Establish connection with database and error message mysql_select_db($database,$conn); //$conn = mysql_connect("localhost", "pottrell", "dp089786+"); //mysql_select_db("pottrell_wrdp1"); if (isset($_POST['submitted'])) { // set errors equal to 0 $error = "0"; $query = "SELECT * FROM `table` WHERE `username` = '$user_name'"; $result = mysql_query($query); $num = mysql_num_rows($result); if($num != "0") { echo "That username already exists<br />"; $error = "1"; } elseif (empty($_POST['user_name'])) { echo 'Please Enter a username<br />'; $error = "1"; } else { $user_name = mysql_real_escape_string($_POST['user_name']); } if (empty($_POST['password'])) { echo 'Please enter a password<br />'; $error = "1"; } else { $password = mysql_real_escape_string($_POST['password']); } if (empty($_POST['first_name'])) { echo 'Please enter a first name<br />'; $error = "1"; } else { $first_name = mysql_real_escape_string($_POST['first_name']); } if (empty($_POST['last_name'])) { echo 'Please enter a last name<br />'; $error = "1"; } else { $last_name = mysql_real_escape_string($_POST['last_name']); } $day = mysql_real_escape_string($_POST['day']); $month = mysql_real_escape_string($_POST['month']); $year = mysql_real_escape_string($_POST['year']); $date = getDate(); $tday = $date["mday"]; $tmon = $date["mon"]; $tyea = $date["year"]; $sixteen = (($tyea - 16)*10000) + ($tmon*100) + $tday; $dd = $_POST["dob_day"]; $mm = $_POST["dob_month"]; $yy = $_POST["year"]; $dob = ($yy*10000) + ($mm*100) + $dd; if($dob>= $sixteen) { echo "User must be over the age of 16."; $error = "1"; } // Check if error = 0 if($error == "0") { $query = "insert into user(user_name,password,first_name,last_name,day,month,year)values('$user_name','$password','$first_name','$last_name','$day','$month','$year')"; $res = mysql_query($query); echo "<br/><br/>"; echo "Sign up successful - Thank you $first_name <br/>"; echo "Your details are as follows:<br/><br/>"; echo "<strong>Username:</strong> $user_name<br/>"; echo "<strong>First name:</strong> $first_name<br/>"; echo "<strong>Last name:</strong> $last_name<br/>"; echo "<strong>Password:</strong> <i>[Hidden]</i>:<br/>"; echo "<strong>Date of Birth:</strong> $day / $month / $year<br/>"; } } ?> So close to getting it to work completely! The issue at the moment is the no matter what the user enters, it returns "That username already exists" Am I thinking about the if else statement the wrong way? Edited November 8, 2012 by pottrell Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 9, 2012 Share Posted November 9, 2012 (edited) You need to do it after you define $user_name Move the query and the if num to after you define user_name ($user_name = mysql_real_escape_string($_POST['user_name']); in your case) Edited November 9, 2012 by ExtremeGaming Quote Link to comment Share on other sites More sharing options...
pottrell Posted November 9, 2012 Author Share Posted November 9, 2012 I'm not sure how you mean, if I moved it below the $user_name($_POST how would i begin the statement to include the query? :/ Quote Link to comment Share on other sites More sharing options...
MDCode Posted November 9, 2012 Share Posted November 9, 2012 (edited) <?php $host = 'localhost'; $user = '#########'; $password = '#########'; $database = '#########'; $conn = mysql_connect($host,$user,$password) or die('Database Information incorrect'); //Establish connection with database and error message mysql_select_db($database,$conn); //$conn = mysql_connect("localhost", "-- Removed --", "-- Removed --"); //mysql_select_db("-- Removed --"); if (isset($_POST['submitted'])) { // set errors equal to 0 $error = "0"; if (empty($_POST['user_name'])) { echo 'Please Enter a username<br />'; $error = "1"; } else { $user_name = mysql_real_escape_string($_POST['user_name']); $query = "SELECT * FROM `table` WHERE `username` = '$user_name'"; $result = mysql_query($query); $num = mysql_num_rows($result); if($num != "0") { echo "That username already exists<br />"; $error = "1"; } } if (empty($_POST['password'])) { echo 'Please enter a password<br />'; $error = "1"; } else { $password = mysql_real_escape_string($_POST['password']); } if (empty($_POST['first_name'])) { echo 'Please enter a first name<br />'; $error = "1"; } else { $first_name = mysql_real_escape_string($_POST['first_name']); } if (empty($_POST['last_name'])) { echo 'Please enter a last name<br />'; $error = "1"; } else { $last_name = mysql_real_escape_string($_POST['last_name']); } $day = mysql_real_escape_string($_POST['day']); $month = mysql_real_escape_string($_POST['month']); $year = mysql_real_escape_string($_POST['year']); $date = getDate(); $tday = $date["mday"]; $tmon = $date["mon"]; $tyea = $date["year"]; $sixteen = (($tyea - 16)*10000) + ($tmon*100) + $tday; $dd = $_POST["dob_day"]; $mm = $_POST["dob_month"]; $yy = $_POST["year"]; $dob = ($yy*10000) + ($mm*100) + $dd; if($dob>= $sixteen) { echo "User must be over the age of 16."; $error = "1"; } // Check if error = 0 if($error == "0") { $query = "insert into user(user_name,password,first_name,last_name,day,month,year)values('$user_name','$password','$first_name','$last_name','$day','$month','$year')"; $res = mysql_query($query); echo "<br/><br/>"; echo "Sign up successful - Thank you $first_name <br/>"; echo "Your details are as follows:<br/><br/>"; echo "<strong>Username:</strong> $user_name<br/>"; echo "<strong>First name:</strong> $first_name<br/>"; echo "<strong>Last name:</strong> $last_name<br/>"; echo "<strong>Password:</strong> <i>[Hidden]</i>:<br/>"; echo "<strong>Date of Birth:</strong> $day / $month / $year<br/>"; } } ?> This should work. All you need to do is make sure any variables you use in a query are defined before, or else I believe it will be used as if you were searching for anything Edited November 9, 2012 by SocialCloud Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.