Rabastan Posted February 17, 2013 Share Posted February 17, 2013 This is my first attempt at a registration script. Where do I need improve it? Thanks in advance Rab // Get values from form $username=$_POST['username']; $password=$_POST['password']; $confirm=$_POST['confirm']; $firstname=$_POST['firstname']; $lastname=$_POST['lastname']; $email=$_POST['email']; $address=$_POST['address']; $address2=$_POST['address2']; $city=$_POST['city']; $state=$_POST['state']; $zip=$_POST['zip']; $phone=$_POST['phone']; $dob=$_POST['dob']; // Strip any escape characters $username = stripslashes($username); $password = stripslashes($password); $confirm = stripslashes($confirm); $firstname = stripslashes($firstname); $lastname = stripslashes($lastname); $email = stripslashes($email); $address = stripslashes($address); $address2 = stripslashes($address2); $city = stripslashes($city); $state = stripslashes($state); $zip = stripslashes($zip); $phone = stripslashes($phone); $dob = stripslashes($dob); //Check for empty fields if(empty($_POST['username'])){ echo (USERNAME_BLANK_ERROR); } if(empty($_POST['password'])){ echo (PASSWORD_BLANK_ERROR); } if(empty($_POST['confirm'])){ echo (CONFIRM_BLANK_ERROR); } if(empty($_POST['firstname'])){ echo (FIRSTNAME_BLANK_ERROR); } if(empty($_POST['lastname'])){ echo (LASTNAME_BLANK_ERROR); } if(empty($_POST['email'])){ echo (EMAIL_BLANK_ERROR); } if(empty($_POST['address'])){ echo (ADDRESS_BLANK_ERROR); } if(empty($_POST['city'])){ echo (CITY_BLANK_ERROR); } if(empty($_POST['state'])){ echo (STATE_BLANK_ERROR); } if(empty($_POST['zip'])){ echo (ZIP_BLANK_ERROR); } if(empty($_POST['phone'])){ echo (PHONE_BLANK_ERROR); } if(empty($_POST['dob'])){ echo (DOB_BLANK_ERROR); } // Verify field lengths if(strlen($username) < 6){ echo (USERNAME_SHORT_ERROR); } if(strlen($username) > 15){ echo (USERNAME_LONG_ERROR); } if(strlen($password) < 6){ echo (PASSWORD_SHORT_ERROR); } if(strlen($password) > 15){ echo (PASSWORD_LONG_ERROR); } if(strlen($firstname) < 2){ echo (FIRSTNAME_SHORT_ERROR); } if(strlen($firstname) > 25){ echo (FIRSTNAME_LONG_ERROR); } if(strlen($lastname) < 2){ echo (LASTNAME_SHORT_ERROR); } if(strlen($laststname) > 25){ echo (LASTNAME_LONG_ERROR); } if(strlen($email) < 10){ echo (EMAIL_SHORT_ERROR); } if(strlen($email) > 100){ echo (EMAIL_LONG_ERROR); } if(strlen($address) < 5){ echo (ADDRESS_SHORT_ERROR); } if(strlen($address) > 200){ echo (ADDRESS_LONG_ERROR); } if(strlen($city) < 3){ echo (CITY_SHORT_ERROR); } if(strlen($city) > 22){ echo (CITY_LONG_ERROR); } if(strlen($zip) < 5){ echo (ZIP_SHORT_ERROR); } if(strlen($zip) > 5){ echo (ZIP_LONG_ERROR); } // Compare Passwords if ($password != $confirm) { echo(PASSWORD_MATCH_ERROR); } // Validate Phone Number if( !preg_match("/^([1]-)?[0-9]{3}-[0-9]{3}-[0-9]{4}$/i", $phone) ) { echo (PHONE_VALIDATE_ERROR); } // Validate Email Address if( !preg_match("/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i", $email) ) { echo (EMAIL_VALIDATE_ERROR); } // Hash password and validate hash $hash = $hasher->HashPassword($password); if(strlen($hash) <= 20){ echo (HASH_ERROR); } // Insert User into database $sql="INSERT INTO $users(user_username, user_password, user_email, user_firstname, user_lastname, user_address, user_address2, user_city, user_state, user_zip, user_phone, user_dob)VALUES('$username', '$hash', '$firstname', '$lastname', '$address', '$address2', '$city', '$state', '$zip', '$phone', '$dob')"; $result=mysql_query($sql); if($result){ echo (REGISTRATION_SUCCESS); echo "<BR>"; echo "<a href='reg_thankyou.php'>Back to main page</a>"; } else { echo (REGISTRATION_ERROR); } ?> <?php // close connection mysql_close(); ?> Link to comment https://forums.phpfreaks.com/topic/274598-can-i-get-quick-critique/ Share on other sites More sharing options...
Barand Posted February 17, 2013 Share Posted February 17, 2013 The obvious omission is the lack of mysql_real_escape_string() or intval() for numeric inputs Link to comment https://forums.phpfreaks.com/topic/274598-can-i-get-quick-critique/#findComment-1413005 Share on other sites More sharing options...
jazzman1 Posted February 17, 2013 Share Posted February 17, 2013 There are too much ifs,empties, strlens. I don't see arrays in your script. Link to comment https://forums.phpfreaks.com/topic/274598-can-i-get-quick-critique/#findComment-1413009 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.