Steve_NI Posted October 20, 2013 Share Posted October 20, 2013 I am preparing a form form for a new user to register to join a site. I am trying to put some validation in to the user input to ensusre passwords are correct size, and they reverify it etc before it is submitted to the database. I keep getting the same error though when I run the page that I have undefined index. When I actually enter data and hit submit these errors disappear and the appropriate error messages are given to the user. I know its something simple I am forgetting to do but I cannot fathom it out, would someone with more experience be able to point out my error? <?php function user_exists($username){ $server = 'localhost'; $user='root'; $password=''; $db = 'finance_checker'; $mysqli = mysqli_connect($server, $user, $password, $db); if(mysqli_connect_errno($mysqli)){ echo "Failed to connect to MySQL".mysqli_connect_error(); } $res = $mysqli->query("SELECT * FROM `users` WHERE `UserName` = '$username'"); return ($res->num_rows>0); $res->close(); } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Registration</title> <link rel="stylesheet" type="text/css" href="style.css"/> </head> <body> <h1>Registration</h1> <form action="registration.php" method="post"> <ul id="register"> <li> Username : *<br /> <input type ="text" name="username"/> </li> <li> Password : *<br /> <input type ="password" name="password"/> </li> <li> Re-Confirm Password : *<br/> <input type="password" name="password2"/> </li> <li> First Name: *<br /> <input type ="text" name="firstname"/> </li> <li> Last Name : *<br /> <input type ="text" name="lastname"/> </li> <li> Email : *<br /> <input type ="text" name="email"/> </li> <input type="submit" value="Register"/> </ul> </body> </html> <?php if(isset($_POST)){ if(empty($_POST)==false){ $req_fields=array('username','password','password2','firstname','lastname','email'); foreach ($_POST as $key=>$value){ if(empty($value)&& in_array($key, $req_fields)===true){ echo 'Please complete all fields to register!'; break 1; } } } //If there are no errors if(user_exists($_POST['username'])==true){ echo 'Cannot use the username '.$_POST['username'].' it has already been taken!<br />'; } if(preg_match("/\\s/", $_POST['username'])){ echo "Your username must not contain any spaces!"; } //Make sure the password is of sufficient length if((strlen($_POST['password']<6))||(strlen($_POST['password']>12))){ echo 'Password must be at least 6 characters long and no more than 12.<br />'; } if($_POST['password']!=$_POST['password2']){ echo 'Passwords do not match. Please try again! <br />'; } if(!(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))){ echo 'Email address is not valid.Please enter a valid email address'; } } ?> Link to comment https://forums.phpfreaks.com/topic/283119-validating-a-registration-form/ Share on other sites More sharing options...
Ch0cu3r Posted October 20, 2013 Share Posted October 20, 2013 This is not enough to check if the form has been submitted if(isset($_POST)){ $_POST always exists on page load. You need to check if an element from _POST exists before running your form validation. The most common way is to give your submit button a name <input type="submit" name="submit" value="Register"/> And checking to see if it exists in the _POST. if(isset($_POST['submit'])){ Now you form validation should only run when the form has been submitted Also make sure you are sanitizing your user input before using it within database queries. $res = $mysqli->query("SELECT * FROM `users` WHERE `UserName` = '$username'"); Pass $username to mysqli_real_escape_string so it is safe to use within your SQL queries. Or better yet use prepared queries. Link to comment https://forums.phpfreaks.com/topic/283119-validating-a-registration-form/#findComment-1454628 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.