Jump to content

Validating a registration form


Steve_NI

Recommended Posts

I am preparing a form form for a new user to register to join a site. I am trying to put some validation in to the user input to ensusre passwords are correct size, and they reverify it etc before it is submitted to the database.

I keep getting the same error though when I run the page that I have undefined index. When I actually enter data and hit submit these errors disappear and the appropriate error messages are given to the user.

I know its something simple I am forgetting to do but I cannot fathom it out, would someone with more experience be able to point out my error?

<?php
function user_exists($username){
$server = 'localhost';
$user='root';
$password='';
$db = 'finance_checker';

$mysqli = mysqli_connect($server, $user, $password, $db);

if(mysqli_connect_errno($mysqli)){
    echo "Failed to connect to MySQL".mysqli_connect_error();
}
$res = $mysqli->query("SELECT * FROM `users` WHERE `UserName` = '$username'");

return ($res->num_rows>0);
$res->close();
}

?>

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Registration</title>
        <link rel="stylesheet" type="text/css" href="style.css"/>
    </head>
    <body>
        <h1>Registration</h1>
        <form action="registration.php" method="post">
            <ul id="register">
                <li> Username : *<br />
                    <input type ="text" name="username"/>
                </li>
                <li> Password : *<br />
                    <input type ="password" name="password"/>
                </li>
                <li>
                    Re-Confirm Password : *<br/>
                    <input type="password" name="password2"/>
                </li>
                <li> First Name: *<br />
                    <input type ="text" name="firstname"/>
                </li>
                <li> Last Name : *<br />
                    <input type ="text" name="lastname"/>
                </li>
              
                <li> Email : *<br />
                    <input type ="text" name="email"/>
                </li>
                
                    <input type="submit" value="Register"/>
                     
            </ul>
    </body>
</html>

<?php

if(isset($_POST)){
if(empty($_POST)==false){
    $req_fields=array('username','password','password2','firstname','lastname','email');
    
    foreach ($_POST as $key=>$value){
        if(empty($value)&& in_array($key, $req_fields)===true){
            echo 'Please complete all fields to register!';
            break 1;
        }
        
    }
}
//If there are no errors 

    if(user_exists($_POST['username'])==true){
        echo 'Cannot use the username '.$_POST['username'].' it has already been taken!<br />';
    }
    if(preg_match("/\\s/", $_POST['username'])){
        echo "Your username must not contain any spaces!";
    }
    //Make sure the password is of sufficient length
    
    if((strlen($_POST['password']<6))||(strlen($_POST['password']>12))){
       echo 'Password must be at least 6 characters long and no more than 12.<br />';
        }
    if($_POST['password']!=$_POST['password2']){
        echo 'Passwords do not match. Please try again! <br />';
    }
    if(!(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))){
        echo 'Email address is not valid.Please enter a valid email address';
    }
    }

?>

Link to comment
https://forums.phpfreaks.com/topic/283119-validating-a-registration-form/
Share on other sites

This is not enough to check if the form has been submitted

if(isset($_POST)){

$_POST always exists on page load. You need to check if an element from _POST exists before running your form validation. The most common way is to give your submit button a name

<input type="submit" name="submit" value="Register"/>

And checking to see if it exists in the _POST. 

if(isset($_POST['submit'])){

Now you form validation should only run when the form has been submitted

 

Also make sure you are sanitizing your user input before using it within database queries.

$res = $mysqli->query("SELECT * FROM `users` WHERE `UserName` = '$username'");

Pass $username to mysqli_real_escape_string so it is safe to use within your SQL queries. Or better yet use prepared queries.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.