Jump to content

Recommended Posts

Hello everyone... I'll give you straight code ->

 

I want this page to check if :

username is taken or empty

password is empty or less than 6 charactors

email is taken, empty, or doesn't include @

 

if any of those are true, redirect to register.php and explain the error to the user whilst reposting the form for completion again.

 

at the moment its going back to register. but entering the data into the table anyway. also not displaying errors to user.

 

This is the registercheck.php page

<?php
session_start();
$host="localhost";
$username="username";
$password="password"; 
$db_name="wezzsmusic";
$tbl_name="wmusers";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$check = "SELECT * FROM wmusers where username='".$_POST['username']."' LIMIT 1";
$checkresult = mysql_query($check);
if(mysql_num_rows($checkresult) != 0){
header("Location: register.php");
exit;}
$_SESSION['usernamereg'] = $_POST['username'];
$_SESSION['passwordreg'] = $_POST['password'];
$_SESSION['emailreg'] = $_POST['email'];
if ($_POST['username'] == NULL){
	header("Location: register.php");}
if ($_POST['password'] == NULL){
	header("Location: register.php");}
if ($_POST['email'] == NULL){
        header("Location: register.php");}
if (!eregi('@', $_SESSION['emailreg'])) {
   		header("Location: register.php");}
$sql = "INSERT INTO wmusers VALUES ('0', '".$_POST['username']."', '".$_POST['password']."', '".$_POST['email']."', '0')";
mysql_query($sql) or die ("Couldn't execute $sql: " . mysql_error()); 

?>

 

 

Here's the register.php form:

<form id="form1" name="form1" method="post" action="checkregister.php">
      <div align="center">
        <table border="1" cellspacing="0" cellpadding="0">
          <tr>
            <td width="305"><table width="278" height="131" border="0" cellpadding="0" cellspacing="0">
              <tr>
                <td width="110"> </td>
                <td width="13"> </td>
                <td width="155" colspan="2"> </td>
              </tr>
              <tr>
                <td class="style2"><div align="right" class="style4">
                    <?php 
$check = "SELECT * FROM wmusers where username='".$_POST['username']."' LIMIT 1";
$checkresult = mysql_query($check);
		if(isset($_SESSION['usernamereg']) && strlen($_SESSION['usernamereg'] < "1")){
		echo '(Empty) Username';
		}
		elseif(mysql_num_rows($checkresult) != 0 && isset($_SESSION['usernamereg'])){
		echo '(Taken) Username';
		}
		else{
		echo 'Username';
		}
		?>
                </div></td>
                <td class="style2"><div align="center"><span class="register">:</span></div></td>
                <td height="40" colspan="2" class="style2"><div align="left">
                    <?php 
		if(isset($_SESSION['usernamereg']) && strlen($_SESSION['usernamereg'] < "1")){
		echo '<input name="username" type="text" id="username" size="10" maxlength="10"/>';
		} 
		else{
		echo '<input name="username" type="text" id="username" size="10" maxlength="10" value="'.$_SESSION['usernamereg'].'"/>';
		}
		?>
                </div></td>
              </tr>
              <tr>
                <td class="style2"><img src="images/1.jpg" width="1" height="5" /></td>
                <td class="style2"><img src="images/1.jpg" width="1" height="1" /></td>
                <td colspan="2" class="style2"><img src="images/1.jpg" width="1" height="1" /></td>
              </tr>
              <tr>
                <td class="style2"><div align="right" class="style4">
                    <?php 
		if(isset($_SESSION['passwordreg']) && strlen($_SESSION['passwordreg'] < "1")){
		echo '(Empty) Password';
		}elseif(strlen($_SESSION['passwordreg'] > "1")){
		echo 'Password';
		} else{
		echo 'Password';
		}
		?>
                </div></td>
                <td class="style2"><div align="center"><span class="register">:</span></div></td>
                <td height="40" colspan="2" class="style2"><div align="left">
                    <?php 
		if(isset($_SESSION['passwordreg']) && strlen($_SESSION['passwordreg'] < "1")){
		echo '<input name="password" type="password" id="password" size="10" maxlength="10" />';
		} elseif(strlen($_SESSION['passwordreg'] > "1")){
		echo '<input name="password" type="password" id="password" size="10" maxlength="10" />';
		}
		else{
		echo '<input name="password" type="password" id="password" size="10" maxlength="10" />';
		}
		?>
                </div></td>
              </tr>
              <tr>
                <td class="style2"><img src="images/1.jpg" width="1" height="5" /></td>
                <td class="style2"><img src="images/1.jpg" width="1" height="5" /></td>
                <td colspan="2" class="style2"><img src="images/1.jpg" width="1" height="5" /></td>
              </tr>
              <tr>
                <td class="style2"><div align="right" class="style4">
                    <?php 
		if(isset($_SESSION['emailreg']) && strlen($_SESSION['emailreg'] < "1")){
		echo '(Empty) Email';
		} 
		elseif(!eregi('@', $_SESSION['emailreg']) && strlen($_SESSION['emailreg'] > "0")) {
		echo '(Invalid) Email';
		}
		elseif(strlen($_SESSION['emailreg'] > "1")){
		echo 'Email';
		} else {
		echo 'Email';
		}
		?>
                </div></td>
                <td class="style2"><div align="center"><span class="register">:</span></div></td>
                <td height="40" colspan="2" class="style2"><div align="left">
                    <?php 
		if(isset($_SESSION['emailreg']) && strlen($_SESSION['emailreg'] < "1")){
		echo '<input name="email" type="text" id="email" size="10" />';
		} elseif(strlen($_SESSION['emailreg'] > "1")){
		echo '<input name="email" type="text" id="email" size="10" value="'.$_SESSION['emailreg'].'"/>';
		}
		else{
		echo '<input name="email" type="text" id="email" size="10" />';
		}
		?>
                </div></td>
              </tr>
              <tr>
                <td colspan="4"><div align="left"><br />
                  <div align="right">
                    <table width="69" border="0" cellspacing="0" cellpadding="0">
                          <tr>
                            <td width="133"><input type="submit" name="Submit" value="Register" /></td>
                          </tr>
                        </table>
                        <br />
                    </div>
                </div></td>
                </tr>
            </table></td>
          </tr>
        </table>
        </div>
    </form>

 

Thanks, Snooble

Link to comment
https://forums.phpfreaks.com/topic/60370-solved-big-trouble-with-easy-form-check/
Share on other sites

Always get in the habit of adding an exit; statement after your header("Location: ...") calls.  Setting a header location may result in your script being completed before the browser is redirected, which is why data is getting into the table.  May I suggest this method instead, however:

 

<?php
$errors = array();
if (empty($_POST['username']))
{
     $errors[] = 'Please supply a username';
}
if (empty($_POST['password']) || strlen($_POST['password']) < 6)
{
     $errors[] = 'You entered an invalid password';
}
if (empty($_POST['email']) || strpos($_POST['email'], '@') === false)
{
     $errors[] = 'You entered an invalid email';
}
if (count($errors))
{
     // Header here...redirect
     exit;
}
else
{
     // mySQL insert here
}
?>

The logic of your form validation is pretty muddled.  I believe the best thing to do would be to create a sticky form, which is basically what you're trying to build anyway.  This will save you from jumping around between scripts, as well as trimming down the number of times you use the database.

 

If you were to make a sticky form out of what you currently have, it'd probably go a bit like this:

<?php

function myEscape($string){ //function that helps clean info to be inserted into the database
   return (get_magic_quotes_gpc()) ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string);
}

$errMessage = NULL;

if(isset($_POST['submit'])){ //if the form's been submitted, process the info
   if(isset($_POST['name'])){ //if a name's been entered, run the db check
      $checkQuery = "SELECT * FROM wmusers WHERE username = '{$_POST['name']}' LIMIT 1";
      $checkResult = mysql_query($checkQuery);

      if(mysql_num_rows($checkResult)){ //if the name's already been taken (rows >= 1).
         $errMessage .= "That username has already been taken.  Please enter another.<br />\n";
         $nameCheck = false;
      }
      else{
         $name = myEscape($_POST['name']);
         $nameCheck = true;
      }
   else{ //user forgot to enter a username
      $errMessage .= "Please enter a username.<br />\n";
      $nameCheck = false;
   }

   if(isset($_POST['password'])){ //was the password set?
      if(strlen($_POST['password']) < 6)){ //if it's too short
         $errMessage .= "The password you provided is too short.  Please enter a password of at least six characters in length<br />\n";
         $passCheck = false;
      }
      else{
         $password = myEscape($_POST['password']);
         $passCheck = true;
   else{ //user forgot to enter a password
      $errMessage .= "Please enter a password.<br />\n";
      $passCheck = false;
   }

   if(isset($_POST['email')){ //was the e-mail set?
      if(preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/", $_POST['email'])){ //does it fit the correct pattern?
         $email = myEscape($_POST['email']);
         $emailCheck = true;
      else{
         $errMessage .= "Please enter a correctly formed e-mail address (name@host).<br />\n";
         $emailCheck = false;
      }
   else{ //e-mail not set
      $errMessage .= "Please enter your e-mail address.<br />\n";
      $emailCheck = false;
   }

   if($nameCheck && $passCheck && $emailCheck){ //if everything checks out
      $insertQuery = "INSERT INTO wmusers (username, password, email) VALUES ('$name', '$password', '$email')";
      $insertResult = mysql_query($insertQuery);

      if(mysql_affected_rows($insertResult) == 1){ //only 1 row was inserted
         header("Location: http://www.somewhereelse.php");
         exit();
      }
      else{ //something still went wrong!
         $errMessage .= "Something went wrong with the registration.  Please contact the webmaster.<br />\n";
      }
   }
   else{
      echo "<span style='color: #ff0000;'>$errMessage</span><br />\n";
   }
}

?> //close PHP to display the form

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
   <!-- form inputs go here -->
</form>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.