Jump to content

A better way... ?

VirusDoctor

By VirusDoctor
in PHP Coding Help

 Share

Recommended Posts

VirusDoctor Member

VirusDoctor

Posted
Posted

Hey guys, I'm creating an auction script from scratch and I'm busy with the registration page.

 

I was wondering if there is a better way to check that there are no errors when inserting the users profile into the database. I currently have this;

 

mysql_query ("INSERT INTO users (name, surname, username, idnumber, password, email,address1,address2, city, postcode, province, country, phone, cell, birthday) VALUES ('$name','$surname','$username','$idnumber','$password','$email','$address1','$address2','$city','$postcode','$province','$country','$phone','$cell','$birthday')");

 

echo ("<br><br>Thanks for registering, please check your provided email address for your confirmation link.");

}

else

{

echo ("<br><br>There was a problem with your registration.");

 

 

}

 

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

You'll want to validate each variable.  Think of what data should be in there and then start writing down what you want to check for.

 

IE, the Name, Surname, Uname should all be characters, the ID should be a Integer (and you should probably have it auto-increment unless you want duplicate IDs).

 

yeah I know, I haven't done the injection code yet.

 

Thats kinda what I'm stuck with, I need to somehow define errors to check for when inserting.

 

I'm learning php but seem to be stuck with this.

 

Could anyone assist?

Link to comment
Share on other sites
VirusDoctor Member

VirusDoctor

Posted
  • Author
Posted 

if($valid_form == true)
	{
		$query;
		echo ("<br><br>Thanks for registering, please check your provided email address for your confirmation link.");
	}
else
	{
	echo ("<br><br>There was a problem with your registration.");


	}

 

Thats the code I have now.

 

$query is the db INSERT variable.

 

The form uses a bunch of true/false's for validation (strlen, strip_html etc...)

 

Is this better?

 

P.S. thanks for helping out a n00b so far guys :)

Link to comment
Share on other sites
VirusDoctor Member

VirusDoctor

Posted
  • Author
Posted 

<?php 
####################################################################################
//We create trim() variables for all our textboxes
$trim[1] = trim($_POST["name"]); 
$trim[2] = trim($_POST["surname"]);
$trim[3] = trim($_POST["username"]);
$trim[4] = trim($_POST["idnumber"]);
$trim[5] = trim($_POST["password"]);
$trim[6] = trim($_POST["email"]);
$trim[7] = trim($_POST["address1"]);
$trim[8] = trim($_POST["address2"]);
$trim[9] = trim($_POST["city"]);
$trim[10] = trim($_POST["postcode"]);
$trim[11] = trim($_POST["country"]);
$trim[12] = trim($_POST["year"]);
//here we set variables to strip all html input from the textboxes
$strip_html[1] = strip_tags($_POST["name"]);
$strip_html[2] = strip_tags($_POST["surname"]);
$strip_html[3] = strip_tags($_POST["username"]);
$strip_html[4] = strip_tags($_POST["idnumber"]);
$strip_html[5] = strip_tags($_POST["password"]);
$strip_html[6] = strip_tags($_POST["email"]);
$strip_html[7] = strip_tags($_POST["address1"]);
$strip_html[8] = strip_tags($_POST["address2"]);
$strip_html[9] = strip_tags($_POST["city"]);
$strip_html[10] = strip_tags($_POST["postcode"]);
$strip_html[11] = strip_tags($_POST["country"]);
$strip_html[12] = strip_tags($_POST["year"]);

$birthday = ("$day  $month  $year");
$query = mysql_query("INSERT INTO users (name, surname, username, idnumber, password, email,address1,address2, city, postcode, province, country, phone, cell, birthday) VALUES ('$name','$surname','$username','$idnumber','$password','$email','$address1','$address2','$city','$postcode','$province','$country','$phone','$cell','$birthday')");


//if the user has hit the submit button, start the validating process
if ($_POST["submit"]) {


//a true/false variable
$valid_form = true;
     
### NAME
//if the user has not entered anything into the textbox
if ($_POST['name'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font>					 Please enter your Name.<b></font>";
		$valid_form = false;
	}
//if the user has inpit any defined invalid characters
else if (eregi("[0-9, @/\)(*&^%$#!~`+=_-]", $_POST['name'])) 
	{
		//display the following error
		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please dont use numbers or special characters in your Name.<b></font>");
		$valid_form = false;
	}
else
	{
		//if all went well, create a variable to hold the data
		$trim[1];
		$strip_html[1];
		$name = $_POST['name'];
	}
### SURNAME
if ($_POST['surname'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your Surname.<b></font>";
		$valid_form = false;
	}
else if (eregi("[0-9, @/\)(*&^%$#!~`+=_-]", $_POST['surname']))
	{
		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please dont use numbers or special characters in your Surname.<b></font>");
		$valid_form = false; 
	}
else
	{
		//if all went well, create a variable to hold the data
		$trim[2];
		$strip_html[2];
		$surname = $_POST['surname'];
	}

###	USERNAME
if ($_POST['username'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your Username.<b></font>";
		$valid_form = false;
	}
else if (eregi("[@/\)(*&^%$#!~`+=-]", $_POST['username'])) 
	{
		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please dont use special characters in your Username.<b></font>");
		$valid_form = false;
	}
else
	{
		//if all went well, create a variable to hold the data
		$trim[3];
		$strip_html[3];
		$username = $_POST['username'];
	}
###	ID NUMBER
if ($_POST['idnumber'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your ID Number.<b></font>";
		$valid_form = false;
	}

else if (strlen($_POST['idnumber']) < 13)
	{

		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font>					 You have entered an invalid ID Number.<b></font>";
		$valid_form = false;
	}

else if (eregi("[A-Z, @/\)(*&^%$#!~`+=_-]", $_POST['idnumber']))
	{
		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> An 				Identity Number only contains numbers.<b></font>"); 
		$valid_form = false;
	}

else
	{ 
		//if all went well, create a variable to hold the data
		$trim[4];
		$strip_html[4];
		$idnumber = $_POST['idnumber'];
	}
###	PASSWORD		
if ($_POST['password'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter a Password.<b></font>";
		$valid_form = false;
	}

//if password length is less than 6 characters
else if (strlen($_POST['password']) < 6)
	{

		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Your Password is too short (min 6 characters).<b></font>";
		$valid_form = false;
	}

else
	{ 
		//if all went well, create a variable to hold the data
		$trim[5];
		$strip_html[5];
		$password = $_POST['password'];
	}

###	EMAIL ADDRESS
if ($_POST['email'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your Email Address.<b></font>";
		$valid_form = false;
	}

else if (eregi("^[]+@[]+\.[a-zA-Z0-9\-\.]+$", $_POST['email']))
	{
		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Invalid email address specified.<b></font>");
		$valid_form = false;	
	}

else
	{ 
		//if all went well, create a variable to hold the data
		$trim[6];
		$strip_html[6];
		$email = $_POST['email'];
	}
### PASSWORD1 MATCH PASSWORD2
if ($_POST['password'] != $_POST['password2'])
	{
		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Your Password and Confirmation Passwords do not match.<b></font>");
		$valid_form = false;
	}
else 
	{

            $password = $_POST['password'];

        }
### EMAIL MATCH EMAIL2
    if ($_POST['email'] != $_POST['email2'])
	{
	echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Your Email Address and Confirmation Email Address do not match.<b></font>");
		$valid_form = false;
	}
else 
	{
		$email = $_POST['email'];
	}
### ADDRESS1
if ($_POST['address1'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please provide an Address.<b></font>";
		$valid_form = false;
	}
		//if password length is less than 6 characters
else if (strlen($_POST['address1']) < 10)
	{

		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Invalid Address (too short).<b></font>";
		$valid_form = false;
	}

else
	{ 
		//if all went well, create a variable to hold the data
		$trim[7];
		$strip_html[7];
		$address1 = $_POST['address1'];
	}
###	ADDRESS2	
if ($_POST['address2'] == "")

	{ 
		//if all went well, create a variable to hold the data
		$trim[8];
		$strip_html[8];
		$address2 = $_POST['address2'];
	}
### CITY
if ($_POST['city'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your City.<b></font>";
		$valid_form = false;
	}
		//if password length is less than 6 characters
else if (strlen($_POST['city']) < 3)
	{

		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Invalid City (too short).<b></font>";
		$valid_form = false;
	}
else if (eregi("[0-9,@/\)(*&^%$#!~`+=_-]", $_POST['city'])) 

	{

		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please dont use numbers or special characters in your City.<b></font>");
		$valid_form = false;
	}

else
	{ 
		//if all went well, create a variable to hold the data
		$trim[9];
		$strip_html[9];
		$city = $_POST['city'];
	}
### POSTAL CODE
if ($_POST['postcode'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your Postal Code.<b></font>";
		$valid_form = false;
	}
		//if postcode length is less than 4 characters
else if (strlen($_POST['postcode']) < 4)
	{

		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Invalid Postal Code.<b></font>";
		$valid_form = false;
	}
else if (eregi("[a-z,@/\)(*&^%$#!~`+=_-]", $_POST['postcode'])) 

	{

		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					A Postal Code only contains numbers.<b></font>");
		$valid_form = false;
	}

else
	{ 
		//if all went well, create a variable to hold the data
		$trim[10];
		$strip_html[10];
		$postcode = $_POST['postcode'];
	}
### COUNTRY
if ($_POST['country'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your Country.<b></font>";
		$valid_form = false;
	}
else if (eregi("[0-9,@/\)(*&^%$#!~`+=_-]", $_POST['country'])) 

	{

		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Your Country may not contain numbers or special characters.<b></font>");
		$valid_form = false;
	}
else
	{ 
		//if all went well, create a variable to hold the data
		$trim[11];
		$strip_html[11];
		$country = $_POST['country'];
	}
###	PHONE
if (eregi("[a-z,@/\)(*&^%$#!~`=_-]", $_POST['phone'])) 

	{

		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Your Phone Number contains invalid characters.<b></font>");
		$valid_form = false;
	}
else
	{ 
		//if all went well, create a variable to hold the data
		$trim[12];
		$strip_html[12];
		$phone = $_POST['phone'];
	}
### CELLULAR
if ($_POST['cell'] == "")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your Cellphone Number.<b></font>";
		$valid_form = false;
	}

else if (eregi("[a-z,@/\)(*&^%$#!~`=_-]", $_POST['cell'])) 

	{

		echo("<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Your Cellphone Number contains invalid characters.<b></font>");
		$valid_form = false;
	}
		//if cellphone number length is less than 10 characters
else if (strlen($_POST['cell']) < 10)
	{

		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Invalid Cellphone Number.<b></font>";
		$valid_form = false;
	}
else
	{ 
		//if all went well, create a variable to hold the data
		$trim[13];
		$strip_html[13];
		$cell = $_POST['cell'];
	}
### DAY
if ($_POST['day'] == "Day")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please correct your birth day.<b></font>";
		$valid_form = false;
	}
else
	{ 
		//if all went well, create a variable to hold the data

		$day = $_POST['day'];
	}
### MONTH
if ($_POST['month'] == "Month")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please correct your birth month.<b></font>";
		$valid_form = false;
	}
else
	{ 
		//if all went well, create a variable to hold the data

		$month = $_POST['month'];
	}
### YEAR
if ($_POST['year'] == "Year")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your birth year.<b></font>";
		$valid_form = false;
	}

else
	{ 
		//if all went well, create a variable to hold the data
		$trim[16];
		$strip_html[16];
		$year = $_POST['year'];

	}
### PROVINCE
if ($_POST['province'] == "Province")
	{
		//display the following error
		echo "<br><br><font size=1 color= #505050><b> <font color= #de0000>Error:</font> 					Please enter your Province.<b></font>";
		$valid_form = false;
	}
else
	{ 
		//if all went well, create a variable to hold the data

		$province = $_POST['province'];
	}
if($valid_form == true)
	{
		$query;
		echo ("<br><br>Thanks for registering, please check your provided email address for your confirmation link.");
	}
else
	{
	echo ("<br><br>There was a problem with your registration.");


	}


}

####################################################################################	?>

 

Thats all the php code for the reg page so far. I'm sure there are probably far better ways to do some of the things I'm doing up there, but I'm still learning and have only been at php for about a month, learning rapidly as you can see.

 

If anyone can demonstrate certain ways of doing things better with commented examples, I would really appreciate it.

 

Shaun

Link to comment
Share on other sites
VirusDoctor Member

VirusDoctor

Posted
  • Author
Posted

I also just noticed that for some reason, on the email textbox's the validation isn't working right at all. One can pretty much type in anything and it works, it also seems to be skipping the elseif statement in my code above, either that or the code is wrong.

 

Come on guys, lend a hand.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.