Jump to content

Email validation problem

yobo

By yobo
in PHP Coding Help

 Share

Recommended Posts

yobo Member

yobo

Posted
Posted

Hey,

 

i have a strange problem with my coding some of my validation works and my email validation does not, for example when i leave the form fileds empty and click submit it says fileds names can not be blank, now when i enter data into the field names including the email input box and submit the data it says user created as well as saying invalid email? please can you help

 

<?php

/**
* @author Cobra Internet
* @copyright 2008
*/

$dbcon = mysql_connect('localhost', 'root');
if (!$dbcon) {
	exit('<p> unable to connect to the database server at this time </p>');
}

if (!@mysql_select_db('website')) {
	exit('<p>unable to locate the joke database</p>');
}

if($_SERVER['REQUEST_METHOD'] == "POST"){ //if the form was posted then only do something....    
$firstname = mysql_real_escape_string($_POST['firstname']);     
$lastname = mysql_real_escape_string($_POST['lastname']);     
$email = mysql_real_escape_string($_POST['email']);     
$username = mysql_real_escape_string($_POST['username']);     
$password = mysql_real_escape_string(md5($_POST ['password']));   


//Validate the Email Address
$email=$_POST['email'];
$result=eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\.[a-z]{2,4}$", $email);
if(!$result){
echo "Enter a valid E-mail Address";
}
else{
echo "Invalid E-mail Address";
}

  
$error = 0;    $error_mes = ''; 
if (strlen($_POST['firstname']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no name entered\n";}    
if (strlen($_POST['lastname']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no last name entered\n";}    
if (strlen($_POST['email']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no email entered / Invalid Email\n";}   
  if (strlen($_POST['username']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no username entered\n";}    
  if (strlen($_POST['password']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no password entered\n";}        
  if($error >= 1) {echo "<PRE>";        
  echo "<span style=\"color: red;\">Errors!!!\n\n";        
  echo $error_mes;        
  echo "</span>";        
  echo "</PRE>";  
    
  }else{ 
  // If no errors, enter data into database        
  $sql = "INSERT INTO members SET             
  firstname='$firstname',             
  lastname='$lastname',             
  username='$username',             
  password='$password',             
  email='$email'"; 
  
  $sql2 = "INSERT INTO profile SET
  username='$username'";                 
  
  if (@mysql_query($sql)) {             
  echo '<p>User Created! Thank you.</p>';      
    } else {            
 echo '<p>Database Error - Unable to create user</p>';       
  }    
  }}

//execute second query
$sql2 = "INSERT INTO profile SET username='$username'"; 
if (@mysql_query($sql2)) {  
echo '<p>User profile updated!</p>'; 
}



if ($_POST){
if ($error >= 1)
{ // Prints any errors at the beginning of the page
//	echo "<PRE>";
//	echo "<span style=\"color: red;\">Errors!!!\n\n";
//	echo $error_mes;
//	echo "</span>";
//	echo "</PRE>";
}
}
?>

 

part of my html form coding below

 

<td><label for="email">Enter E-Mail</td>
<td>:</td>
<div class="div_texbox">
<td><input type="text" name="email" id="email" value="<?php if (strlen($email) > 0) {echo $email;} ?>" /></label></td> 
</div>
</tr>
<tr>

Link to comment
Share on other sites
adam291086 Advanced Member

adam291086

Posted
Posted

It because you are running lots of if statments. So if one == false the others will still run regardless. You need to set up a condition that will stops the if statements if something isn't valid.

 

For Example

 

$error=0;

 

if(error =="1")

{

echo "problem

}

else

 

{

 

run inser into database

}

Link to comment
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted

Well, the only thing that happens if the user enters an invalid email is that it tells him/her so. Nothing else. The rest of the script will always continue.

 

I also have a couple of comments to your code:

Instead of doing something like this: 

$error = $error + 1; $error_mes .= "Sorry, no name entered\n";

I would do this: 

$errors[] = 'Sorry, no name entered.';

Then you can check how many errors there are with count() and do join("\n", $errors);.

 

This if statement: 

if ($_POST){

will always evaluate to true as $_POST will always be set. Thus the succeeding code block will always be run.

 

Instead of checking if something is longer than one character: 

strlen($_POST['firstname']) < 1

it will probably be faster and more readable to check it is not empty: 

!empty($_POST['firstname'])

 

In your form you might as well just echo $email - no point in checking the length. If it's to prevent E_NOTICEs then it won't work as you will already have used an undefined variable in strlen().

Link to comment
Share on other sites
tinker Member

tinker

Posted
Posted

I took out your regex email validator and it didn't pass any of my valid emails. Here's one that I sometimes use:

function scheck_email($email)
{
if(eregi("[A-Z0-9._%-]+@[A-Z0-9.-]{2}([A-Z0-9.-])?\.[A-Z]{2,4}",$email))
	return 1;	//	valid
return -1;		//	invalid
}

 

Also i'd change this line:

$password = mysql_real_escape_string(md5($_POST ['password']));

to

$password = md5(mysql_real_escape_string($_POST ['password']));

not that it makes much difference...

 

 

Not gone through the rest yet, but try the email thing...

Link to comment
Share on other sites
yobo Member

yobo

Posted
  • Author
Posted

I have update my code but still no luck, please forgive me for being a newbie i only started to learn php recently and my scirpt is built mainly from reading tutorials etc..

 

<?php

/**
* @author Cobra Internet
* @copyright 2008
*/

$dbcon = mysql_connect('localhost', 'root');
if (!$dbcon) {
	exit('<p> unable to connect to the database server at this time </p>');
}

if (!@mysql_select_db('website')) {
	exit('<p>unable to locate the joke database</p>');
}

if($_SERVER['REQUEST_METHOD'] == "POST"){ //if the form was posted then only do something....    
$firstname = mysql_real_escape_string($_POST['firstname']);     
$lastname = mysql_real_escape_string($_POST['lastname']);     
$email = mysql_real_escape_string($_POST['email']);     
$username = mysql_real_escape_string($_POST['username']);     
$password = mysql_real_escape_string(md5($_POST ['password']));   


function scheck_email($email)
{
if(eregi("[A-Z0-9._%-]+@[A-Z0-9.-]{2}([A-Z0-9.-])?\.[A-Z]{2,4}",$email))
	return 1;	//	valid
return -1;		//	invalid
}

  
$error = 0;    $error_mes = ''; 
if (strlen($_POST['firstname']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no name entered\n";}    
if (strlen($_POST['lastname']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no last name entered\n";}    
if (strlen($_POST['email']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no email entered / Invalid Email\n";}   
  if (strlen($_POST['username']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no username entered\n";}    
  if (strlen($_POST['password']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no password entered\n";}        
  if($error >= 1) {echo "<PRE>";        
  echo "<span style=\"color: red;\">Errors!!!\n\n";        
  echo $error_mes;        
  echo "</span>";        
  echo "</PRE>";  
    
  }else{ 
  // If no errors, enter data into database        
  $sql = "INSERT INTO members SET             
  firstname='$firstname',             
  lastname='$lastname',             
  username='$username',             
  password='$password',             
  email='$email'"; 
  
  $sql2 = "INSERT INTO profile SET
  username='$username'";                 
  
  if (@mysql_query($sql)) {             
  echo '<p>User Created! Thank you.</p>';      
    } else {            
 echo '<p>Database Error - Unable to create user</p>';       
  }    
  }}

//execute second query
$sql2 = "INSERT INTO profile SET username='$username'"; 
if (@mysql_query($sql2)) {  
echo '<p>User profile updated!</p>'; 
}



if ($_POST){
if ($error >= 1)
{ // Prints any errors at the beginning of the page
//	echo "<PRE>";
//	echo "<span style=\"color: red;\">Errors!!!\n\n";
//	echo $error_mes;
//	echo "</span>";
//	echo "</PRE>";
}
}
?>

Link to comment
Share on other sites
tinker Member

tinker

Posted
Posted

you need to call the function or just rehash it like so:

 

$email=$_POST['email'];
$result=eregi("[A-Z0-9._%-]+@[A-Z0-9.-]{2}([A-Z0-9.-])?\.[A-Z]{2,4}",$email);
if(!$result){
   echo "Enter a valid E-mail Address";
}
else{
   echo "Invalid E-mail Address";
}

Link to comment
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted

Also i'd change this line:

$password = mysql_real_escape_string(md5($_POST ['password']));

to

$password = md5(mysql_real_escape_string($_POST ['password']));

not that it makes much difference...

The mysql_real_escape_string() function call is in that case redundant as md5() will always return an alphanumeric string of 32 characters thus not posing any risk of SQL injection.

 

@yobo: You didn't check the email. You might want create to 

if (scheck_email($email) == -1) {$error = $error + 1; $error_mes .= "Invalid email\n";}

below the other similar lines.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.