Best way to insert data into a Database Table AND Make Sure A Form Is Validated

[stublackett]

Hi,

 

I've got a Registration Form Setup, Which inserts data into a Database titled 'Users' aswell as Validates the form, The problem I have with that is when I load "registration.php" the Validation Form loads all the errors in aswell

 

I need to know the best way to Validate the form, Aswell as Insert the data into the table in a nice neat format

 

The code looks as follows :

 

 

<?php

####################################################################

################ DATABASE CONNECT ##############################

####################################################################

$hostname = "localhost";

$db_user = "";

$db_password = "";

$dbname = "login";

$db_table = "users";

 

 

# STOP HERE

####################################################################

# THIS CODE IS USED TO CONNECT TO THE MYSQL DATABASE

$db = mysql_connect($hostname, $db_user, $db_password);

mysql_select_db($dbname,$db);

?>

<html>

<head>

<title></title>

</head>

<body>

<form method="post" action="">

    <fieldset>

      <legend>Personal Information....</legend>

      <div>

      <label for="username">User Name</label>

      <input type="text" name="username" id="username" class="txt" />

    </div>

    <div>

      <label for="fullname">Full Name</label>

      <input type="text" name="fullname" id="fullname" class="txt" />

    </div>

    <div>

      <label for="email">E-Mail Address:</label>

      <input type="text" name="email" id="email" class="txt" />

    </div>

      <div>

      <label for="password1">Password:</label>

      <input type="password" name="password1" id="password1" class="txt" />

    </div>

      <div>

        <label for="password2">Confirm Password:</label>

        <input type="password" name="password2" id="password2" class="txt" />

        <br />

<br />

        <label for="level">User Level:</label>

        <select name="level">

        <option value="dragon">Dragon</option>

        <option value="entrepeneur">Entrepeneur</option>

        </select>

    </div>

      </fieldset>

    <fieldset>

    <legend>Address Details...</legend>

      <div>

      <label for="address1">Address Line One:</label>

      <input type="text" name="address1" id="address1" class="txt" />

    </div>

      <div>

      <label for="address2">Address Line Two:</label>

      <input type="text" name="address2" id="address2" class="txt" />

    </div>

      <div>

      <label for="city">Town / City:</label>

      <input type="text" name="city" id="city" class="txt" />

    </div>

      <div>

      <label for="PostCode">Post Code </label>

      <input type="text" name="zip" id="zip" class="txt"  />

    </div>

      </fieldset>

      <fieldset>

      <legend>Upload Picture * Optional</legend>

      <label for="UploadPicture">Upload A Picture </label>

      <input type="file" name="upload" id="upload" class="txt" />

    <div>

      <input type="submit" name="Submit" id="Submit" value="Register" class="btn" />

      <input type="reset" name="btnReset" id="btnReset" value="Reset The Form" class="btn"  />

    </div>

    <div></div>

    </fieldset>

  </form>

 

<?php #Script register_validation.php By Stuart Blackett - [email protected]

 

// Check $_POST['username'] and strip any slashes

if (!empty($_POST['username'])) {

$username = stripslashes($_POST['username']);

}else{

$username = NULL;

echo '<p><font color="red">You did not enter your desired username</font></p>';

}

 

//Check Full Name

if (!empty($_POST['fullname'])) {

$fullname = TRUE;

}else{

$fullname = NULL;

echo '<p><font color="red">You did not enter your fullname</font></p>';

}

 

//Check E-Mail Address

if (!empty($_POST['email'])) {

$email = TRUE;

}else{

$email = NULL;

echo '<p><font color="red">You did not enter your E-Mail Address</font></p>';

}

 

//Check Password

if (!empty($_POST['password1'])) {

$password1 = TRUE;

}else{

$password1 = NULL;

echo '<p><font color="red">You did not enter your First Password</font></p>';

}

 

//Check E-Mail Address

if (!empty($_POST['password2'])) {

$password2 = TRUE;

}else{

$password2 = NULL;

echo '<p><font color="red">You did not confirm your password</font></p>';

}

 

//Check Address Line 1

if (!empty($_POST['address1'])) {

$address1 = TRUE;

}else{

$address1 = NULL;

echo '<p><font color="red">You need to specify the first line of your address</font></p>';

}

 

//Check Address Line 2

if (!empty($_POST['address2'])) {

$address2 = TRUE;

}else{

$address2 = NULL;

echo '<p><font color="red">You need to specify the second line of your address</font></p>';

}

 

//Check City

if (!empty($_POST['city'])) {

$city = TRUE;

}else{

$city = NULL;

echo '<p><font color="red">You need to specify the town or city you live in</font></p>';

}

 

//Check Post Code

if (!empty($_POST['zip'])) {

$zip = TRUE;

}else{

$zip = NULL;

echo '<p><font color="red">You need to specify your post-code</font></p>';

}

 

// If everything is filled out print the message.

if($username && $password1) {

 

echo "Thank you, <b>$username</b>. You have now registered<br />

Proceed to Login";

 

}else{ //One form element was not filled in correctly

echo '<p><font color="red">Please go back and try logging in again</font></p>';

}

?>

 

<?php #Insert Data Into User Table

$username = $_POST['username'];

$fullname = $_POST['fullname'];

$email = $_POST['email'];

$password = $_POST['password1'];

$level = $_POST['level'];

$address1 = $_POST['address1'];

$address2 = $_POST['address2'];

$city = $_POST['city'];

$zip = $_POST['zip'];

 

if (isset($_REQUEST['Submit']))

 

{

# THIS CODE TELLS MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE

$sql = "INSERT INTO $db_table(username,fullname,email,password,level,address1,address2,city,zip) values ('$username','$fullname','$email','$password','$level','$address1','$address2','$city','$zip')";

if($result = mysql_query($sql ,$db))

{

echo "";

}

else

{

echo "ERROR: ".mysql_error();

}

 

}

else

{

?>

 

<?php

}

?>

</body>

</html>

 

Cheers

[revraz]

You want to use a IF statement to check if the form was submitted.  If it was not, display the form.  If it was, execute the code and display errors.

[stublackett]

So I'd put the IF before the Validation code for the Submit Button?

 

Whats the best way to do that?

 

move the if (isset($_REQUEST['Submit']))

To the first PHP Script?

[revraz]

Logic

 

Check if form submitted

If so, process PHP

if not, display form

[stublackett]

Ok, I've got that logic

 

What I've done is set the form ACTION to "register.php"

 

The Register.php file is as follows :

 

<?php

####################################################################

################ DATABASE CONNECT ##############################

####################################################################

$hostname = "localhost";

$db_user = "root";

$db_password = "";

$dbname = "login";

$db_table = "users";

 

 

# STOP HERE

####################################################################

# THIS CODE IS USED TO CONNECT TO THE MYSQL DATABASE

$db = mysql_connect($hostname, $db_user, $db_password);

mysql_select_db($dbname,$db);

?>

<?php #Script register.php By Stuart Blackett - [email protected]

$username = $_POST['username'];

$fullname = $_POST['fullname'];

$email = $_POST['email'];

$password = $_POST['password1'];

$level = $_POST['level'];

$address1 = $_POST['address1'];

$address2 = $_POST['address2'];

$city = $_POST['city'];

$zip = $_POST['zip'];

 

if (isset($_REQUEST['Submit']))

// Check $_POST['username'] and strip any slashes

if (!empty($_POST['username'])) {

$username = stripslashes($_POST['username']);

}else{

$username = NULL;

echo '<p><font color="red">You did not enter your desired username</font></p>';

}

 

//Check Full Name

if (!empty($_POST['fullname'])) {

$fullname = TRUE;

}else{

$fullname = NULL;

echo '<p><font color="red">You did not enter your fullname</font></p>';

}

 

//Check E-Mail Address

if (!empty($_POST['email'])) {

$email = TRUE;

}else{

$email = NULL;

echo '<p><font color="red">You did not enter your E-Mail Address</font></p>';

}

 

//Check Password

if (!empty($_POST['password1'])) {

$password1 = TRUE;

}else{

$password1 = NULL;

echo '<p><font color="red">You did not enter your First Password</font></p>';

}

 

//Check E-Mail Address

if (!empty($_POST['password2'])) {

$password2 = TRUE;

}else{

$password2 = NULL;

echo '<p><font color="red">You did not confirm your password</font></p>';

}

 

//Check Address Line 1

if (!empty($_POST['address1'])) {

$address1 = TRUE;

}else{

$address1 = NULL;

echo '<p><font color="red">You need to specify the first line of your address</font></p>';

}

 

//Check Address Line 2

if (!empty($_POST['address2'])) {

$address2 = TRUE;

}else{

$address2 = NULL;

echo '<p><font color="red">You need to specify the second line of your address</font></p>';

}

 

//Check City

if (!empty($_POST['city'])) {

$city = TRUE;

}else{

$city = NULL;

echo '<p><font color="red">You need to specify the town or city you live in</font></p>';

}

 

//Check Post Code

if (!empty($_POST['zip'])) {

$zip = TRUE;

}else{

$zip = NULL;

echo '<p><font color="red">You need to specify your post-code</font></p>';

}

 

// If everything is filled out print the message.

if($username && $password1) {

 

{

# THIS CODE TELLS MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE

$sql = "INSERT INTO $db_table(username,fullname,email,password,level,address1,address2,city,zip) values ('$username','$fullname','$email','$password','$level','$address1','$address2','$city','$zip')";

($result = mysql_query($sql ,$db));

 

echo "Thank you, <b>$username</b>. You have now registered<br />

With the details $fullname, $email, $password, $level, $address1, $address2, $city, $zip

Proceed to Login";

 

echo '';

}

?>

 

But the problem I now have is, That its picking up the username and password no problem, But everything else that is inserted into the database has a value of "1"

Any ideas?