Editing a form validation

[PRodgers4284]

I want add validation to a form for editing a user account, i have the validation code i need but im having trouble putting it together, i want the same validation that i have in the registration form to be included on the edit account form, my code for the registration form and edit account form is:

 

<?php 
$error_stat = 0; 
$username_message = '';
$forename_message = '';
$surname_message = '';
$email_message = '';
$mobile_message = '';
$dob_message = '';
$location_message = '';


if (isset($_POST['submit'])) { 

$username = $_POST['username']; 
$forename = $_POST['forename']; 
$surname = $_POST['surname']; 
$email = $_POST['email']; 
$mobile = $_POST['mobile']; 
$dob = $_POST['dob']; 
$location = $_POST['location'];  


//Error checking 

//Username check) 
if (empty($username)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$username_message = '*Please enter a username*';
} 
if(usernameTaken($username,$conn))
{
    $error_stat = 1;
    $username_message = '*User name is taken, choose another one*';
}

$username = $_POST['username']; 
$username = trim($username); 

   if (strlen($username) > 12){ 
   $error_stat = 1; 
   $username_message = '*The username must be 12 characters or less*'; 
} 

$username = $_POST['username']; 
$username = trim($username); 

   if (strlen($username) < 4){ 
   $error_stat = 1; 
   $username_message = '*Username must be at least 4 characters*'; 
} 

else if ( preg_match( '/\W/', $username)){
     $error_stat = 1; 
    $username_message = '*Invalid username, letters only, no spaces*'; 

} 

//Forename check) 
if (empty($forename)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$forename_message = '*Please enter your forename*';
}

else if (ctype_digit($forename)) { 
   $error_stat = 1; 
   $forename_message .= '*Invalid forename*'; 
} 

else if ( preg_match( '/\W/', $forename)){
     $error_stat = 1; 
    $forename_message = '*Invalid forename, letters only, no spaces*'; 

} 


$forename = $_POST['forename']; 
$forename = trim($forename); 

   if (strlen($forename) > 12){ 
   $error_stat = 1; 
   $forename_message = '*The forename must be 12 characters or less*'; 
}  




//Surname check) 
if (empty($surname)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$surname_message = '*Please enter your surname*';
}

else if (ctype_digit($surname)) { 
   $error_stat = 1; 
   $surname_message .= '*Invalid surname*'; 
} 

else if ( preg_match( '/\W/', $surname)){
     $error_stat = 1; 
    $surname_message = '*Invalid surname, letters only, no spaces*'; 

} 

$surname = $_POST['surname']; 
$surname = trim($surname); 

   if (strlen($surname) > 12){ 
   $error_stat = 1; 
   $surname_message = '*The surname must be 12 characters or less*'; 
} 




//Email check) 
if (empty($email)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter an email address
$email_message = '*Please enter your email address*';
}

//Check format of email address entered
else if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)){
$error_stat = 1; 		 
//Set the message to tell the user to enter a valid email address
$email_message = '*Invalid Email Address*';
}

if(emailTaken($email,$conn))
{
    $error_stat = 1;
    $email_message = '*Email is taken please choose another one*';
}

$email = $_POST['email']; 
$email = trim($email); 

   if (strlen($email) > 30){ 
   $error_stat = 1; 
   $email_message = '*The email address must be 30 characters or less*'; 
}  




//Mobile number check) 

if (empty($mobile)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a dob
$mobile_message = '*Please enter your mobile number*';
}

else if (!ctype_digit($mobile)) { 
   $error_stat = 1; 
   $mobile_message .= '*The mobile phone number must be only numbers*'; 
}

if(mobileTaken($mobile,$conn))
{
    $error_stat = 1;
    $mobile_message = '*Mobile already in use, choose another one*';
}



$mobile = $_POST['mobile']; 
$mobile = trim($mobile); 

   if (strlen($mobile) > 11){ 
   $error_stat = 1; 
   $mobile_message = '*Invalid mobile number*'; 
}

$mobile = $_POST['mobile']; 
$mobile = trim($mobile); 

   if (strlen($mobile) < 11){ 
   $error_stat = 1; 
   $mobile_message = '*Invalid mobile number, must be 11 numbers*'; 
}  
  

//DOB check) 

if (empty($dob)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a dob
$dob_message = '*Please enter your date of birth*';
}

//Check the format and explode into $parts
  elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$", 
          $dob, $parts)){
$error_stat = 1; 	

//Set the message to tell the user the date is invalid
$dob_message = '*Invalid dob, must be DD/MM/YYYY format*';
}
    
  elseif (!checkdate($parts[2],$parts[1],$parts[3]))
  {
  $error_stat = 1; 
  
  //Set the message to tell the date is invalid for the month entered
$dob_message = '*Invalid dob, month must be between 1-12*';
}

elseif (intval($parts[3]) < 1948 || 
          intval($parts[3]) > intval(date("Y")))
  {
    
    $error_stat = 1; 

   //Set the message to tell the user the date is invalid for the year entered
$dob_message = '*Invalid dob, year must 1948 onwards*';
  }

if ($location == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$location_message = '*Please select a location*';
}



//Then, only run the query if there were no errors (if $error_stat still equals 0) 
if ($error_stat == 0) { 
   mysql_query("INSERT INTO users (username, password, forename, surname, email, mobile, dob, location, ipaddress) VALUES ('$username', '$md5password', '$forename', '$surname', '$email', '$mobile', '$dob', '$location', '$ip')"); 
   echo "<h3>Registration Successful!</h3>"; 
   echo "<p>Thankyou, <b>$username</b>,registration was successful</p>"; 
   echo "<p>login.</p>";
  	echo "<a href=\"index.php\">Login</a>";
  	
}
}


//Then, for the form, only show it if 1) the form hasn't been submitted yet OR 2) there is an error 
if (!isset($_POST['submit']) || $error_stat == 1) { 
?> 

 

 

Edit account code is:

 

<?php  
if ($_SERVER["REQUEST_METHOD"] == "POST")  
{  
   $update = mysql_query("UPDATE users SET username='" . $_POST["username"] . "',forename='" . $_POST["forename"] . "',surname='" . $_POST["surname"] . "',email='" . $_POST["email"] . "',mobile='" . $_POST["mobile"] . "',dob='" . $_POST["dob"] . "',location='" . $_POST["location"] . "',about='" . $_POST["about"] . "' WHERE username='" . $_SESSION["username"] . "'");  
?>  
           
<br /> 
<a href="viewemployeedetails.php">Back to main page</a> 
<br /> 
<br /> 
<br /> 
You have successfully updated your account . 
<?php  
}  
else  
{  
   $account = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username='" . $_SESSION["username"] . "'"));  
?>