validating code

[synchro_irl]

hey guys

hope yer all well im trying to validate my code, here it is:

 

 //Database Information

$dbhost = "localhost";
$dbname = "mydatabase";
$dbuser = "root";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

    
$name = $_POST['name'];
$email = $_POST['email'];
$type = $_POST['type'];
$location = $_POST['location'];
$availability = $_POST['availability'];
$username = $_POST['username'];
$password = md5($_POST['password']);



$query = "INSERT INTO mytable (name, email,Type, location, availability, username, password)
VALUES('$name', '$email','$type','$location','$availability','$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";
   
    


?>

 

now i want to have an error message appearing on clickint he submit button, if the user enters:

nothing

an incorrect datatype for example, letters instead of numbers.

 

how do i do this in php if the database is mysql?

thanks

steve

 

 

[deansatch]

*NOTE: You should also do the same in javascript.

 

I would do it seperately for each.

e.g

if(!$_POST['name']){echo 'You must supply a name! click your back button and try again.';exit();}
if(!$_POST['email']){echo 'You must supply your email address! click your back button and try again.'; exit();}
if(!$_POST['type']){echo 'You must specify a type! click your back button and try again.'; exit();}

 

etc...

[uniflare]

ok do you want to immediately say error whe nthe user tries to submit? (if so you need to ask some java forums or get some code snippets for this)

 

or do you want to validate *after* the user submits the data? if so then you need some regular expressions using preg_match() or something similar.

 

checking if a field is emptpy in php is extremely simple:

 

<?php

if($_POST['username'] == null){
  echo("Please provide a username");
}

?>

 

there are tons of email validation regex's just google for "PHP EMAIL REGEX" and you should get more than enough examples.

 

you can easily check for numbers by using is_numeric(); eg:

 

<?php
if(!is_numeric($_POST['age'])){
  echo("Age must be numeric (numbers only)");
}
?>

 

hope this helps,

[synchro_irl]

thanks for the help guys, where will i put this code?

thanks

steve

[uniflare]

for starters look on google for "php security" namelt: sql injection attacks. your script is wide open.

 

//Database Information

$dbhost = "localhost";
$dbname = "mydatabase";
$dbuser = "root";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

    
// NOTICE: mysql_escape_string() used on ALL user submitted data
$name = mysql_escape_string($_POST['name']);
$email = mysql_escape_string($_POST['email']);
$type = mysql_escape_string($_POST['type']);
$location = mysql_escape_string($_POST['location']);
$availability = mysql_escape_string($_POST['availability']);
$username = mysql_escape_string($_POST['username']);
$password = md5($_POST['password']);

// add checks here:

if($name == null || $email == null || $type == null || $location == null || $availability == null || username == null || $_POST['password'] == null){
   exit("One or more fields are empty, please try again.");
}

// you should probably do an email check, and whatever other checks you want.

// Make sure you dont execute the query after telling the client his data is incorrect (note above i used exit(); instead of echo()

$query = "INSERT INTO mytable (name, email,Type, location, availability, username, password)
VALUES('$name', '$email','$type','$location','$availability','$username', '$password')";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";
   
   
?>

 

hope this helps,