synchro_irl Posted February 22, 2008 Share Posted February 22, 2008 hey guys hope yer all well im trying to validate my code, here it is: //Database Information $dbhost = "localhost"; $dbname = "mydatabase"; $dbuser = "root"; $dbpass = "password"; //Connect to database mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); $name = $_POST['name']; $email = $_POST['email']; $type = $_POST['type']; $location = $_POST['location']; $availability = $_POST['availability']; $username = $_POST['username']; $password = md5($_POST['password']); $query = "INSERT INTO mytable (name, email,Type, location, availability, username, password) VALUES('$name', '$email','$type','$location','$availability','$username', '$password')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo "You have successfully Registered"; ?> now i want to have an error message appearing on clickint he submit button, if the user enters: nothing an incorrect datatype for example, letters instead of numbers. how do i do this in php if the database is mysql? thanks steve Quote Link to comment Share on other sites More sharing options...
deansatch Posted February 22, 2008 Share Posted February 22, 2008 *NOTE: You should also do the same in javascript. I would do it seperately for each. e.g if(!$_POST['name']){echo 'You must supply a name! click your back button and try again.';exit();} if(!$_POST['email']){echo 'You must supply your email address! click your back button and try again.'; exit();} if(!$_POST['type']){echo 'You must specify a type! click your back button and try again.'; exit();} etc... Quote Link to comment Share on other sites More sharing options...
uniflare Posted February 22, 2008 Share Posted February 22, 2008 ok do you want to immediately say error whe nthe user tries to submit? (if so you need to ask some java forums or get some code snippets for this) or do you want to validate *after* the user submits the data? if so then you need some regular expressions using preg_match() or something similar. checking if a field is emptpy in php is extremely simple: <?php if($_POST['username'] == null){ echo("Please provide a username"); } ?> there are tons of email validation regex's just google for "PHP EMAIL REGEX" and you should get more than enough examples. you can easily check for numbers by using is_numeric(); eg: <?php if(!is_numeric($_POST['age'])){ echo("Age must be numeric (numbers only)"); } ?> hope this helps, Quote Link to comment Share on other sites More sharing options...
synchro_irl Posted February 22, 2008 Author Share Posted February 22, 2008 thanks for the help guys, where will i put this code? thanks steve Quote Link to comment Share on other sites More sharing options...
uniflare Posted February 22, 2008 Share Posted February 22, 2008 for starters look on google for "php security" namelt: sql injection attacks. your script is wide open. //Database Information $dbhost = "localhost"; $dbname = "mydatabase"; $dbuser = "root"; $dbpass = "password"; //Connect to database mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); // NOTICE: mysql_escape_string() used on ALL user submitted data $name = mysql_escape_string($_POST['name']); $email = mysql_escape_string($_POST['email']); $type = mysql_escape_string($_POST['type']); $location = mysql_escape_string($_POST['location']); $availability = mysql_escape_string($_POST['availability']); $username = mysql_escape_string($_POST['username']); $password = md5($_POST['password']); // add checks here: if($name == null || $email == null || $type == null || $location == null || $availability == null || username == null || $_POST['password'] == null){ exit("One or more fields are empty, please try again."); } // you should probably do an email check, and whatever other checks you want. // Make sure you dont execute the query after telling the client his data is incorrect (note above i used exit(); instead of echo() $query = "INSERT INTO mytable (name, email,Type, location, availability, username, password) VALUES('$name', '$email','$type','$location','$availability','$username', '$password')"; mysql_query($query) or die(mysql_error()); mysql_close(); echo "You have successfully Registered"; ?> hope this helps, Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.