Registration Form - Check that everything is filled in!

[murtz]

Hi everyone..

 

Im currently building a website for a second hand book shop.. and Im creating a registration page.

 

The code for it is below..

--------------------------------------

<?php

ini_set('session.gc_maxlifetime', 10);

session_start();

 

include('connect.php');

 

$tbl_name = "student";

 

mysql_connect("$host", "$username", "$password") or die ("Cannot Connect To The Database");

mysql_select_db("$dbname") or die("Cannot Select Database");

 

$student_id=$_POST['pid'];

$full_name=$_POST['full_name'];

$course=$_POST['course'];

$email_address=$_POST['email_address'];

$password=$_POST['password'];

 

$adduser = "INSERT INTO student (student_id, full_name, course, email_address, password)

VALUES('$student_id','$full_name','$course','$email_address','$password')";

 

mysql_query($adduser)

or die ('Registration was Unsuccessful, The P number already exists');

 

// Check if the form has been submitted.

if (mysql_affected_rows() ==1)

header("location:registercomplete.php")

?>

---------------------------------------------------------------------

 

So far.. all the data is going into the database and Im able to log in aswell. I now want to put some code in that will check if different parts of the form have been filled in (the fields I have are 'student_id', 'full_name', 'email_address', 'password')

 

Im trying this code..

----------------------------------------------------------

if (isset($_POST['submit'])) { // if form has been submitted

    /* check they filled in what they supposed to,

    passwords matched, username

    isn't already taken, etc. */

 

    if (!$_POST['uname'] || !$_POST['passwd'] ||

        !$_POST['passwd_again'] || !$_POST['email']) {

        die('You did not fill in a required field.');

    }

---------------------------------------------------------

but it doesnt seem to work.. I might be putting it in the wrong place (I tried putting it after I declared the variables before $adduser)

 

Also.. while Im at it.. Id like to send a confirmation email after the person has registered..Im trying to use the code below;

-------------------------------------------------------------------------------

if (mysql_affected_rows() ==1) {

 

// Send an email.

$body = "Thank you for registering with our site! Your your password is '{$_POST['password']}";

mail ($_POST['email_address'], 'Thank you for registering!', $body, 'From: admin@dmubookline.com');

}

---------------------------------------------------------------------------------

but that doesnt seem to be working at all!!

 

 

Sorry I know Ive gone on a bit.. Im just starting out on PHP!

 

Thanks in advance!!

[phusmc]

Have you tried empty()?  See if the fields are empty.

http://www.php.net/manual/en/function.empty.php

[Psycho]

There are a lot of problems with that code:

 

1. You are not using trim & not "cleaning" the user input

2. The line

or die ('Registration was Unsuccessful, The P number already exists');

makes an assumption that may not be true

3. You need to validate that the passwords match.

4. I think this line is unnecessary

if (mysql_affected_rows() == 1)

If the query doesn't fail then a record is entered, correct?

 

What does the file 'connect.php' do? You are already connecting to the db in this script.

 

Typically I include the form processing in the same script page as the form, that way if validation fails you can repopulate the form with the entered values. Here's an example:

 

<?php
ini_set('session.gc_maxlifetime', 10);
session_start();

$error = '';


if (isset($_POST['submit'])) { // if form has been submitted

    include('connect.php');

    mysql_connect("$host", "$username", "$password") or die ("Cannot Connect To The Database");
    mysql_select_db("$dbname") or die("Cannot Select Database");

    //trim input and make DB safe
    $student_id = mysql_real_escape_string(trim($_POST['pid']));
    $full_name = mysql_real_escape_string(trim($_POST['full_name']));
    $course = mysql_real_escape_string(trim($_POST['course']));
    $email_address = mysql_real_escape_string(trim($_POST['email_address']));
    $password = mysql_real_escape_string(trim($_POST['password']));
    $password_again = mysql_real_escape_string(trim($_POST['password_again']));

    //Form validation
    if (empty($student_id) || empty($full_name) || empty($course) || empty($email_address) || empty()) {
        //Checked all required fields
        $error = 'You did not fill in all required fields.';
    } else if ($password!=$password_again) {
        //Checked that passwords match
        $error = 'Your passwords do not match.';
    } else {
        //Check for duplicate id number
        $query = "SELECT * FROM student WHERE student_id = '$student_id'";
        $result = mysql_query($query) or die ("The query:<br>$query<br>Produced the error:<br>".mysql_error());
        if (mysql_num_rows($result)!=0) {
            $error = 'That student ID number already exists.';
        }
    }

    if (!$error) {
        $adduser = "INSERT INTO student (student_id, full_name, course, email_address, password)
              VALUES('','"$full_name','$course','$email_address','$password')";

        $result = mysql_query($adduser) or die ("The query:<br>$adduser<br>Produced the error:<br>".mysql_error());
        header("location:registercomplete.php");
    }
}
?>

<html>
<head></head>
<body>
  <?php echo $error; ?>
  <form name="registration" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    Student ID: <input type="text" name="pid" value="<?php echo $_POST['pid']; ?>" /><br>
    Ful Name: <input type="text" name="full_name" value="<?php echo $_POST['full_name']; ?>" /><br>
    course: <input type="text" name="course" value="<?php echo $_POST['course']; ?>" /><br>
    Email: <input type="text" name="email_address" value="<?php echo $_POST['email_address']; ?>" /><br>
    Password: <input type="text" name="password"><br>
    Verify Password: <input type="text" name="passwd_again"><br>
    <button type="submit">Submit</button>
  </form>
</body>
</html>

 

[murtz]

thanks for all the help so far!

 

mjdamato, Ive tried some of your code but it doesnt seem to be working 

 

So.. I tried to do a bit of my own..

 

if (empty($student_id)) {
    echo 'Student P Number , ';
}
if (empty($full_name)) {
    echo 'Full Name , ';
}

if (empty($email_address)) {
    echo 'Email address , ';
}

if (empty($password)) {
    echo 'Password , ';
}

$adduser = "INSERT INTO student (student_id, full_name, course, email_address, password)
	VALUES('$student_id','$full_name','$course','$email_address','$password')";

mysql_query($adduser)
or die ('Registration was Unsuccessful, Please double check that the fields below have been completed correctly');

// Check if the form has been submitted.
if (mysql_affected_rows() ==1) 
header("location:registercomplete.php")
?>

 

Student_id is my primary key.. and its only when the form has student_id as something that already exists in the database that the errors come on the screen. If I enter a Student_id that is different to something that already is in the database, it goes ahead and inserts the record!

 

Please help!

[trq]

if the student_id field is your primary key then it should be an auto incrementing field. don't let your users pick the primary key, it must be unique and is therefore better to let mysql create it for you.

[Psycho]

Ive tried some of your code but it doesnt seem to be working

 

"How" is it not working? I don't have your database set up so I can't test the code - there may be syntax errors (as stated in my sig).

 

The code you posted last does nothing to prevent the insert of records. The code I posted should be a valid process to handle the functionality you need - but it probably needs some massaging.