SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Evangelist
    Join Date
    Oct 2005
    Posts
    405
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Error Message Handling Problem

    I've done a basic register script and i have included a client side javascript check which checks certina fields to validate. The problem is i want it to check if the username already exists in the database however the script seems to bypass this check for some reason and i was wondering if someone could point me in the right direction?


    Thanks

    PHP Code:
    <?php 

    require_once('../classes/database.class.php');
    require 
    "../classes/class.imagetransform.php";


    $username $_POST['username2'];
    $password $_POST['password1'];
    $validpassword $_POST['password2'];
    $password2 md5($password);
    $name $_POST['name'];
    $email$_POST['email'];
    $age $_POST['age'];
    $gender $_POST['gender'];
    $location $_POST['location'];
    $level $_POST['level'];
    $handicap $_POST['handicap'];
    $clubmember $_POST['clubmember'];
    $localcourse$_POST['localcourse'];
    $score$_POST['score'];
    $drive $_POST['drive'];
    $course$_POST['course'];
    $desc $_POST['desc'];
    $driver1 $_POST['driver1'];
    $driver2$_POST['driver2'];
    $fairwood1 $_POST['fair1'];
    $fairwood2 $_POST['fair2'];
    $threeiron $_POST['3iron'];
    $fouriron$_POST['4iron'];
    $fiveiron$_POST['5iron'];
    $sixiron $_POST['6iron'];
    $seveniron$_POST['7iron'];
    $eightiron$_POST['8iron'];
    $nineiron$_POST['9iron'];
    $pitchingwedge $_POST['pitchingwedge'];
    $sandwedge $_POST['sandwedge'];
    $putter $_POST['putter'];
    $favclub$_POST['favclub'];
    $favball$_POST['favball'];
    $favtee$_POST['favtee'];
    $rand rand();
    $time time();

    $database = new database();
                    
    $link_id $database->database_connection();
                    
    $query_check "select * from golfer where username = '$username'";
                    
    $result_check mysql_query($query_check) or die(mysql_error());
                    
    $total_rows_check mysql_num_rows($result_check);
                    
    $file_check mysql_fetch_array($result_check);
                    if (!
    $result_check)    
                        {
                            print 
    'There was a database error when executing';
                            print 
    mysql_error();
                            exit;
                        }
                    

    function 
    error_message($msg){
            echo 
    "<script>alert(\"$msg\");history.go(-1)</script>";
            exit;
            }
            
            if(empty(
    $password) || empty($validpassword) || empty($password)) 
            {
                
    error_message("please enter required fields");
                
    $valid false;
            }
            if ((
    $password) != ($validpassword))
            {
                
    error_message("Passwords don't match");
                
    $valid false;
            }
                    
            if(!
    $email
            {
                
    error_message("Please a enter an email.");
                
    $valid false;
            }else
            
            {
                
    $email trim($email);
                
                
    $_name "/^[-!~$%&\'*+\\.\/0-9=?A-Z^_'{|}~]+";
                
    $_host "([-0-9A-Z]+\.)+";
                
    $_tlds "([0-9A-Z]){2,4}$/i";
                
                if(!
    preg_match($_name."@".$_host .$_tlds$email))
                {
                    
    error_message("Email Address has incorrect format");
                    
    $valid =false;
                }
            }
            
            
            if(!
    $username
            {
                
    error_message("Please a enter a Username.");
                
    $valid false;
            }else {

                    
                    if(
    $total_rows_check == 0)  {
                    
    error_message("Username is already taken, please choose a diffrent username");
                    
    $valid false;
                }
            
            }
            
                    

            
    ?>

  2. #2
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If everything is written in php, why are you using javascript validation. If the user has JS turned off, what happens, can he bypass it?

    The way you are checking for username seems a little off, you are checking to see if it ==0 but surely the statement needs to be >0 (more than zero), if the num_rows comes back as 0 it means there is no username like the checked one
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •