SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict sedna's Avatar
    Join Date
    Jan 2006
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    form validation problems?

    hello i have tried to setup form validation on my user registration from however it does not validate the data in it have i missed something, oh i am a newbie when it comes to php development

    PHP Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>User Registration</title>

    </head>

    <body>

    </body>

    <?php
    //include 'include/config.php';

    $dbcon = @mysql_connect('localhost''root');
        if (!
    $dbcon) {
            exit(
    '<p> unable to connect to the database server at this time </p>');
        }

    if (!@
    mysql_select_db('website')) {
            exit(
    '<p>unable to locate the joke database</p>');
        }

    $firstname $_POST['firstname']; 
    $lastname $_POST['lastname']; 
    $email $_POST['email']; 
    $username $_POST['username']; 
    $password $_POST['password']; 
     
     
    // Validation Routine
    $error 0;
    $error_mes '';
    if (
    strlen($_POST['firstname']) < 1) {$error $error 1$error_mes .= "Sorry, no name entered\n";}
    if (
    strlen($_POST['lastname']) < 1) {$error $error 1$error_mes .= "Sorry, no last name entered\n";}
    if (
    strlen($_POST['email']) < 1) {$error $error 1$error_mes .= "Sorry, no email entered\n";}
    if (
    strlen($_POST['username']) < 1) {$error $error 1$error_mes .= "Sorry, no username entered\n";}
    if (
    strlen($_POST['password']) < 1) {$error $error 1$error_mes .= "Sorry, no password entered\n";}

    if (
    $error >= 1) {;}
    else { 
    // If no errors, enter data into database
        
    $sql "INSERT INTO members SET 
            firstname='
    $firstname', 
            lastname='
    $lastname', 
            username='
    $username', 
            password='
    $password', 
            email='
    $email'";
           
        if (@
    mysql_query($sql)) { 
            echo 
    '<p>User Created! Thank you.</p>';
        } else { 
            echo 
    '<p>Database Error - Unable to create user</p>';
        }
    }
    ?>



    <?php
    if ($_POST){
        if (
    $error >= 1)
        { 
    // Prints any errors at the beginning of the page
    //    echo "<PRE>";
    //    echo "<span style=\"color: red;\">Errors!!!\n\n";
    //    echo $error_mes;
    //    echo "</span>";
    //    echo "</PRE>";
    }
    }
    ?>

    <?php if ($error 0) { ?>

    <form action=" <?php echo $_SERVER['PHP_SELF']; ?> " method="post"> 
    <label for="firstname">Enter your Firstname <br />
    <input type="text" name="firstname" id="firstname" value="<?php if (strlen($firstname) > ) {echo $firstname;} ?>" /> </label><br />

    <span id="error_name" class="errormessage">
    <?php if ($_POST && strlen($_POST['firstname']) < 1) {echo "<p class \"error\"> no name entered.</p>";} ?>
    </span>

    <label for="lastname">Enter your Lastname <br />
    <input type="text" name="lastname" id="lastname" value="<?php if (strlen($lastname) > ) {echo $lastname;} ?>" /> </label><br />

    <span id="error_lastname" class="errormessage">
    <?php if ($_POST && strlen($_POST['lastname']) < 1) {echo "<p class \"error\"> no Last name entered.</p>";} ?>
    </span>

    <label for="username">Enter your Username <br />
    <input type="text" name="username" id="username" value="<?php if (strlen($username) > ) {echo $username;} ?>" /> </label><br />

    <span id="error_lastname" class="errormessage">
    <?php if ($_POST && strlen($_POST['username']) < 1) {echo "<p class \"error\"> no username entered.</p>";} ?>
    </span>


    <label for="password">Enter your password <br />
    <input type="password" name="password" id="password" value="<?php if (strlen($password) > ) {echo $password;} ?>" /> </label><br />

    <span id="error_lastname" class="errormessage">
    <?php if ($_POST && strlen($_POST['password']) < 1) {echo "<p class \"error\"> no password entered.</p>";} ?>
    </span>


    <label for="mail">Enter E-Mail<br /> 
    <input type="text" name="email" id="email" value="<?php if (strlen($email) > 0) {echo $email;} ?>" /></label><br /> 

    <span id="error_email" class="errormessage">

    <?php

    if ($_POST){
      
    // This regex from http://www.smartwebby.com/PHP/emailvalidation.asp
      
    if (ereg("^[^@ ]+@[^@ ]+\.[^@ ]+$",$email)) {;} else {echo "<P class=\"error\">This is invalid email address.</P>";}
    }
    ?>
    </span> 
    <input type="submit" name="add_user" value="Register" id="adduser" />
    </form>
    <?php }?>


    </html>
    regards

    Joe

  2. #2
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are just checking that the fields have data in them, then use empty, unless the number 0 is a valid input. That or compare to an empty string after trimming the value.

    These variables aren't escaped either. You mention that this is a contact form, so I assume it's not a test script. If it's for production do escaping even in development. If it's worth doing, it's worth doing from the start.

  3. #3
    SitePoint Addict sedna's Avatar
    Join Date
    Jan 2006
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok how do i do thats as said i am a newbie and i am having problems finding a solution on google

  4. #4
    SitePoint Guru mmarif4u's Avatar
    Join Date
    Dec 2006
    Location
    /dev/swat
    Posts
    619
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    to make ur form input more secure b4 inserting it to db.
    try this:
    PHP Code:
    $firstname mysql_real_escape_string($_POST['firstname']); 

    $lastname mysql_real_escape_string($_POST['lastname']); 

    $email mysql_real_escape_string($_POST['email']); 

    $username mysql_real_escape_string($_POST['username']); 

    $password mysql_real_escape_string($_POST['password']); 
    Now for validation use regex like:

    PHP Code:
        if ($firstname== '')
        { echo 
    "Name field is blank";
    }
       
        if ( !
    preg_match('/^[a-zA-Z\" "]*$/',$firstname )
           {
            echo 
    "The Name that you have given is not valid.Please try again.";
              } 
    This is give u example,change ur code according to ur script.

  5. #5
    SitePoint Addict sedna's Avatar
    Join Date
    Jan 2006
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you kind sir this will help me a lot

  6. #6
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Dont give the extra load to the server to check the posted fields each time the page is loaded. Try to check whether the form was posted or not before checking all the things:
    Code php:
    if($_SERVER['REQUEST_METHOD'] == "POST"){ //if the form was posted then only do something....
    	$firstname = mysql_real_escape_string($_POST['firstname']); 
    	$lastname = mysql_real_escape_string($_POST['lastname']); 
    	$email = mysql_real_escape_string($_POST['email']); 
    	$username = mysql_real_escape_string($_POST['username']); 
    	$password = mysql_real_escape_string($_POST['password']); 
     
    	// Validation Routine
    	$error = 0;
    	$error_mes = '';
    	if (strlen($_POST['firstname']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no name entered\n";}
    	if (strlen($_POST['lastname']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no last name entered\n";}
    	if (strlen($_POST['email']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no email entered\n";}
    	if (strlen($_POST['username']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no username entered\n";}
    	if (strlen($_POST['password']) < 1) {$error = $error + 1; $error_mes .= "Sorry, no password entered\n";}
     
    	if($error >= 1) {
    		echo "<PRE>";
    		echo "<span style=\"color: red;\">Errors!!!\n\n";
    		echo $error_mes;
    		echo "</span>";
    		echo "</PRE>";
    	}
    	else{// If no errors, enter data into database
    		$sql = "INSERT INTO members SET 
    			firstname='$firstname', 
    			lastname='$lastname', 
    			username='$username', 
    			password='$password', 
    			email='$email'";
     
    		if (@mysql_query($sql)) { 
    			echo '<p>User Created! Thank you.</p>';
    		}
    		else { 
    			echo '<p>Database Error - Unable to create user</p>';
    		}
    	}
    }

    And it would not specify $_SERVER['PHP_SELF'] for form's action attribute. Just let action="" only which will post in the same page.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  7. #7
    SitePoint Addict sedna's Avatar
    Join Date
    Jan 2006
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok the only problem that i am having now is validating the email for example if i don't enter nothing in the email filed it says invalid email but if i just enter "j" it excepts it and i don't want it to but i have looked over my regx but can't seem to find a problem with it

  8. #8
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    if(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$'$email)){
        echo 
    "valid";
    }
    else{
        echo 
    "not valid";

    Or see:
    http://www.sitepoint.com/article/reg...ressions-php/2
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  9. #9
    play of mind Ernie1's Avatar
    Join Date
    Sep 2005
    Posts
    1,252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rajug View Post
    PHP Code:
    if(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$'$email)){
        echo 
    "valid";
    }
    else{
        echo 
    "not valid";

    eregi — Case insensitive regular expression match
    PHP Code:
    if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$/i",$email)){

    echo 
    "valid";

    }else{

    echo 
    "not valid";


    Last edited by Ernie1; Dec 5, 2007 at 08:19.
    my mobile portal
    ghiris.ro


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •