SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Oct 2002
    Posts
    311
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Even with an invalid email address, code still inputs to database...huh?

    Hey,
    Ok below is the sign up script for my site, now I have a problem. I am validating email addresses so that I don't get any addresses without @ in them. Thing is, even though I tell it to output an error message, it still inputs the information into the database. Can you guys spot anything wrong?

    PHP Code:
    <?php 

    #open session#
    session_save_path('/home/mydir/data'); 
    session_start(); 

    if (
    $access_name=="") {
    $title "Hello, you are not logged in. Please click <a href=\"login.php\">here</a> to log in. To sign up click 
    <a href=signup.php>here</a>."
    ;
    }else{ 
    $title "Hello $access_name, please click <a href=/members/welcome.php>here</a> to visit the members section.";
    }


    $form_complete="";
    if (
    $formsubmit==1) {$formsubmit="";$sucess="";

    #db connection#
    include("access/data.inc.php");
    mysql_connect ($SQLhost$SQLuser$SQLpass);
    mysql_select_db ($SQLdb);

    #null error report.#
    $error="";

    if ( (
    $firstname=="") || ($lastname=="") || ($addressline1=="") || ($city=="") || ($postcode=="") || ($telephonenumber=="") || ($email=="") )
        {
            
    $error_field=1;
            
    $error.="Please ensure that you have entered all information requested by the signup form.";
        }else{

    #Check email address validity#
    if(!ereg("^[_a-zA-Z0-9-]+(.[_a-zA-Z0-9-]+)*@([a-zA-Z0-9-]+.)+([a-zA-z]{2,3})$",$email)) {
      
    $error .= "Your email address is not valid, please try again.<br>\n";
    }else{

    }

    #search for id#
    $res_access mysql_query ("SELECT id, userid, registered, password FROM users where userid='$id'");
    $num_access mysql_num_rows ($res_access);

    #duplicates found#
    if ($num_access>1
        { 
        
    $error .= "Duplicates found, please contast  the webmaster about this problem.<br>\n"

    #no user found#
        
    }else if ($num_access==0
        {     
        
    $error .= "ID wasn't found in our database.<br>\n";
        }else{

    #insert user into database#
    $registered mysql_result ($res_access,0,"registered");
    $password mysql_result ($res_access,0,"password");
            if (
    $registered=="0")
                {

    $name $firstname." ".$lastname;
    $address $addressline1.", ".$addressline2.", ".$city.", ".$county.", ".$postcode;
    $telephonenumber;
    $email;

    $name strtolower ($name);
    $name ucwords ($name);
    $postcode strtoupper ($postcode);
    $postcode ucwords ($postcode);
    $address strtoupper ($address);
    $address ucwords ($address);
    $address str_replace (", , ",", ",$address);
    $telephonenumber str_replace (" """$telephonenumber);
    $telephonenumber str_replace ("-"""$telephonenumber);
    $telephonenumber trim ($telephonenumber);

    #update db#
    @mysql_query ("update users set name='$name', address='$address', telephone='$telephonenumber', email='$email', registered='1' WHERE userid='$id' ");
    $error .= "New user registration completed. You have been emailed your password.<br>\n";

    #send email with password#
    $From 'Registration <chris@yduk.net>';
    $headers .= "From: $From\r\n";

    $subject "Your details...";
    $message "Dear $name,\n\nThank you for registering!\n\nBelow are your login details needed to access the website.  We advise you to keep these details in a secure place.\n\nID: $id \nPassword: $password";
    mail($email$subject$message$headers);

    //mail($contactemail, $subject, $message, $headers);
    header("Location: success.php?Name=$name&Email=$email");

    $sucess=1;
                }else{
    #user already registered#
    $error .= "This ID has already been registered.<br>\n";
                }
        }

        }

    $form_complete="1";
    }

    ?>
    Cheers,
    Chris

  2. #2
    SitePoint Enthusiast
    Join Date
    Dec 2000
    Location
    USA
    Posts
    39
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
      $error .= "Your email address is not valid, please try again.<br>\n";
    }else{

    }

    #search for id#
    $res_access 
    You closed your else tag causing the script to parse the rest. Either remove that } and put it after the section where it adds the entry to your database or you could put an exit after:
    PHP Code:
    $error .= "Your email address is not valid, please try again.<br>\n"
    Living the OO way.
    Hardware Help | Desperados!

  3. #3
    SitePoint Enthusiast
    Join Date
    Sep 2002
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if ( ($firstname=="") || ($lastname=="") || ($addressline1=="") || ($city=="") || ($postcode=="") || ($telephonenumber=="") || ($email=="") )


    you have email being null (""), but you want to check for an @ in the address..

    I got this from PHP Builder


    if (!ereg("([[:alnum:]\.\-]+)(\@[[:alnum:]\.\-]+\.+)", $email)) {
    $result = 'Not a valid email address';
    }


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •