SitePoint Sponsor |
|
User Tag List
Results 1 to 3 of 3
-
Nov 25, 2002, 15:53 #1
- Join Date
- Oct 2002
- Posts
- 311
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Even with an invalid email address, code still inputs to database...huh?
Hey,
Ok below is the sign up script for my site, now I have a problem. I am validating email addresses so that I don't get any addresses without @ in them. Thing is, even though I tell it to output an error message, it still inputs the information into the database. Can you guys spot anything wrong?
PHP Code:<?php
#open session#
session_save_path('/home/mydir/data');
session_start();
if ($access_name=="") {
$title = "Hello, you are not logged in. Please click <a href=\"login.php\">here</a> to log in. To sign up click
<a href=signup.php>here</a>.";
}else{
$title = "Hello $access_name, please click <a href=/members/welcome.php>here</a> to visit the members section.";
}
$form_complete="";
if ($formsubmit==1) {$formsubmit="";$sucess="";
#db connection#
include("access/data.inc.php");
mysql_connect ($SQLhost, $SQLuser, $SQLpass);
mysql_select_db ($SQLdb);
#null error report.#
$error="";
if ( ($firstname=="") || ($lastname=="") || ($addressline1=="") || ($city=="") || ($postcode=="") || ($telephonenumber=="") || ($email=="") )
{
$error_field=1;
$error.="Please ensure that you have entered all information requested by the signup form.";
}else{
#Check email address validity#
if(!ereg("^[_a-zA-Z0-9-]+(.[_a-zA-Z0-9-]+)*@([a-zA-Z0-9-]+.)+([a-zA-z]{2,3})$",$email)) {
$error .= "Your email address is not valid, please try again.<br>\n";
}else{
}
#search for id#
$res_access = mysql_query ("SELECT id, userid, registered, password FROM users where userid='$id'");
$num_access = mysql_num_rows ($res_access);
#duplicates found#
if ($num_access>1)
{
$error .= "Duplicates found, please contast the webmaster about this problem.<br>\n";
#no user found#
}else if ($num_access==0)
{
$error .= "ID wasn't found in our database.<br>\n";
}else{
#insert user into database#
$registered = mysql_result ($res_access,0,"registered");
$password = mysql_result ($res_access,0,"password");
if ($registered=="0")
{
$name = $firstname." ".$lastname;
$address = $addressline1.", ".$addressline2.", ".$city.", ".$county.", ".$postcode;
$telephonenumber;
$email;
$name = strtolower ($name);
$name = ucwords ($name);
$postcode = strtoupper ($postcode);
$postcode = ucwords ($postcode);
$address = strtoupper ($address);
$address = ucwords ($address);
$address = str_replace (", , ",", ",$address);
$telephonenumber = str_replace (" ", "", $telephonenumber);
$telephonenumber = str_replace ("-", "", $telephonenumber);
$telephonenumber = trim ($telephonenumber);
#update db#
@mysql_query ("update users set name='$name', address='$address', telephone='$telephonenumber', email='$email', registered='1' WHERE userid='$id' ");
$error .= "New user registration completed. You have been emailed your password.<br>\n";
#send email with password#
$From = 'Registration <chris@yduk.net>';
$headers .= "From: $From\r\n";
$subject = "Your details...";
$message = "Dear $name,\n\nThank you for registering!\n\nBelow are your login details needed to access the website. We advise you to keep these details in a secure place.\n\nID: $id \nPassword: $password";
mail($email, $subject, $message, $headers);
//mail($contactemail, $subject, $message, $headers);
header("Location: success.php?Name=$name&Email=$email");
$sucess=1;
}else{
#user already registered#
$error .= "This ID has already been registered.<br>\n";
}
}
}
$form_complete="1";
}
?>
Chris
-
Nov 25, 2002, 18:21 #2
- Join Date
- Dec 2000
- Location
- USA
- Posts
- 39
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
PHP Code:$error .= "Your email address is not valid, please try again.<br>\n";
}else{
}
#search for id#
$res_access
PHP Code:$error .= "Your email address is not valid, please try again.<br>\n";
-
Nov 26, 2002, 12:58 #3
- Join Date
- Sep 2002
- Posts
- 88
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
if ( ($firstname=="") || ($lastname=="") || ($addressline1=="") || ($city=="") || ($postcode=="") || ($telephonenumber=="") || ($email=="") )
you have email being null (""), but you want to check for an @ in the address..
I got this from PHP Builder
if (!ereg("([[:alnum:]\.\-]+)(\@[[:alnum:]\.\-]+\.+)", $email)) {
$result = 'Not a valid email address';
}
Bookmarks