Am I doing something wrong here..?

[Sarah]

ok I don't understand why you have that if else query before the drop down boxes (which I took to be the form...) move that else to after the drop down boxes and move the second end if else } to after the drop down boxes, then process the form then have a last }.

As before if you can post your code taking out long section of code BUT leaving in the if else structure then I can help a bit more.

But essentially the if else statement for the Forename section should only end after you have done ALL updating to the dB and drop down boxes etc etc . next will come the form which is in the first if else statement.

Basically you didn't have enough if else statement and brackets hence the error, try and indent each if else section that way you can see what goes in where

Sarah

[mak-uk]

Hi

Sorry, getting a bit confused now

The structure I am using is:

PHP Code:

if (isset($submit)) {
  //  form has been submitted -> do form validation fields.
  // connecto to DB and insert new record
 
} else {
  // connect to DB
  // pre-set SQL for drop-down boxes
  // write out FORM for user to fill in
 
} 


Hence, I constructed:

PHP Code:

<?php if (isset($_POST['submit'])) { // a new member joins using the form below  
// generate and execute query
 $query = "INSERT INTO Members SET " .
 ... etc
 
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
 $memberID = mysql_insert_id();
 // generate and execute query 2
 $query2 = "INSERT INTO Lookup SET " .
 ... etc
 
$result2 = mysql_query($query2) or die ("Error in query 2: $query2. " . mysql_error());
} else { 
 
  // drop-down box query code
 
} 
?>
 
<FORM NAME="mainform" ACTION="<?php echo($_SERVER['PHP_SELF']); ?>" METHOD="POST"
 
... etc (form follows)

Right, so where in that did you suggest I should put:

PHP Code:

if ($_POST["Forename"]='') {
     echo "Please enter your Forename.";
 } else { 


Okay, sorry for my confusion but it would be a lot easier to point out my errors in the code I have posted as a whole.

Thanks.

Mak

[Sarah]

well your snippets of code don't match up !! the first set here

PHP Code:

if (isset($submit)) {
// form has been submitted -> do form validation fields.
// connecto to DB and insert new record

} else {
// connect to DB
// pre-set SQL for drop-down boxes
// write out FORM for user to fill in

} 


is right and to add the new code I would put it in like this

PHP Code:

if (isset($submit)) {
// form has been submitted -> do form validation fields.
// start of validation
  if ($_POST["Forename"]='') {
    echo "Please enter your Forename.";
  } else {
// only if validation is all correct do you insert details into dB
// connecto to DB and insert new record
  }
} else {
// connect to DB
// pre-set SQL for drop-down boxes
// write out FORM for user to fill in

} 


now in your secodn section of code youhave your last } BEFORE your form code where in actual fact it needs to be AFTER your form code (as shown in the examples above!)

PHP Code:

<?php if (isset($_POST['submit'])) { // a new member joins using the form below 
// generate and execute query
$query = "INSERT INTO Members SET " .
... etc

$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
$memberID = mysql_insert_id();
// generate and execute query 2
$query2 = "INSERT INTO Lookup SET " .
... etc

$result2 = mysql_query($query2) or die ("Error in query 2: $query2. " . mysql_error());
} else { 

// drop-down box query code

//} NO NEED TO HAVE FORM FIRST
?>

<FORM NAME="mainform" ACTION="<?php echo($_SERVER['PHP_SELF']); ?>" METHOD="POST"

... etc (form follows)
</form>
<?php
} // end if main if else statement for if the form has been submitted
?>

and with the new validation code inserted:

PHP Code:

<?php if (isset($_POST['submit'])) { // a new member joins using the form below 
// start form validation
  if ($_POST["Forename"]='') {
    echo "Please enter your Forename.";
  } else {
// generate and execute query ONLY IF VALIDATION IS ALL TRUE
$query = "INSERT INTO Members SET " .
... etc

$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
$memberID = mysql_insert_id();
// generate and execute query 2
$query2 = "INSERT INTO Lookup SET " .
... etc

$result2 = mysql_query($query2) or die ("Error in query 2: $query2. " . mysql_error());
  }
} else { 

// drop-down box query code

//} NO NEED TO HAVE FORM FIRST
?>

<FORM NAME="mainform" ACTION="<?php echo($_SERVER['PHP_SELF']); ?>" METHOD="POST"

... etc (form follows)
</form>
<?php
} // end if main if else statement for if the form has been submitted
?>

You can add as many form validations in their using ifelse and I will show you how when we get this section sorted

Does that make more sense?

Sarah

[mak-uk]

Hi Sarah

I can see what you are saying now about my mis-placement of the closing curly-brace and not sticking to the 'ideal layout' of the way the script should be.

However, I have made the necessary changes, but to no avail -> the script still runs fine, but no validation checking takes place. i.e. the 'Forename' field is still blank and still, no 'echo' error message is displayed.

I thought I might as well post you the whole script, but it's pretty large, so have mailed it to you.

You will probably notice what I am doing wrong pretty quickly.

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Sarah]

It looks like this section is still your problem:

PHP Code:

 if ($_POST["Forename"]='') {
      echo "Please enter your Forename.";
 } else { 


try putting double quotes in your if statement rather then single quotes, eg:

PHP Code:

 if ($_POST["Forename"]="") {
      echo "Please enter your Forename.";
 } else { 


or change the whole thing to the (empty($_POST['Forename']))

Sarah

[mak-uk]

Hi

Wayhey! It works.

It works with this method rather than the other for some reason:

PHP Code:

if (empty($_POST["Forename"])) { 


Anyway, now that it is working, I am playing around with some validation code. So far I have:

PHP Code:

// START FORM VALIDATION
 
 // Validate Forename
 if (empty($_POST["Forename"])) {
      echo "Please enter your Forename.";
 } 
 // Validate Surname
 if (empty($_POST["Surname"])) {
      echo "Please enter your Surname.";
 }
 // Validate E-mail
 if (empty($_POST["Email1"])) {
      echo "Please enter your E-Mail address.";
 }
 elseif (!ereg('^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$', ($_POST["Email1"]))) {
  echo "E-mail address not valid! Please try again. ";
 }
 elseif (empty($_POST["Email"])) {
  echo "Please enter your E-Mail address twice to confirm.";
 }
 elseif (!ereg('^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$', ($_POST["Email"]))) {
  echo "E-mail address not valid! Please try again. ";
 }
 elseif ($_POST["Email"] != $_POST["Email1"]) {
      echo "Your E-Mail addresses do not match, please try again.";
 }
 
 
 // Validate Username
 if (empty($_POST["Username"])) {
  echo "Please enter your Username.";
 }
 
 else {
  
  // generate and execute query ONLY IF VALIDATION IS ALL TRUE 


However, the E-mail part is not working too good!

Basically, I get the user to enter their e-mail address twice (Email1, followed by Email). I want to check:

1. Not empty - 'Email1'
2. Valid e-mail in 'EMail1'
3. Not empty - 'Email'
4. Valid e-mail in 'Email'
5. Output error message if Email != Email1

For some reason though, when I enter one character into EMail1, it says I "Please enter your E-Mail address".. so there is something wrong with my code-snippet there I presume?

Thanks.

Mak

[Sarah]

they all should be elseif statements, otherwise you are ending the statement too early

[mak-uk]

Hi

Okay, I have now tried:

PHP Code:

// Validate Forename
if (empty($_POST["Forename"])) {
echo "Please enter your Forename.";
} 
// Validate Surname
elseif (empty($_POST["Surname"])) {
echo "Please enter your Surname.";
}
// Validate E-mail
elseif (!ereg('^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$', ($_POST["EmailOne"]))) {
echo "E-mail address not valid! Please try again. ";
}
elseif (!ereg('^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$', ($_POST["Email"]))) {
echo "Re-entered address not valid! Please try again. ";
}
elseif ($_POST["Email"] != $_POST["EmailOne"]) {
echo "Your E-Mail addresses do not match, please try again.";
} 


However, it seems to be thinking I entered an incorrect e-mail address in the field 'EMailOne', when in-fact, it is valid. Hence, it does not continue.

Can you see something wrong with my if-else structure there or the regular expression itself? (Note that the RE used was from a long discussion post on SitePointForums in regards to validating E-mail addresses).

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Sarah]

well I woudl remove the emailone validation and see if it throws up at the email validation - if it does then I would point it towards the ereg! But as ereg isn't me speciality then I am not really..

Either that then complete the rest of the validation and do the email one later on when you have the rest of it working...

Have you tested the email thing before?

Sarah

[mak-uk]

Hi

Hmm, now it brings up the same error again for the other E-mail field. Hence, it must be a problem with the RE.

I shall get on with the rest and scour the forum for a good E-mail RE.

Btw, what is the best way of validating drop-down boxes, radio buttons (so an option is selected and not left blank) and text areas?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Sarah]

I will see what email validation I have used - but I try and keep it pretty simple...

For drop down boxes and text area use the same principal (empty) and make sure that on your drop down box if you have the "please select" entry the value is "" i.e. nothing.

Checkboxes | Radio buttons well if you have a yes/no or Male/Female box then they should have the same NAME and then you can just check that NAME!="" i.e. doesn't equal nothing?

Make sense
Sarah

[mak-uk]

Hi

Well, I've spent a few hours on it, but I have most of the server-side validation sorted for now. Thanks for your help everyone, especially Sarah. [img]images/smilies/nod.gif[/img]

Now, when I try and run the script, it gives me the following error:

Error in query: INSERT INTO Members SET mForename = , mSurname = , mEmail = , mGender = , mDOB = , mHasChildren = , mSmokes = , mDrinks = , mAboutYourself = , mAboutFamily = , mJoinDate = , mUsername = , mPassword = . You have an error in your SQL syntax near ' mSurname = , mEmail = , mGender = , mDOB = , mHasChildren = , mSmokes = , mDr' at line 1

There must be an error when I insert a record into the DB but I am not sure quite what seems wrong with the following code:

PHP Code:

$query = "INSERT INTO Members SET " .
"mForename = $_POST['Forename'], " . 
"mSurname = $_POST['Surname'], " . 
"mEmail = $_POST['EMail'], " . 
"mGender = $_POST['Gender'], " . 
"mDOB = $_POST['mDOB'], ". 
"mHasChildren = $_POST['Children'], " . 
"mSmokes = $_POST['smoking_select'], " . 
"mDrinks = $_POST['drinking_select'], " . 
"mAboutYourself = $_POST['aboutyourself'], " . 
"mAboutFamily = $_POST['aboutfamily'], " . 
"mJoinDate = $_POST['DATE'], " . 
//"mHeardFrom = $_POST['Heardfrom'], " . 
"mUsername = $_POST['Username'], " . 
"mPassword = $_POST['encrypted_password']"; 


Where 'encrypted_password' is:

PHP Code:

<TR VALIGN="middle"> 
<TD>Confirm Password:</TD>
<TD><INPUT TYPE="password" NAME="Password" SIZE="20" MAXLENGTH="20" VALUE=""></TD>
</TR>

<?php
// MD5 of password to encrpt. Then $encrypted_password goes into database
$encrypted_password = md5($_POST["Password"]);
?>

When I comment out the following part:

PHP Code:

"mPassword = $_POST['encrypted_password']"; 


It works fine, so I guess there must be an error with something I am doing with the password?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

p.s. on a side-note, with the line "mJoinDate = $_POST['DATE'], " I want to insert the current date that the member joins at. I don't think the way I have done it is right.. any suggestions?

[mak-uk]

Anyone?! [img]images/smilies/confused.gif[/img]

[Dr Livingston]

Within your script that actually inserts the $_POST data to the database use:

PHP Code:

... mJoinDate = now(), ... 
.
. 


Off hand, if your data isn't being inserted into the database table from $_POST[...] data I normally find it's the way you've put together the actual query string it's self... I use:

PHP Code:

.
.
"SELECT * FROM users WHERE id = '". $Id ."' AND accesslevel >= '". $Access ."'"
.
. 


I don't use $_POST directly now since I've written a class that takes care of grabbing all $_POST data as it's found 8)

[mak-uk]

Hi

I have the current date thing sorted now, thanks.

I still cannot see what is wrong with the query, however; and I don't have a class that takes care of grabbing all $_POST data so i'm screwed there. LOL. I'm still suspecting the password section has something to do with it!

Anyone have any ideas?

Thanks.

Mak

[Dr Livingston]

Ummm.....

Here is my FormValidation class and an example script that I have so you can see how to use the class.

Ignore the XML transformation which you can replace with your own HTML FORMs etc.

FormValidation

PHP Code:

class FormValidation {
 
  var $data;
  var $flag;
  var $errors;
  var $counter;
  var $is_errors;
  
  /**
  * has a FORM been sent yet ?
  */
  function CheckFormStatus() {
   return (isset($_POST["_SubmitForm_"]))? true:false;
  } 
  
  /**
  * get FORMs $_POST data
  */
  function GetFormPostData() {
   $this -> data = array_values($_POST);
  }
  
  /**
  * get an FORM fields user input
  */
  function GetFormUserInput($num) {
   return $this -> data[$num];
  }
  
  /**
  * clear class variables
  */
  function InitFormVars() {
   $this -> flag = 1;
   $this -> counter = 0;
   
   unset($this -> errors);
   unset($this -> is_errors);
   
   $this -> errors = array();
   $this -> is_errors = array();
  }
  
  /**
  * a FORM has been validated yet ?
  */
  function FormValidated() {
   return (in_array(0, $this -> is_errors))? 0:1;
  }
  
  function SetOneFormError($num) {
   $this -> is_errors[$num] = (int) 0;
  }
  
  function GetOneFormError($num) {
   return $this -> is_errors[$num];
  }
  
  /**
  * return what errors if any 
  */
  function GetFormErrorMessages() {
   $str = '';
   foreach($this -> errors as $index) {
    if(is_array($index) && !$index['value'])  {
     $str .= (string) $index['message']. '<br />';
    }
   }
   
   return $str;
  }
  
  function FormInputIsAlpha($msg) {
   $this -> is_errors[$this -> counter] = (ereg("^[a-zA-Z ]+$", $this -> data[$this -> counter]))? 1:0;
   $this -> FormDumpErrors($msg);
   $this -> counter++;
  }
  
  function FormInputIsWebAddress($tag, $msg) {
   return true;
  }
  
  function FormInputIsCurrency($msg) { 
   $this -> is_errors[$this -> counter] = (ereg("^[0-9]+(\.[0-9]{2})$", $this -> data[$this -> counter]))? 1:0;
   $this -> FormDumpErrors($msg);
   $this -> counter++;
  }
  
  function FormInputIsNumeric($msg) {
   $this -> is_errors[$this -> counter] = (ereg("^[0-9 ]+$", $this -> data[$this -> counter]))? 1:0;
   $this -> FormDumpErrors($msg);
   $this -> counter++;
  }
  
  function FormInputIsEmail($msg) {
   $this -> is_errors[$this -> counter] = (ereg("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $this -> data[$this -> counter]))? 1:0;
   $this -> FormDumpErrors($msg);
   $this -> counter++;
  }
  
  function FormInputIsAlphaNumeric($msg) { 
   $this -> is_errors[$this -> counter] = (ereg("^[a-zA-Z0-9 ]+$", $this -> data[$this -> counter]))? 1:0;
   $this -> FormDumpErrors($msg);
   $this -> counter++;
  }
  
  function FormInputIsString($msg) {
   $this -> is_errors[$this -> counter] = (ereg("^[a-zA-Z0-9: \.\,\?\!\n\r]+$", $this -> data[$this -> counter]))? 1:0;
   $this -> FormDumpErrors($msg);
   $this -> counter++;
  }
  
  function FormInputDefaultDropdown($msg) { 
   $this -> is_errors[$this -> counter] = (!$this -> data[$this -> counter] == (int) 0)? 1:0;
   $this -> FormDumpErrors($msg);
   $this -> counter++; 
  }
  
  function FormDumpErrors($msg) { 
   if(!$this -> is_errors[$this -> counter]) {
    # there has been an error for this FORM field
    $this -> errors[$this -> counter] = array('message' => $msg);
   }
   else { 
    # no errors, so retain users FORM field input value
    $this -> errors[$this -> counter] = array('value' => $this -> data[$this -> counter]);
   }
  }
 } 


First of all, the FORM used by this peice of script has following (in order) INPUTs:

Forename
Surname
Username
Password
Repeat Password

When you use the above class remember that you need to check the INPUTs as in the order you have them within the FORM. You cannot for example, look at Password before you look at Forename etc - simplifys the scripting you see...

PHP Code:

function DoAddUser($ob, $db) {
  # create a new instance of FormValidation class
  $form = new FormValidation;
  
  if(!$form -> CheckFormStatus()) {
   # request user to add a new user since FORM wasn't sent
#
# note point one:
# place your FORM here - initial (first) display only
# start here
   $ob -> SetXmlFile('add-user.xml');
   $ob -> AppendText2XmlFile('<navigate />', MakeMenu($ob));
   $ob -> MakeXmlString(); 
# end here
  }
  else {
   $form -> GetFormPostData();
   $form -> InitFormVars();
   
   # check FORM user inputs for valid characters
# you can also add error message within the quotes of this method execution if an error actually exists
   $form -> FormInputIsAlpha('');    /** forename **/
   $form -> FormInputIsAlpha('');    /** surname **/
   $form -> FormInputIsAlphaNumeric('');  /** username **/
   $form -> FormInputIsAlphaNumeric('');  /** password **/
   $form -> FormInputIsAlphaNumeric('');  /** password repeat **/
   
   # need to confirm that both first and repeat passwords are a match
   if($form -> GetFormUserInput(3) != $form -> GetFormUserInput(4)) {
    # no match found so set errors for an invalid user input
    $form -> SetOneFormError(3);
    $form -> SetOneFormError(4);
   }
   
   if(!$form -> FormValidated()) {
    # invalid user inputs
#
# point two:
# this is where you re-display your FORM though with valid (only) INPUTs which you grab from the class
# using ...$form -> GetFormUserInput(...element);
    $ob -> SetXmlFile('add-user-error.xml');
    $ob -> AppendText2XmlFile('<navigate />', MakeMenu($ob));
   
    # begin to put valid inputs back to FORM again
    if($form -> GetOneFormError(0) == (int) 1) { 
     # found no invalid inputs for forename
     $ob -> AppendText2XmlString('<data />', $form -> GetFormUserInput(0));
    }
    if($form -> GetOneFormError(1) == (int) 1) { 
     $ob -> AppendText2XmlString('<data-1 />', $form -> GetFormUserInput(1));
    }
    if($form -> GetOneFormError(2) == (int) 1) { 
     $ob -> AppendText2XmlString('<data-2 />', $form -> GetFormUserInput(2));
    }
    if($form -> GetOneFormError(3) == (int) 1 && $form -> GetOneFormError(4) == (int) 1) { 
     # only restore if both password and password repeat match
     $ob -> AppendText2XmlString('<data-3 />', $form -> GetFormUserInput(3));
     $ob -> AppendText2XmlString('<data-4 />', $form -> GetFormUserInput(4));
    }
    
    # need to dynamically create SELECT box values used for access level of new user
    $ob -> SetXmlBuffer();
    # read in currently logged user's access level
    $Access = (int) $_SESSION['OffManager']['UserAccess'];
    # find true limit of access if user has 'global' status from config file
    $Access = ($Access == (int) 0)? MAX_ACCESS_LIMIT:$Access;
    $XmlFragment = '';
    
    for($a = 1;$a < $Access;$a++) {
     $ob -> AddXmlTag2Buffer('form-option', $a, array('value' => $a));
     $XmlFragment .= $ob -> GetXmlBuffer(1);
    }
    $ob -> AppendText2XmlString('<data-5 />', $XmlFragment);
    $ob -> MakeXmlString();
# end of re-display of FORM here
   }
   else {
    # all inputs have valid characters
    if($db -> QueryDbase("INSERT INTO userbase (date, username, password, accesslevel, forename, surname) VALUES (now(), '". $form -> GetFormUserInput(2) ."', PASSWORD('". $form -> GetFormUserInput(3) ."'), '". $form -> GetFormUserInput(5) ."', '". $form -> GetFormUserInput(0) ."', '". $form -> GetFormUserInput(1) ."')")) {
     # database insertion was okay else report/log error for duplicate entry
     $ob -> SetXmlFile('add-user-ok.xml');
     $ob -> AppendText2XmlFile('<navigate />', MakeMenu($ob));
     $ob -> MakeXmlString();
    }
   }
  }
 } 


PHP Code:

function RedirectJS($url) {
  ?>
  <script language="javascript1.2" type="text/javascript">
   window.location = "<? echo($url); ?>";
  </script>
  <?php
 }

Since you are not using XML etc you will need to make changes to the above script; or re-write your own based on mine.

On the section of script I have:

PHP Code:

# begin to put valid inputs back to FORM again
    if($form -> GetOneFormError(0) == (int) 1) { 
     # found no invalid inputs for forename
     $ob -> AppendText2XmlString('<data />', $form -> GetFormUserInput(0)); 


You could use for example:

PHP Code:

# begin to put valid inputs back to FORM again
$forename = ''; /** reset initially as could be an error **/
    if($form -> GetOneFormError(0) == (int) 1) { 
     # found no invalid inputs for forename
     $forename = (string) $form -> GetFormUserInput(0)); 


And then further down - still within the condition - put $forename within the VALUE part of the INPUT - if you follow ?

This way it'll tidy up your database insertion also - plus you get a top validation class to boot as well 8)

Any problem what so ever then get back to this post - only too glad to help ok ?

[mak-uk]

Hi Doc,

Thanks for posting the script but you have really baffled me.[img]images/smilies/confused.gif[/img] As I am new to this PHP/MySQL stuff, it seems a bit daunting to go through all that to strip my code of the 'POST' stuff, for now anyway.

(Not that I don't appreciate you posting it!!! [img]images/smilies/thumbs_up.gif[/img] )

However, is there any quicker way just to modify my code to try and get it working?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Sarah]

Mak,

Try this as your insert query, I cannot remember if your values are all numbers or whether you need to have quotes around them all?

For thsi example I have used all quotes - I have left out the mHeardFrom part as I don't think you should have a comment in the middle of an insert statement, also I feel that it better written when the $_POST section are contained within ". ." sections as PHP (I think) like it better that way.

PHP Code:

$query = "INSERT INTO Members SET 
mForename = '".$_POST['Forename']."', 
mSurname = '".$_POST['Surname']."', 
mEmail = '".$_POST['EMail']."', 
mGender = '".$_POST['Gender']."', 
mDOB = '".$_POST['mDOB']."', 
mHasChildren = '".$_POST['Children']."', 
mSmokes = '".$_POST['smoking_select']."', 
mDrinks = '".$_POST['drinking_select']."', 
mAboutYourself = '".$_POST['aboutyourself']."', 
mAboutFamily = '".$_POST['aboutfamily']."', 
mJoinDate = '".$_POST['DATE']."',  
mUsername = '".$_POST['Username']."', 
mPassword = '".$_POST['encrypted_password']."'"; 


then see if you still get the same error (which is a strange error as none of the values have any well values in it?)

if not again remove the password part and see if you still get that error?

If you do check the dB schema for the password column to make sure you have enough characters etc etc

And also chaneg your password to look like this if it works add in the md5 section part by part to fidn out why its not working (I think this was mentioned above)

PHP Code:

<?php
// MD5 of password to encrpt. Then $encrypted_password goes into database
$encrypted_password = $_POST["Password"];
?>

[Dr Livingston]

Sarah - This is the way I put data to the database as you've suggested you shouldn't have any trouble with this at all - I'd start to get worried (very LoL) if your data doesn't go into the database after this change 8)

For example:

PHP Code:

.
.
$db -> QueryDbase("DELETE FROM easyshoponline WHERE easyshopid ='". $Id ."'");
.
.
...
 
$db -> QueryDbase("UPDATE easyshoponline SET easyshopname = '". $form -> GetFormUserInput(0) ."', easyshopstore = '". $form -> GetFormUserInput(1) ."', easyshopweb = '". $form -> GetFormUserInput(2) ."', easyshopcontact = '". $form -> GetFormUserInput(3) ."' WHERE easyshopid ='". $Id ."'");
.
.
... 


All my $_POST data goes to the database with no problems... this is the method you should use by default anyway.

There is more typing of course but a lot less hassle in the long run 8)

As for my class I thought I'd explained it well enough ? But I should keep a note of the class and it's examples for later when you are ready to use it/when you've learnt enough to use it.

It'll save you some work...

[mak-uk]

Doc

Yes, you explained the script pretty well, however, I have not really gotten to OOD with PHP yet or using external classes; and seeing as I am currently on this more 'procedural' kind-of path, it's just a bit easier to carry on. I will keep a note of it for sure, however.

-------

Sarah

Okay, I have used all quotes as you have said and removed the commented out parts. Now the script runs fine.. which is a good sign. Some queries, however:

1. For some reason it enters mDOB into the DB as 0000-00-00 and I am not sure why?

2. Without modifying mPassword, i.e. leaving it as:

PHP Code:

<?php
// MD5 of password to encrpt. Then $encrypted_password goes into database
$encrypted_password = md5($_POST["Password"]);
?>

Upon examining the database, the Password entry is blank, is that ok? Or should there be some 'mumbo-jumbo' there. Hence, meaning it is encrypted?

3. Can I do the following:

PHP Code:

mJoinDate = '".$_POST['now()']."', 


as I want the current date to be posted (of joining)

4. The next time I run the script and enter a different Username, it tells me that it already exists?! This is the code:

PHP Code:

$sql_user= mysql_query("SELECT mUsername from Members") or die(mysql_error());
...
elseif (mysql_num_rows($sql_user)) {
  echo "That username already exists, please try another one.";
 } 


5. $query2 'runs-through' ok but just enters '0' values into the lookup table. Do I need to modify the query as I did with $query1 and use $_POST?

Thanks for your help.

Mak [img]images/smilies/smile.gif[/img]

[Sarah]

Ok Mak,

Only a few questions...

Anyway I would suggest trying to get these questions answered and to work one at a time instead of trying to fix all and everything at once - as that way you will never learn WHY it didn't work...

1. before you do the insert query write this line:

PHP Code:

echo $_POST['mDOB']; 


that way you will know what your form is picking up, also check what column type you have for this field date or datetime? that will also make a difference. Try this query with ONLY the data function and keep checking the dB until the correct date goes in, that way you will know what code to use.

2) yes there should be mumbo-jumbo there - what field type do you have for that column? and as 1) above echo out the $encrypted_password BEFORE the sql query so you can see it on eth screen, then re-write the insert query using ONLY the password field until you get it to work.

3) you don't need the $_POST part of now() as POST is only used when the data is passed by a form, the now() function is direct from PHP and therefore doesn't use the form at all, so yes try this

PHP Code:

mJoinDate=now() 


no need for quotes etc just write it plain lik ethat (again do as written in 1) and 2) and cut it down to get each segment working and then you can put it all together at the end.

4) should that not read $_POST['mUsername'] in the select query? Otherwise mUsername doesn't actually exist and so you are searching the dB for "blank" i.e. nothing which is why it keep failing... again echoing out ALL your queries directly before will show what you are actually putting into them - this one would probably say this

select "" from members

which will probably always find something

5) YES You shoudl always use POST when getting values from a form - although in this case if they are ALL numericals then you don't need to surround the values with single quotes do this instead

PHP Code:

insert into lookup set sid=".$_POST['sid'].", 


Again split this down into single bits will make it a lot easier to understand.

Good Luck it certainly looks like you are getting somewhere

Sarah

[Dr Livingston]

If your mDOB isn't in the database then you've put it there in the wrong format - check the mySQL manual of which formats are available, but as a general rule, based on TIMESTAMP:

20020422005959

for year,month,day,hour,minutes and seconds - what is your column type ?

Check the manual though - if it's not the format that's wrong then your data isn't being passed through to the insertion via $_POST.

For your passwords, you do not need to use PHP to encrypt them - use mySQL instead - it's a lot easier 8)

PHP Code:

INSERT INTO myTable (password) VALUES (PASSWORD('". $myPassword ."') ... 


And to read it back out,

PHP Code:

SELECT * FROM myTable WHERE password = PASSWORD('". $myPassword ."' ... 


As to using NOW() this is a mySQL only function and nothing to do with PHP at all... use this only in the database query you have for example for a TIMESTAMP or DATE column.

I do understand your starting out...

[mak-uk]

Hi

I have tried to do the echo so I can see why no mDOB is being entered, however, each time I am being bugged by the same problem as number 4 above (i.e. it thinks I have entered the same mUsername).

Sarah, when you said shouldn't the query be $_POST['mUsername'], did you mean modifying the following:

PHP Code:

$sql_user= mysql_query("SELECT mUsername from Members") or die(mysql_error()); 


If so, I am not sure how exactly you mean?

I think once I sort that out then I can proceed through the script to try and get the rest working.

Btw, the type for mDOB is DATE. I realised I was inserting the date as: mDOB = $day . $month . $year;

Whereas, the format of DATE is yyyy mm dd, right? So I shall try: $mDOB = $year . $month . $day;

Thanks.

Mak

[Sarah]

PHP Code:

$sql_user= mysql_query("SELECT ".$_POST['mUsername']." from Members") or die(mysql_error()); 


modify it like the above, but remember that you need this value as a variable i.e. where is your $mUsername ???!?!

And yeah oops now() is mysql not PHP and should go in the insert query... sorry

and Mak you can always comment out this part to get the other sections working?

[mak-uk]

Hi

Ok, I am getting a bit confused now, sorry!!

mUsername is the field in the DB that I want to compare $Username with so I can see if the user is entering an already-taken username.

My thinking was that I would construct a query, as you have suggested above, and then do a simple PHP check to see if the username already exists, thus:

PHP Code:

elseif (mysql_num_rows($sql_user)) {
  echo "That username already exists, please try another one."; 


However, when modifying the query as you suggested, I now have the following error:

You have an error in your SQL syntax near 'from Members' at line 1.

Thanks.

Mak

p.s. you both mentioned that now() is a MySQL function and not PHP. However, when using PHPMyAdmin, it does not present me with this type for the mJoinDate field?

Doc did mention:

"As to using NOW() this is a mySQL only function and nothing to do with PHP at all... use this only in the database query you have for example for a TIMESTAMP or DATE column."

So am I not okay in saying: mJoinDate = '".'now()'."', within $query?