Checking email address is correct with a second entry

Hi

I am developing a site using php/mysql.

I have a form which is submitted and included in it is an email address. I can verify that the general format is that of an email but wanted to have a second entry field for re-entry of the email to check that the email they enter is not misspelt.

I’m sure this must be a standard routine but I can’t find it. Can anyone help?

if( trim($email_1) !== trim($email_2) ){
$error = "Email addresses did not match";
}

Its as simple as that on the backend, but generally you will spot this being done on the client first - just look at the source code to see which method they use.

This backend code should only be necessary to trap a) those with JS turned off, and b) someone probing your application - so decide which it is and respond accordingly - but you should still do the check on the backend.

Thank you but I’m not very sure where it goes in the code. I have got a test page which is just the email and email2 entry fields going into a table ‘test’.

I have put the code below - where in this would I add the code you have provided?

Sorry to be dim!

====================================


<?php require_once('Connections/process.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO test (email) VALUES (%s)",
                       GetSQLValueString($_POST['email'], "text"));

  mysql_select_db($database_process, $process);
  $Result1 = mysql_query($insertSQL, $process) or die(mysql_error());
}
?>
<head>
<title>Test</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="css/blue.css" type="text/css" media="screen,projection" />
<script src="sifr/sifr.js" type="text/javascript"></script>
<script src="sifr/sifr-addons.js" type="text/javascript"></script>
</head>
<body>
		<div id="header" align="left">
        <a href="index.php"><img src="img/linearlogo.gif" width="500" height="100" border="0" alt="Test" /></a>
		<?php include "_menu.php";?>
		
		<div id="container">
		
		<div id="content">
				<h2>Email entry test</h2>
				<form name="form1" id="form1" method="POST" action="<?php echo $editFormAction; ?>">
				  <table width="100%" border="0">
				    <tr>
				      <td width="24%">Email</td>
				      <td width="76%"><label>
				        <input type="text" name="email" id="email" />
			          </label></td>
			        </tr>
				    <tr>
				      <td>Reenter email</td>
				      <td><label>
				        <input type="text" name="email2" id="email2" />
			          </label></td>
			        </tr>
				    <tr>
				      <td>&nbsp;</td>
				      <td><label>
				        <input type="submit" name="submit" id="submit" value="Submit" />
			          </label></td>
			        </tr>
			      </table>
				  <input type="hidden" name="MM_insert" value="form1" />
          </form>
				<p>&nbsp;</p>
		  <h2></a></h2>
				
                
  		</div>
		</div>
		
		<?php include "_footer.php";?>

<script type="text/javascript">
//<![CDATA[
/* Replacement calls. Please see documentation for more information. */

if(typeof sIFR == "function"){


// This is the older, ordered syntax

	sIFR.replaceElement("h1", "sifr/cronos_pro.swf", "#000000", null, null, null, 0, 0, 0, 0);
	sIFR.replaceElement("h2", "sifr/cronos_pro.swf", "#000000", null, null, null, 0, 0, 0, 0);
	sIFR.replaceElement("#content h3", "sifr/cronos_pro.swf", "#6BCB25", null, null, null, 0, 0, 0, 0);
	sIFR.replaceElement("#sidebar h3", "sifr/cronos_pro.swf", "#000000", null, null, null, 0, 0, 0, 0);


};

//]]>
</script>
</body>
</html>

You would do this check straight after you have checked whether the form has been submitted and prior to inserting email into the database.

I do not see how you are handling such errors though. Below is one way.


<?php
if( trim($email_1) !== trim($email_2) ){
$error = "Email addresses did not match";
}else{
// do your insert into database
}
?>
// falls all the way back through to display your html form
// and then ... display an error message if one exists

<?php
if($error){
echo "<div id='errorDiv'>$error</div>" . PHP_EOL ;
}
?>

I leave it to you and whatever creates these MM_? functions to generate a nicer client side check that would be helpful for the 99% of cases someone genuinely gets their email wrong 2nd time around.