What is the ‘right error’?
Let’s fix one obvious error:
if(strlen($_POST['password']) > 20 && strlen($_POST['password']) < 5) {
How can a string be both longer than 20 characters AND shorter than 5 characters?
What is the ‘right error’?
Let’s fix one obvious error:
if(strlen($_POST['password']) > 20 && strlen($_POST['password']) < 5) {
How can a string be both longer than 20 characters AND shorter than 5 characters?
Oops, I was messing around earlier and made that mistake. Yeah, I know it can’t be both. It needs to be OR, one or the other.
What I mean is if I don’t enter anything in this form, I need this line:
if(empty($_POST['first_name']) && empty($_POST['last_name']) && empty($_POST['username']) && empty($_POST['password']) && empty($_POST['confirm_pwd'])) {
$msg = "Please complete the form to add a new user";
}
to work. If I fill out the form, but not the first name, I need this to work:
if(empty($_POST['first_name'])) {
$msg = "First Name is required";
}
and so on. Right now, it skips all of them, and goes straight to:
if(strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
$msg = "Password must be between 5 and 20 characters";
}
I need to figure out how to make the right error work with the right code.
Ah, but it doesn’t skip them.
It goes through them.
Your code says:
$msg = "";
Set the variable $msg to the empty string.
if(empty($_POST['first_name']) && empty($_POST['last_name']) && empty($_POST['username']) && empty($_POST['password']) && empty($_POST['confirm_pwd'])) {
$msg = "Please complete the form to add a new user";
}
If all of those things are empty, which they are, set $msg to “Please complete the form”
Then it continues
if(empty($_POST['first_name'])) {
$msg = "First Name is required";
}
First_name is still empty, so your code does exactly what you told it to do: set $msg to “First name is required”…
Can you see the problem that’s forming?
So, the code is not stopping…
Okay, so how do I make it stop? I know about using
exit(), but this turns everything into a blank white page…
Well, there’s a couple of ways of going about this.
If you want it to just stop at the first error it comes across, instead of doing
if X {
A
}
if Y {
B
}
, string them all together as one great big if:
if X {
A
} elseif Y {
B
}
...
else {
There were no errors, do Z.
}
Alternatively, you can gather up the individual errors into an array, and let the user know they missed multiple things, outputting something like:
First Name is required
A username is required
So, something like this?
if(empty($_POST['first_name']) && empty($_POST['last_name']) && empty($_POST['username']) && empty($_POST['password']) && empty($_POST['confirm_pwd'])) {
$msg = "Please complete the form to add a new user";
} elseif(empty($_POST['first_name'])) {
$msg = "First Name is required";
} elseif(empty($_POST['last_name'])) {
$msg = "Last Name is required";
} elseif(empty($_POST['username'])) {
$msg = "A username is required";
} elseif(empty($_POST['password'])) {
$msg = "A password is required";
} elseif(!preg_match("/[A-Za-z0-9]+/", $_POST['username'])) {
$msg = "The username provided is invalid";
} elseif(strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
$msg = "Password must be between 5 and 20 characters";
} elseif($_POST['password'] != $_POST['confirm_pwd']) {
$msg = "The two passwords do not match";
}elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$msg = "The email address provided is invalid";
} else {
/*
$sql = "INSERT INTO users (first_name, last_name, email, username, password) VALUES (?, ?, ?, ?, ?)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(1, $_POST['first_name']);
$stmt->bindParam(2, $_POST['last_name']);
$stmt->bindParam(3, $_POST['email']);
$stmt->bindParam(4, $_POST['username']);
$stmt->bindParam(5, $password);
$result = $stmt->execute();
header('Location: users.php');
exit(); */
}
To steal a line from Rudy…
“What happens when you try it?” ™
It works, but I just thought of something that I don’t have.
I need to add a constraint to prevent a user signing up with a duplicate username.
How do I do this?
Depends on how you have constructed your table.
Is username a key on your table?
it doesnt appear to be a key on the table. There’s no Unique constraint visible, the primary key is “id”.
If you’ve made it a Unique field in the table, then when you try to insert it, it will fail if you insert a duplicate username, so you would check to see if your query succeeded or not.
So:
if(!$stmt) {
$msg = "Another account with this username already exists."
}
$result is the result of your query, not $stmt.
Notice: Undefined variable: result in C:\xampp\htdocs\cabgop\user_new.php on line 49
if($_SERVER["REQUEST_METHOD"] == "POST") {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
if(empty($_POST['first_name']) && empty($_POST['last_name']) && empty($_POST['username']) && empty($_POST['password']) && empty($_POST['confirm_pwd'])) {
$msg = "Please complete the form to add a new user";
} elseif(empty($_POST['first_name'])) {
$msg = "First Name is required";
} elseif(empty($_POST['last_name'])) {
$msg = "Last Name is required";
} elseif(empty($_POST['username'])) {
$msg = "A username is required";
} elseif(empty($_POST['password'])) {
$msg = "A password is required";
} elseif(!preg_match("/[A-Za-z0-9]+/", $_POST['username'])) {
$msg = "The username provided is invalid";
} elseif(strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
$msg = "Password must be between 5 and 20 characters";
} elseif($_POST['password'] != $_POST['confirm_pwd']) {
$msg = "The two passwords do not match";
}elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$msg = "The email address provided is invalid";
} else {
$sql = "INSERT INTO users (first_name, last_name, email, username, password) VALUES (?, ?, ?, ?, ?)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(1, $_POST['first_name']);
$stmt->bindParam(2, $_POST['last_name']);
$stmt->bindParam(3, $_POST['email']);
$stmt->bindParam(4, $_POST['username']);
$stmt->bindParam(5, $password);
$result = $stmt->execute();
header('Location: users.php');
exit();
}
if(!$result) {
$msg = "Another account with this username already exists.";
}
Think about where you should be putting that if. It’s in the wrong place.
I moved it inside the query, and I get this:
Fatal error: Uncaught PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'jmyrtle' for key 'username' in C:\xampp\htdocs\cabgop\user_new.php:43 Stack trace: #0 C:\xampp\htdocs\cabgop\user_new.php(43): PDOStatement->execute() #1 {main} thrown in C:\xampp\htdocs\cabgop\user_new.php on line 43
if($_SERVER["REQUEST_METHOD"] == "POST") {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
if(empty($_POST['first_name']) && empty($_POST['last_name']) && empty($_POST['username']) && empty($_POST['password']) && empty($_POST['confirm_pwd'])) {
$msg = "Please complete the form to add a new user";
} elseif(empty($_POST['first_name'])) {
$msg = "First Name is required";
} elseif(empty($_POST['last_name'])) {
$msg = "Last Name is required";
} elseif(empty($_POST['username'])) {
$msg = "A username is required";
} elseif(empty($_POST['password'])) {
$msg = "A password is required";
} elseif(!preg_match("/[A-Za-z0-9]+/", $_POST['username'])) {
$msg = "The username provided is invalid";
} elseif(strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
$msg = "Password must be between 5 and 20 characters";
} elseif($_POST['password'] != $_POST['confirm_pwd']) {
$msg = "The two passwords do not match";
/*}elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$msg = "The email address provided is invalid";*/
} else {
$sql = "INSERT INTO users (first_name, last_name, email, username, password) VALUES (?, ?, ?, ?, ?)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(1, $_POST['first_name']);
$stmt->bindParam(2, $_POST['last_name']);
$stmt->bindParam(3, $_POST['email']);
$stmt->bindParam(4, $_POST['username']);
$stmt->bindParam(5, $password);
$result = $stmt->execute();
header('Location: users.php');
exit();
if(!$result) {
$msg = "Another account with this username already exists.";
}
}
}
Oh sorry, you’ve got PDO in Exception throwing mode. try your execute, and if you catch a result then there was a duplication of a username.
Sorry, I don’t quite understand what that means…