Solved

form validation not working

Posted on 2011-03-14
7
599 Views
Last Modified: 2013-12-13
my simple register form has stop working
 the validation is not working? not sure why. i just get log in fail echo am about to cry
even when i enter nothing in to the form and click submit it gets all the way through my if statements to the log in fail part.
but this shouldn't be able to get this far because my validation should stop it and it should echo "Sorry but you must complete the full registration form" so am unsure why it is doing this

<?php
session_start();
if(isset($_POST['submit2'])) {
register();
}
function register()
{
 session_start();
 global $message;
       include("conf.php");
    $connection = mysql_connect($databaseURL,$databaseUName,$databasePWord);
        // or die ("Error while connecting to localhost");
    $db = mysql_select_db($databaseName,$connection);
        //or die ("Error while connecting to database");

//get values of input fields
$UserName = addslashes($_POST['UserName']); //The Value of the input field for User Name
$UserEmail = addslashes($_POST['UserEmail']); //Email
$Password = addslashes($_POST['Password']); //password
$Age = addslashes($_POST['Age']); //Telephone number
$Location = addslashes($_POST['Location']); //Users First Name
$Gender = addslashes($_POST['Gender']); //Users Middle Names
$Language = addslashes($_POST['Language']); //Users Surname

//If name and email are NOT empty, insert into mysql

if (strlen($UserName)>1 and strlen($Password)>1 and strlen($UserEmail)>1 and strlen($Age)>1 and strlen($Location)>1 and strlen($Gender)>1 and strlen($Language)>1 and strstr($UserEmail,"@") and strstr($UserEmail,".") )
      {
      
      $get = mysql_query ("SELECT count(MemberID) FROM members WHERE UserName = '$UserName'");
            $result = mysql_result($get,0);
      }
else
      { $message = "Sorry but you must complete the full registration form";
      }            
      
      
      if ($result!=0)
            {       $message = "Your Player name is already taken!"; session_destroy();
            }
            else
                  {
                        $_SESSION['UserName']=$UserName;
                  $qMembers = mysql_query("INSERT INTO members (UserName, Password, UserEmail, age, Location, Gender, Language) VALUES ('$UserName', '$Password', '$UserEmail', '$Age', '$Location', '$Gender', '$Language')");
                  
                  
                  
                  $queryMemberID = mysql_query ("SELECT MemberID FROM members WHERE UserName = '".$_SESSION['UserName']."'");
                  $getRow = mysql_fetch_array($queryMemberID);

                  $MemberID = $getRow['MemberID'];
                  
                  
                  
                  
                  
                  
                  $qImage = mysql_query("INSERT INTO images (memberId, imgLarge, imgSmall) VALUES ('$MemberID' , '0', '0')");
                  

                  
                  
                  
                  
                        
                  
                  mysql_close($connection);
                  
                  }
                        
                        if (!empty($_SESSION['UserName']))
                        {
                        header( 'Location: http://outranet.scm.tees.ac.uk/users/g7090679/scapp/profile.php' ) ;
                        }
                              else
                              { $message = "Log in fail";
                              }      
                        
}
?>

<div>
<? echo $message ?>
</div>

<div><p> <!-- register form here-->
  <form action="<?=$_SERVER['PHP_SELF'];?>" method="POST">
  <table border="0" cellpadding="1" cellspacing="3" class="table1">
  <td width="296" height="140"><table width="300" border="0" cellpadding="1" cellspacing="3" class="table1">
    <tr></tr>
    <tr>
      <td></td>
      <td></td>
    </tr>
       <tr>
      <td>player Name:</td>
      <td><input name="UserName" type="text" id="UserName" size="20" maxlength="40" /></td>
    </tr>
    <tr>
              <td>Password:</td>
          <td><input name="Password" type="text" id="Password" size="20" maxlength="40" /></td>
        </tr>
        <tr>
          <td>Email:</td>
          <td>
            <input name="UserEmail" type="text" id="UserEmail" size="40" maxlength="45" />
        (Email MUST contain the '@' and '.')
                  

          </td>
        </tr>
          <tr>
                <td>Age:</td>
                <td>
                    <input name="Age" type="text" id="Age" size="25" maxlength="25" />
                        
                </td>
        </tr>
              <tr>
                <td>Location:</td>
                <td>
                    <input name="Location" type="text" id="Location" size="35" maxlength="35" />
                        
                </td>
        </tr>
            <tr>
                <td>Gender:</td>
                <td>
                    <input name="Gender" type="text" id="Gender" size="25" maxlength="25" />
                        
                </td>
        </tr>
 
 
    <tr>
          <td>Language:</td>
          <td>
        <input name="Language" type="text" id="Language" size="15" maxlength="25" />
                  
          </td>
        </tr>
        <tr>
          <td></td>
          <td><input type="submit" name="submit2" value="Submit" /></td>
        </tr>
  </table>
  </td>
  </tr>
  </table>
</form></div>







CREATE TABLE IF NOT EXISTS `members` (
  `MemberID` int(11) NOT NULL auto_increment,
  `UserName` varchar(50) NOT NULL,
  `Password` varchar(55) NOT NULL,
  `UserEmail` varchar(55) NOT NULL,
  `Age` int(11) NOT NULL,
  `Location` varchar(55) NOT NULL,
  `Gender` varchar(55) NOT NULL,
  `Language` varchar(55) NOT NULL,
  PRIMARY KEY  (`MemberID`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=12 ;

--
-- Dumping data for table `members`
--

INSERT INTO `members` (`MemberID`, `UserName`, `Password`, `UserEmail`, `Age`, `Location`, `Gender`, `Language`) VALUES
(1, 'test', 'admin', 'admin@admin.com', 100, 'uk', 'male', 'french');
0
Comment
Question by:helpchrisplz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 4

Assisted Solution

by:Finec
Finec earned 200 total points
ID: 35132982
Hi,

strstr()  returns with a string, when you're checking the email-address. In this case, you have to use strpos(), because it will return boolean FALSE, if there's no match.

Or you can use regular expressions:
preg_match('#^[_a-z0-9-]+@[_a-z0-9-]+\.[a-z]{2,4}$#ism', $UserEmail)

Open in new window


I hope this'll solve the problem.
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133037
i have changed the strstr parts of my if

if (strlen($UserName)>1 and strlen($Password)>1 and strpos($UserEmail)>1 and strlen($Age)>1 and strlen($Location)>1 and strlen($Gender)>1 and strlen($Language)>1 and strpos($UserEmail,"@") and strpos($UserEmail,".") )

but it just goes to log in fail
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133107
i just try this:

if (strlen($UserName)>1 and strlen($Password)>1 and preg_match('#^[_a-z0-9-]+@[_a-z0-9-]+\.[a-z]{2,4}$#ism', $UserEmail) and strlen($Age)>1 and strlen($Location)>1 and strlen($Gender)>1 and strlen($Language)>1)

but still doesn't fix it.

the problem is that it should not get past this validation. but it is and it is entering the user into the database table. so am not sure why it can get through this validation hmm i thing my next if in the line is in the wrong place it should be inside the first if. but then its should set the session but its not  
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 300 total points
ID: 35133169
I have had a look at the code and I think you're a bit confused as to what you are doing. First, there are some syntactic changes that need to be made.

Do not use AND as a PHP logical connective - use && instead base AND does not work the way you think it does, so do this...

     if ( strlen($UserName) > 1 &&
          strlen($Password) >  &&
          strlen($UserEmail) > 1 &&
          strlen($Age) > 1 &&
          strlen($Location) > 1 &&
          strlen($Gender) > 1 &&
          strlen($Language) > 1 &&
          strstr($UserEmail,"@") &&
          strstr($UserEmail,".") ) {

Open in new window



Next you set variables when they go wrong - like $message - but you never set them an initial value or when they go right, so the variable only exists if it fails. This is not good practice.

Use mysql_real_escape_string rather then addslashes. Addslashes is being removed in the next version of PHP

Always use <?php and ?> to delimit PHP code. These are the only tags guaranteed to work on all PHP servers. The older style <? tags get confused with XML these days.

I'll going to change the code now and make it work as a fairly standard login/account validation routine. Back in a bit.....
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133342
o god it feels like am getting the cleaners in :)

ok good stuff yes all i had to do was grab my second if and embed it to the first one. thx for the tips guys and gals.
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133351
you do get a bit messed in the head doing php all day
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35133357
Anyway, a bit late and I'm not sure I understand your intended logic flow, but here is my guess.....

<?php

session_start();
if(isset($_POST['submit2'])) {
     $message = register();
}

function register()
{

     //get values of input fields
     $UserName = mysql_real_escape_string($_POST['UserName']); //The Value of the input field for User Name
     $UserEmail = mysql_real_escape_string($_POST['UserEmail']); //Email
     $Password = mysql_real_escape_string($_POST['Password']); //password
     $Age = mysql_real_escape_string($_POST['Age']); //Telephone number
     $Location = mysql_real_escape_string($_POST['Location']); //Users First Name
     $Gender = mysql_real_escape_string($_POST['Gender']); //Users Middle Names
     $Language = mysql_real_escape_string($_POST['Language']); //Users Surname

     //If name and email are NOT empty, insert into mysql
     $result = false;
     $message = "";

     if ( strlen($UserName) > 1 &&
          strlen($Password) > 1 &&
          strlen($UserEmail) > 1 &&
          strlen($Age) > 1 &&
          strlen($Location) > 1 &&
          strlen($Gender) > 1 &&
          strlen($Language) > 1 &&
          preg_match( '#^[-\.0-9a-zA-Z]+@[-\.0-9a-zA-Z]+$#', trim($UserEmail) ) > 0 ) {


          // Check if the username is already taken
          //          
          $rs = mysql_query ("SELECT * FROM members WHERE UserName = '$UserName' ");

          if ( $rs )
               if ( mysql_num_rows($rs) != 0 )
                    $message = "Sorry - username already taken";
     }
     else
          $message = "Sorry but you must complete the full registration form";
     

     if ( $message == "" ) {
          $_SESSION['UserName']=$UserName;
          $qMembers = mysql_query("INSERT INTO members (UserName, Password, UserEmail, age, Location, Gender, Language) VALUES ('$UserName', '$Password', '$UserEmail', '$Age', '$Location', '$Gender', '$Language')");

          $queryMemberID = mysql_query ("SELECT MemberID FROM members WHERE UserName = '".$_SESSION['UserName']."'");
          $getRow = mysql_fetch_array($queryMemberID);

          $MemberID = $getRow['MemberID'];

       // don't have this table   $qImage = mysql_query("INSERT INTO images (memberId, imgLarge, imgSmall) VALUES ('$MemberID' , '0', '0')");

     }


     // Attempt login - username and password must match
     //
     $rs = mysql_query ("SELECT * FROM members
                              WHERE UserName = '$UserName' AND
                                    Password = '$Password' ");

     if ( $rs )
          if ( mysql_num_rows($rs) == 0 )
               $message = "Login failed";
          else {
               echo "<h1>You are logged in</h1>";
               $message = "";
          }


/*
 * Not sure what this is doing, but a redirection header like
 * this one shoud ALWAYS have an exit statement after it
 * like the one I have inserted below

     if (!empty($_SESSION['UserName']))
     {
          header( 'Location: http://outranet.scm.tees.ac.uk/users/g7090679/scapp/profile.php' ) ;
          exit;
     }
     else
          $message = "Log in fail";
     
*/

     return $message;

}
?>

<div><?php echo $message; ?></div>

<div>
<p><!-- register form here-->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellpadding="1" cellspacing="3" class="table1">
    <td width="296" height="140">
    <table width="300" border="0" cellpadding="1" cellspacing="3"
        class="table1">
        <tr></tr>
        <tr>
            <td></td>
            <td></td>
        </tr>
        <tr>
            <td>player Name:</td>
            <td><input name="UserName" type="text" id="UserName" size="20"  maxlength="40" /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input name="Password" type="password" id="Password" size="20" maxlength="40" /></td>
        </tr>
        <tr>
            <td>Email:</td>
            <td><input name="UserEmail" type="text" id="UserEmail" size="40" maxlength="45" /> (Email MUST contain the '@' and '.')</td>
        </tr>
        <tr>
            <td>Age:</td>
            <td><input name="Age" type="text" id="Age" size="25" maxlength="25" /></td>
        </tr>
        <tr>
            <td>Location:</td>
            <td><input name="Location" type="text" id="Location" size="35"  maxlength="35" /></td>
        </tr>
        <tr>
            <td>Gender:</td>
            <td><input name="Gender" type="text" id="Gender" size="25"  maxlength="25" /></td>
        </tr>

        <tr>
            <td>Language:</td>
            <td><input name="Language" type="text" id="Language" size="15"  maxlength="25" /></td>
        </tr>
        <tr>
            <td></td>
            <td><input type="submit" name="submit2" value="Submit" /></td>
        </tr>
    </table>
    </td>
    <tr></tr>
</table>
</form>
</p>
</div>


<?php
    mysql_close();
?>

Open in new window

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How can I split a variable 19 45
Change background images after 5 seconds. 12 47
Insert PHP into HTML page. 7 52
Testing a list of Emails for validity 4 35
Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question