Solved

form validation not working

Posted on 2011-03-14
7
583 Views
Last Modified: 2013-12-13
my simple register form has stop working
 the validation is not working? not sure why. i just get log in fail echo am about to cry
even when i enter nothing in to the form and click submit it gets all the way through my if statements to the log in fail part.
but this shouldn't be able to get this far because my validation should stop it and it should echo "Sorry but you must complete the full registration form" so am unsure why it is doing this

<?php
session_start();
if(isset($_POST['submit2'])) {
register();
}
function register()
{
 session_start();
 global $message;
       include("conf.php");
    $connection = mysql_connect($databaseURL,$databaseUName,$databasePWord);
        // or die ("Error while connecting to localhost");
    $db = mysql_select_db($databaseName,$connection);
        //or die ("Error while connecting to database");

//get values of input fields
$UserName = addslashes($_POST['UserName']); //The Value of the input field for User Name
$UserEmail = addslashes($_POST['UserEmail']); //Email
$Password = addslashes($_POST['Password']); //password
$Age = addslashes($_POST['Age']); //Telephone number
$Location = addslashes($_POST['Location']); //Users First Name
$Gender = addslashes($_POST['Gender']); //Users Middle Names
$Language = addslashes($_POST['Language']); //Users Surname

//If name and email are NOT empty, insert into mysql

if (strlen($UserName)>1 and strlen($Password)>1 and strlen($UserEmail)>1 and strlen($Age)>1 and strlen($Location)>1 and strlen($Gender)>1 and strlen($Language)>1 and strstr($UserEmail,"@") and strstr($UserEmail,".") )
      {
      
      $get = mysql_query ("SELECT count(MemberID) FROM members WHERE UserName = '$UserName'");
            $result = mysql_result($get,0);
      }
else
      { $message = "Sorry but you must complete the full registration form";
      }            
      
      
      if ($result!=0)
            {       $message = "Your Player name is already taken!"; session_destroy();
            }
            else
                  {
                        $_SESSION['UserName']=$UserName;
                  $qMembers = mysql_query("INSERT INTO members (UserName, Password, UserEmail, age, Location, Gender, Language) VALUES ('$UserName', '$Password', '$UserEmail', '$Age', '$Location', '$Gender', '$Language')");
                  
                  
                  
                  $queryMemberID = mysql_query ("SELECT MemberID FROM members WHERE UserName = '".$_SESSION['UserName']."'");
                  $getRow = mysql_fetch_array($queryMemberID);

                  $MemberID = $getRow['MemberID'];
                  
                  
                  
                  
                  
                  
                  $qImage = mysql_query("INSERT INTO images (memberId, imgLarge, imgSmall) VALUES ('$MemberID' , '0', '0')");
                  

                  
                  
                  
                  
                        
                  
                  mysql_close($connection);
                  
                  }
                        
                        if (!empty($_SESSION['UserName']))
                        {
                        header( 'Location: http://outranet.scm.tees.ac.uk/users/g7090679/scapp/profile.php' ) ;
                        }
                              else
                              { $message = "Log in fail";
                              }      
                        
}
?>

<div>
<? echo $message ?>
</div>

<div><p> <!-- register form here-->
  <form action="<?=$_SERVER['PHP_SELF'];?>" method="POST">
  <table border="0" cellpadding="1" cellspacing="3" class="table1">
  <td width="296" height="140"><table width="300" border="0" cellpadding="1" cellspacing="3" class="table1">
    <tr></tr>
    <tr>
      <td></td>
      <td></td>
    </tr>
       <tr>
      <td>player Name:</td>
      <td><input name="UserName" type="text" id="UserName" size="20" maxlength="40" /></td>
    </tr>
    <tr>
              <td>Password:</td>
          <td><input name="Password" type="text" id="Password" size="20" maxlength="40" /></td>
        </tr>
        <tr>
          <td>Email:</td>
          <td>
            <input name="UserEmail" type="text" id="UserEmail" size="40" maxlength="45" />
        (Email MUST contain the '@' and '.')
                  

          </td>
        </tr>
          <tr>
                <td>Age:</td>
                <td>
                    <input name="Age" type="text" id="Age" size="25" maxlength="25" />
                        
                </td>
        </tr>
              <tr>
                <td>Location:</td>
                <td>
                    <input name="Location" type="text" id="Location" size="35" maxlength="35" />
                        
                </td>
        </tr>
            <tr>
                <td>Gender:</td>
                <td>
                    <input name="Gender" type="text" id="Gender" size="25" maxlength="25" />
                        
                </td>
        </tr>
 
 
    <tr>
          <td>Language:</td>
          <td>
        <input name="Language" type="text" id="Language" size="15" maxlength="25" />
                  
          </td>
        </tr>
        <tr>
          <td></td>
          <td><input type="submit" name="submit2" value="Submit" /></td>
        </tr>
  </table>
  </td>
  </tr>
  </table>
</form></div>







CREATE TABLE IF NOT EXISTS `members` (
  `MemberID` int(11) NOT NULL auto_increment,
  `UserName` varchar(50) NOT NULL,
  `Password` varchar(55) NOT NULL,
  `UserEmail` varchar(55) NOT NULL,
  `Age` int(11) NOT NULL,
  `Location` varchar(55) NOT NULL,
  `Gender` varchar(55) NOT NULL,
  `Language` varchar(55) NOT NULL,
  PRIMARY KEY  (`MemberID`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=12 ;

--
-- Dumping data for table `members`
--

INSERT INTO `members` (`MemberID`, `UserName`, `Password`, `UserEmail`, `Age`, `Location`, `Gender`, `Language`) VALUES
(1, 'test', 'admin', 'admin@admin.com', 100, 'uk', 'male', 'french');
0
Comment
Question by:helpchrisplz
  • 4
  • 2
7 Comments
 
LVL 4

Assisted Solution

by:Finec
Finec earned 200 total points
ID: 35132982
Hi,

strstr()  returns with a string, when you're checking the email-address. In this case, you have to use strpos(), because it will return boolean FALSE, if there's no match.

Or you can use regular expressions:
preg_match('#^[_a-z0-9-]+@[_a-z0-9-]+\.[a-z]{2,4}$#ism', $UserEmail)

Open in new window


I hope this'll solve the problem.
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133037
i have changed the strstr parts of my if

if (strlen($UserName)>1 and strlen($Password)>1 and strpos($UserEmail)>1 and strlen($Age)>1 and strlen($Location)>1 and strlen($Gender)>1 and strlen($Language)>1 and strpos($UserEmail,"@") and strpos($UserEmail,".") )

but it just goes to log in fail
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133107
i just try this:

if (strlen($UserName)>1 and strlen($Password)>1 and preg_match('#^[_a-z0-9-]+@[_a-z0-9-]+\.[a-z]{2,4}$#ism', $UserEmail) and strlen($Age)>1 and strlen($Location)>1 and strlen($Gender)>1 and strlen($Language)>1)

but still doesn't fix it.

the problem is that it should not get past this validation. but it is and it is entering the user into the database table. so am not sure why it can get through this validation hmm i thing my next if in the line is in the wrong place it should be inside the first if. but then its should set the session but its not  
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 300 total points
ID: 35133169
I have had a look at the code and I think you're a bit confused as to what you are doing. First, there are some syntactic changes that need to be made.

Do not use AND as a PHP logical connective - use && instead base AND does not work the way you think it does, so do this...

     if ( strlen($UserName) > 1 &&
          strlen($Password) >  &&
          strlen($UserEmail) > 1 &&
          strlen($Age) > 1 &&
          strlen($Location) > 1 &&
          strlen($Gender) > 1 &&
          strlen($Language) > 1 &&
          strstr($UserEmail,"@") &&
          strstr($UserEmail,".") ) {

Open in new window



Next you set variables when they go wrong - like $message - but you never set them an initial value or when they go right, so the variable only exists if it fails. This is not good practice.

Use mysql_real_escape_string rather then addslashes. Addslashes is being removed in the next version of PHP

Always use <?php and ?> to delimit PHP code. These are the only tags guaranteed to work on all PHP servers. The older style <? tags get confused with XML these days.

I'll going to change the code now and make it work as a fairly standard login/account validation routine. Back in a bit.....
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133342
o god it feels like am getting the cleaners in :)

ok good stuff yes all i had to do was grab my second if and embed it to the first one. thx for the tips guys and gals.
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 35133351
you do get a bit messed in the head doing php all day
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35133357
Anyway, a bit late and I'm not sure I understand your intended logic flow, but here is my guess.....

<?php

session_start();
if(isset($_POST['submit2'])) {
     $message = register();
}

function register()
{

     //get values of input fields
     $UserName = mysql_real_escape_string($_POST['UserName']); //The Value of the input field for User Name
     $UserEmail = mysql_real_escape_string($_POST['UserEmail']); //Email
     $Password = mysql_real_escape_string($_POST['Password']); //password
     $Age = mysql_real_escape_string($_POST['Age']); //Telephone number
     $Location = mysql_real_escape_string($_POST['Location']); //Users First Name
     $Gender = mysql_real_escape_string($_POST['Gender']); //Users Middle Names
     $Language = mysql_real_escape_string($_POST['Language']); //Users Surname

     //If name and email are NOT empty, insert into mysql
     $result = false;
     $message = "";

     if ( strlen($UserName) > 1 &&
          strlen($Password) > 1 &&
          strlen($UserEmail) > 1 &&
          strlen($Age) > 1 &&
          strlen($Location) > 1 &&
          strlen($Gender) > 1 &&
          strlen($Language) > 1 &&
          preg_match( '#^[-\.0-9a-zA-Z]+@[-\.0-9a-zA-Z]+$#', trim($UserEmail) ) > 0 ) {


          // Check if the username is already taken
          //          
          $rs = mysql_query ("SELECT * FROM members WHERE UserName = '$UserName' ");

          if ( $rs )
               if ( mysql_num_rows($rs) != 0 )
                    $message = "Sorry - username already taken";
     }
     else
          $message = "Sorry but you must complete the full registration form";
     

     if ( $message == "" ) {
          $_SESSION['UserName']=$UserName;
          $qMembers = mysql_query("INSERT INTO members (UserName, Password, UserEmail, age, Location, Gender, Language) VALUES ('$UserName', '$Password', '$UserEmail', '$Age', '$Location', '$Gender', '$Language')");

          $queryMemberID = mysql_query ("SELECT MemberID FROM members WHERE UserName = '".$_SESSION['UserName']."'");
          $getRow = mysql_fetch_array($queryMemberID);

          $MemberID = $getRow['MemberID'];

       // don't have this table   $qImage = mysql_query("INSERT INTO images (memberId, imgLarge, imgSmall) VALUES ('$MemberID' , '0', '0')");

     }


     // Attempt login - username and password must match
     //
     $rs = mysql_query ("SELECT * FROM members
                              WHERE UserName = '$UserName' AND
                                    Password = '$Password' ");

     if ( $rs )
          if ( mysql_num_rows($rs) == 0 )
               $message = "Login failed";
          else {
               echo "<h1>You are logged in</h1>";
               $message = "";
          }


/*
 * Not sure what this is doing, but a redirection header like
 * this one shoud ALWAYS have an exit statement after it
 * like the one I have inserted below

     if (!empty($_SESSION['UserName']))
     {
          header( 'Location: http://outranet.scm.tees.ac.uk/users/g7090679/scapp/profile.php' ) ;
          exit;
     }
     else
          $message = "Log in fail";
     
*/

     return $message;

}
?>

<div><?php echo $message; ?></div>

<div>
<p><!-- register form here-->
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellpadding="1" cellspacing="3" class="table1">
    <td width="296" height="140">
    <table width="300" border="0" cellpadding="1" cellspacing="3"
        class="table1">
        <tr></tr>
        <tr>
            <td></td>
            <td></td>
        </tr>
        <tr>
            <td>player Name:</td>
            <td><input name="UserName" type="text" id="UserName" size="20"  maxlength="40" /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input name="Password" type="password" id="Password" size="20" maxlength="40" /></td>
        </tr>
        <tr>
            <td>Email:</td>
            <td><input name="UserEmail" type="text" id="UserEmail" size="40" maxlength="45" /> (Email MUST contain the '@' and '.')</td>
        </tr>
        <tr>
            <td>Age:</td>
            <td><input name="Age" type="text" id="Age" size="25" maxlength="25" /></td>
        </tr>
        <tr>
            <td>Location:</td>
            <td><input name="Location" type="text" id="Location" size="35"  maxlength="35" /></td>
        </tr>
        <tr>
            <td>Gender:</td>
            <td><input name="Gender" type="text" id="Gender" size="25"  maxlength="25" /></td>
        </tr>

        <tr>
            <td>Language:</td>
            <td><input name="Language" type="text" id="Language" size="15"  maxlength="25" /></td>
        </tr>
        <tr>
            <td></td>
            <td><input type="submit" name="submit2" value="Submit" /></td>
        </tr>
    </table>
    </td>
    <tr></tr>
</table>
</form>
</p>
</div>


<?php
    mysql_close();
?>

Open in new window

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
PHP and Soap 3 30
compressing images after upload 4 31
PHP Sum Column in Table 3 28
Creating a slider 12 35
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now