Solved

Record inserting into database even with form validation in place for empty fields

Posted on 2016-08-28
7
62 Views
Last Modified: 2016-08-28
If I run this code and leave the password blank it will give an error and not insert anything. If I enter a password and leave the email address field empty, it still submits into the database (empty record in email column) but still shows me the error on the page that I must enter an email address. I can't figure out why this is happening. Also, the page does not redirect if signup is successful.

$error = "";
$success = "";

if (isset($_POST['submit'])) {
	
	if (!$_POST['email']) {
		
		$error .="Your email address is required<br>";
	}
	
	if ($_POST['email'] && filter_var($_POST["email"], FILTER_VALIDATE_EMAIL) === false) {

            $error .= "The email address is invalid.<br>";

        }
	
	if (!$_POST['password']) {
		
		$error .="Please enter a password<br>";
		
		
	} 
	
	else {
			
		
	$sql = "SELECT email FROM `users` WHERE email = '".$link->real_escape_string($_POST['email'])."' LIMIT 1";
		
			$result = $link->query($sql);
		
		if($result->num_rows > 0) {

			$error .= "The email, " .$_POST['email']. " ,is already taken";
			
		} else {
			
			$stmt = $link->prepare("INSERT INTO users (email, password) VALUES (?, ?)");
			$stmt->bind_param("ss", $email, $password);
			$email = htmlentities($_POST['email'], ENT_QUOTES);
			$password = trim(password_hash($password, PASSWORD_BCRYPT, [12]));
			$stmt->execute();
			$stmt->close();
                        header:("location: welcome.php");
		}
		
	}

}

Open in new window

0
Comment
Question by:Black Sulfur
7 Comments
 
LVL 8

Accepted Solution

by:
Mukesh Yadav earned 500 total points
ID: 41773512
Try this ;)

Instead of else use if condition to check for errors

So, replace
} else {

Open in new window

with
if(empty($error)){

Open in new window

0
 

Author Comment

by:Black Sulfur
ID: 41773513
Excellent, that worked! What about the redirect though? It still doesn't redirect.
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 41773520
Try the full url. See https://en.wikipedia.org/wiki/HTTP_location 
It's true, that the updated HTTP 1.1 specifications...allow(ing) the use of relative URLs in Location headers, but it can't hurt to specify the full url.

Also, do you see errors in error log? Your code does not output anything, which is fine, but if there is anything, even just a space outside of <?php ?> before you send a header, you get an error.

Also things output afterwards may hinder it to work. Put an exit; after sending the header.

Bye, Olaf.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Black Sulfur
ID: 41773524
Hi Olaf,

Using exit keeps the url at register.php so it doesn't redirect but the page becomes blank. I get no errors as far as I can see. if I use the full URL (I am running on localhost) it still doesn't redirect.

Do you have a suggestion or method you would use to check for errors just in case I am missing something?
0
 

Author Comment

by:Black Sulfur
ID: 41773599
never mind, I see what I did wrong.

I had header:("

instead of header(

:)
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 41773601
OK, I didn't spot that, too. It surely caused an error. You might have error display off, if this is your productive website, for development every error should be reported.

Bye, Olaf.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 41773795
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question