anevins Posted March 11, 2011 Share Posted March 11, 2011 Hi, I created a previous thread but the problems were too confusing so I've started this thread again. I have a register form and it's supposed to validate if fields are empty. If fields are not empty, it should enter data on submit, into the table. The problem: The form is able to submit without validation and the data does not enter the table. The code: <?php require_once('./includes/connectvars.php'); // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (isset($_POST['submit'])) { // Grab the profile data from the POST $username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $password1 = mysqli_real_escape_string($dbc, trim($_POST['password1'])); $password2 = mysqli_real_escape_string($dbc, trim($_POST['password2'])); $firstname = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); $lastname = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); if (!empty($username) && !empty($password1) && !empty($password2) && ($password1 == $password2) && !empty($firstname) && !empty($lastname)) { // Make sure someone isn't already registered using this username $query = "SELECT * FROM cuser WHERE username = '$username'"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 0) { // The username is unique, so insert the data into the database $query = "INSERT INTO cuser (username, password, join_date, first_name, last_name) VALUES ('$username', SHA('$password1'), NOW(), '$firstname', '$lastname')"; mysqli_query($dbc, $query); // Confirm success with the user echo '<p>Your new account has been successfully created. You\'re now ready to <a href="login.php">log in</a>.</p>'; mysqli_close($dbc); exit(); } else { // An account already exists for this username, so display an error message echo '<p class="error">An account already exists for this username. Please use a different address.</p>'; $username = ""; } } else { echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>'; } } mysqli_close($dbc); ?> <p>Please enter your username and desired password to sign up to Mismatch.</p> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <legend>Registration Info</legend> <label for="username">Username:</label> <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br /> <label for="password1">Password:</label> <input type="password" id="password1" name="password1" /><br /> <label for="password2">Password (retype):</label> <input type="password" id="password2" name="password2" /><br /> <label for="first_name">first name:</label> <input type="text" id="first_name" name="first_name" /><br /> <label for="last_name">last name:</label> <input type="text" id="last_name" name="last_name" /><br /> <input type="submit" value="Sign Up" name="submit" /> </form> </body> </html> Any ideas on what the problem is? I've sent my sessions in another file. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 11, 2011 Share Posted March 11, 2011 1) Ideally, you should validate each field and present the individual errors to the user along with the form, with the previously entered values pre-filled. That way the user cna simply make the needed edits and resubmit. Yes, it's more work, but in the long run it greatly enhances the user experience and causes less people to simply become frustrated and leave. 2) If you run a query solely to see if any records are returned that match, it's more efficient to run a SELECT COUNT() query than it is to SELECT and use mysqli_num_rows() 3) When INSERTing, you should not only check that the query ran successfully, but that the expected number of records were inserted, by using mysqli_affected_rows(). Quote Link to comment Share on other sites More sharing options...
anevins Posted March 11, 2011 Author Share Posted March 11, 2011 I'm working with an example from a book, 'head first into PHP / MySQL' and that code is an extract from it, with my database and table names changed. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 11, 2011 Share Posted March 11, 2011 Wow. I'm surprised that came from a published book. Is it in an early chapter? At any rate, looking over the code I don't see anything that jumps out that would cause it not to work as intended. What is happening when you submit the form without everything entered? You should get the "You must enter all of the sign-up data, including the desired password twice." message, along with the form, and no record added to the database. Quote Link to comment Share on other sites More sharing options...
anevins Posted March 11, 2011 Author Share Posted March 11, 2011 Yes it really did come from a published book, and it is used to represent registration forms over many chapters. When I press submit with no data entered in the form, the page refreshes to the home page. Quote Link to comment Share on other sites More sharing options...
anevins Posted March 11, 2011 Author Share Posted March 11, 2011 I'm off to bed, this thread will be postponed until tomorrow. Thanks Quote Link to comment Share on other sites More sharing options...
anevins Posted March 12, 2011 Author Share Posted March 12, 2011 Okiedokie I'm back so this thread can continue. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 13, 2011 Share Posted March 13, 2011 Well, Like I said earlier, I don't really see anything obvious that would cause the problem. Do you have error reporting enabled? What do the variables show if you var_dump() them before and after they're sanitized? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.