0

Hi all in daniweb,
I attempted some form validation but I seem to have made a complete mess of it. Before I introduced the validation and regular expressions it was working fine but because I'm not really sure of this topic I made some syntax errors. I would really appreciate any help with this as I really need this form to validate properly and I'd like to know where I went wrong. I left out some of the form fields for brevity.

The Form Action

case 'Create Account': 
        $error=array(); 
        $name = (isset($_POST['name'])) trim(? $_POST['name']) : ''; 
        if(empty($name)){ 
        $error[]=urlencode('Please enter your fullname.'); 
        } 
         
        $email = (isset($_POST['email'])) trim(? $_POST['email']) : ''; 
        if(empty($email)){ 
        $error[]=urlencode('Please enter your email.'); 
        if (strpos($email, ".") > 0) && 
                   (strpos($email, "@") > 0)) || 
                    preg_match("/[^a-zA-Z0-9.@_-]/", $email)) 
        $error[] = urlencode('The Email address is invalid.'); 
        } 
         
        $username = (isset($_POST['username'])) trim(? $_POST['username']) : ''; 
        if(empty($username)){ 
        $error[]=urlencode('Please enter a username.'); 
        if (strlen($username)) < 5){ 
         $error[] = urlencode('Usernames must be at least 5 characters long.'); 
        } 
         
        // check if username already is registered 
        $sql = 'SELECT username FROM site_users WHERE username = "' . 
        $username . '"'; 
        $result = mysql_query($sql, $db) or die(mysql_error()); 
        if (mysql_num_rows($result) > 0) { 
        $errors[] = 'Username ' . $username . ' is already registered.'; 
        $username = ''; 
    } 
        $age = (isset($_POST['age'])) trim(? $_POST['age']) : ''; 
        if(empty($age)){ 
        $error[]=urlencode('Please enter your age.'); 
        if (!is_numeric($age)) { 
            $error[] = urlencode('Please enter a numeric value for age.'); 
        } else if ($age < 18 || $age > 110) { 
            $error[] = urlencode('Please enter age between 18 and 110.'); 
        } 
         
        $phone = (isset($_POST['phone'])) trim(? $_POST['phone']) : ''; 
        if(empty($phone)){ 
        $error[]=urlencode('Please enter your phone number.'); 
        if (!is_numeric($phone)) { 
            $error[] = urlencode('Please enter a numeric value for phone number.'); 
        } 

        $password_1 = (isset($_POST['password_1'])) trim(? $_POST['password_1']) : ''; 
        if(empty($password_1)){ 
        $error[]=urlencode('Please enter password 1.'); 
        if (strlen($password_1)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 

        $password_2 = (isset($_POST['password_2'])) trim(? $_POST['password_2']) : ''; 
        if(empty($password_2)){ 
        $error[]=urlencode('Please enter password 2.'); 
        if (strlen($password_2)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 
         
        $password = ($password_1 == $password_2) ? $password_1 : ''; 
        if (empty($error)) {  
            $sql = 'INSERT INTO site_users 
                    (email, password, name, username, age, phone, address, county) 
                VALUES 
                ("' . mysql_real_escape_string($email, $db) . '", 
                PASSWORD("' . mysql_real_escape_string($password, $db) . '"),  
                "' . mysql_real_escape_string($name, $db) . '", 
                "' . mysql_real_escape_string($username, $db) . '", 
                  "' . mysql_real_escape_string($age, $db) . '", 
                   "' . mysql_real_escape_string($phone, $db) . '" 

             
            mysql_query($sql, $db) or die(mysql_error($db)); 

            session_start(); 
            $_SESSION['user_id'] = mysql_insert_id($db); 
            $_SESSION['access_level'] = 1; 
            $_SESSION['name'] = $name; 
            $_SESSION['username'] = $username; 
         
        }else{ 
        header('Location:register.php?action=create account' . 
              '&error=' . join($error, urlencode('<br/>'))); 
        } 
        redirect('cms_index.php'); 
        break;

The checkuser availability might be in the wrong place and also I think
the last bit after the else statement isn't right. I'm not sure what I need to do at that point in the function.
The Form

<form method="post" action="cms_transact_user.php"> 
<td> 
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> 
  <tr> 
  <td colspan="3"><strong><br/>Sign Up</strong></td> 
  </tr> 
  <tr> 
  <td>&nbsp;</td> 
  </tr> 
  <tr> 
   <td><label for="name">Full&nbsp;Name: </label></td> 
   <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" 
     value="<?php echo htmlspecialchars($name); ?>"/></td> 
  </tr> 
ETC....
<tr> 
   <td> 
    <input type="submit" name="action" value="Create Account"/> 
   </td> </tr> 
  </table> 
  </form>

I would be extremely grateful if someone can help me to get this form to work properly as if I could get the syntax right for one form I can work away with the rest. I've tried tutorials online but they all use different methods to validate and as my forms are already built I need to keep the form structure I have. I'm really stuck on this and
I have to have this working by tomorrow so if anyone can help, you would definately be doing your good deed for the day.

3
Contributors
2
Replies
3
Views
7 Years
Discussion Span
Last Post by digital-ether
0

Hi

Try using this regular expression to validate your email.

^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]

and for the rest? try posting the specific validations that arent working.

Regards

0

Hi all in daniweb,
I attempted some form validation but I seem to have made a complete mess of it. Before I introduced the validation and regular expressions it was working fine but because I'm not really sure of this topic I made some syntax errors. I would really appreciate any help with this as I really need this form to validate properly and I'd like to know where I went wrong. I left out some of the form fields for brevity.

The Form Action

case 'Create Account': 
        $error=array(); 
        $name = (isset($_POST['name'])) trim(? $_POST['name']) : ''; 
        if(empty($name)){ 
        $error[]=urlencode('Please enter your fullname.'); 
        } 
         
        $email = (isset($_POST['email'])) trim(? $_POST['email']) : ''; 
        if(empty($email)){ 
        $error[]=urlencode('Please enter your email.'); 
        if (strpos($email, ".") > 0) && 
                   (strpos($email, "@") > 0)) || 
                    preg_match("/[^a-zA-Z0-9.@_-]/", $email)) 
        $error[] = urlencode('The Email address is invalid.'); 
        } 
         
        $username = (isset($_POST['username'])) trim(? $_POST['username']) : ''; 
        if(empty($username)){ 
        $error[]=urlencode('Please enter a username.'); 
        if (strlen($username)) < 5){ 
         $error[] = urlencode('Usernames must be at least 5 characters long.'); 
        } 
         
        // check if username already is registered 
        $sql = 'SELECT username FROM site_users WHERE username = "' . 
        $username . '"'; 
        $result = mysql_query($sql, $db) or die(mysql_error()); 
        if (mysql_num_rows($result) > 0) { 
        $errors[] = 'Username ' . $username . ' is already registered.'; 
        $username = ''; 
    } 
        $age = (isset($_POST['age'])) trim(? $_POST['age']) : ''; 
        if(empty($age)){ 
        $error[]=urlencode('Please enter your age.'); 
        if (!is_numeric($age)) { 
            $error[] = urlencode('Please enter a numeric value for age.'); 
        } else if ($age < 18 || $age > 110) { 
            $error[] = urlencode('Please enter age between 18 and 110.'); 
        } 
         
        $phone = (isset($_POST['phone'])) trim(? $_POST['phone']) : ''; 
        if(empty($phone)){ 
        $error[]=urlencode('Please enter your phone number.'); 
        if (!is_numeric($phone)) { 
            $error[] = urlencode('Please enter a numeric value for phone number.'); 
        } 

        $password_1 = (isset($_POST['password_1'])) trim(? $_POST['password_1']) : ''; 
        if(empty($password_1)){ 
        $error[]=urlencode('Please enter password 1.'); 
        if (strlen($password_1)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 

        $password_2 = (isset($_POST['password_2'])) trim(? $_POST['password_2']) : ''; 
        if(empty($password_2)){ 
        $error[]=urlencode('Please enter password 2.'); 
        if (strlen($password_2)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 
         
        $password = ($password_1 == $password_2) ? $password_1 : ''; 
        if (empty($error)) {  
            $sql = 'INSERT INTO site_users 
                    (email, password, name, username, age, phone, address, county) 
                VALUES 
                ("' . mysql_real_escape_string($email, $db) . '", 
                PASSWORD("' . mysql_real_escape_string($password, $db) . '"),  
                "' . mysql_real_escape_string($name, $db) . '", 
                "' . mysql_real_escape_string($username, $db) . '", 
                  "' . mysql_real_escape_string($age, $db) . '", 
                   "' . mysql_real_escape_string($phone, $db) . '" 

             
            mysql_query($sql, $db) or die(mysql_error($db)); 

            session_start(); 
            $_SESSION['user_id'] = mysql_insert_id($db); 
            $_SESSION['access_level'] = 1; 
            $_SESSION['name'] = $name; 
            $_SESSION['username'] = $username; 
         
        }else{ 
        header('Location:register.php?action=create account' . 
              '&error=' . join($error, urlencode('<br/>'))); 
        } 
        redirect('cms_index.php'); 
        break;

The checkuser availability might be in the wrong place and also I think
the last bit after the else statement isn't right. I'm not sure what I need to do at that point in the function.
The Form

<form method="post" action="cms_transact_user.php"> 
<td> 
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> 
  <tr> 
  <td colspan="3"><strong><br/>Sign Up</strong></td> 
  </tr> 
  <tr> 
  <td>&nbsp;</td> 
  </tr> 
  <tr> 
   <td><label for="name">Full&nbsp;Name: </label></td> 
   <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" 
     value="<?php echo htmlspecialchars($name); ?>"/></td> 
  </tr> 
ETC....
<tr> 
   <td> 
    <input type="submit" name="action" value="Create Account"/> 
   </td> </tr> 
  </table> 
  </form>

I would be extremely grateful if someone can help me to get this form to work properly as if I could get the syntax right for one form I can work away with the rest. I've tried tutorials online but they all use different methods to validate and as my forms are already built I need to keep the form structure I have. I'm really stuck on this and
I have to have this working by tomorrow so if anyone can help, you would definately be doing your good deed for the day.

To validate email syntax a good library is:
http://code.google.com/p/php-email-address-validation/

It tries to follow the email address specification as close as possible.

To validate it via SMTP a good library is:
http://code.google.com/p/php-smtp-email-validation/

Note with SMTP you should consider invalid as meaning it could not be validated, and not as the last authority.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.