0
if(empty($_POST['txtEmail'])) 
{
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?emptyusr=1';
    header('Location:'.$page);   
} 
4
Contributors
11
Replies
12
Views
5 Years
Discussion Span
Last Post by ElaineTeo
Featured Replies
  • 1

    I do not understand why you run the query if the field is blank. What is the $sql query? Maybe you should negate the condition (if $_POST['txtEmail'] is not empty then...): if(!empty($_POST['txtEmail'])) You actually have to tell what to achieve or maybe post the whole script. Read More

0
if(empty($_POST['txtEmail'])) 
{
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?emptyusr=1';
    header('Location:'.$page);   
} 


if (isset($_REQUEST['emptyusr']))
{
    echo "<font color=red>Please fill in email</font>";
}

If the filed is blank, should be cant add into database and will show msg "Please fill in email".. But I still can add data into database and din show and error msg... Thank for help...

0

if(empty($_POST['txtEmail']))

I think you should make the first line to check as NOT EMPTY like this:-

if ($_POST['txtEmail'] != "")

Try and see... Please let me know if it didn't help. Thanks

0

And this Block of code should be in another PHP file called "Signup.php". Not over here...

if (isset($_REQUEST['emptyusr']))
{    
   echo "<font color=red>Please fill in email</font>";
}

Please try and see if it helps....

Thanks

0

Yes, I already change to

if ($_POST['txtEmail'] != "")

But still the same... Din show any error msg..

if (isset($_REQUEST['emptyusr'])){echo "<font color=red>Please fill in email</font>";}
Ya, this code is inside SignUp.php

1

I do not understand why you run the query if the field is blank. What is the $sql query? Maybe you should negate the condition (if $_POST['txtEmail'] is not empty then...):

if(!empty($_POST['txtEmail']))

You actually have to tell what to achieve or maybe post the whole script.

0
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$_POST[txtEmail]','$_POST[txtPassword]','$_POST[txtRePassword]','$_POST[txtFirstName]','$_POST[txtLastName]','$_POST[cboNationality]','$_POST[cboGender]')";



if ($txtEmail != '')
{
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?emptyusr=1';
    header('Location:'.$page);   
} 

if($_POST['txtPassword'] == $_POST['txtRePassword'])
{
    //Passwords Matched, so proceed with code
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }

    $page='SignUp.php';
    header('Location:'.$page);   
}
else
{
    $page='SignUp.php?wrongpwd=1';
    header('Location:'.$page);   
} 



mysql_close($con)
0

Sorry to keep you waiting so long for reply, I've been away.

You have an error in your SQL statement. The associative indexes of the $_POST array have to be enclosed in quotes and in addition to that $_POST elements have to be enclosed in curly braces since they are composite variables. So the correct syntax for the query would be:

$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('{$_POST['txtEmail']}','{$_POST['txtPassword']}','{$_POST['txtRePassword']}','{$_POST['txtFirstName']}','{$_POST['txtLastName']}','{$_POST['cboNationality']}','{$_POST['cboGender']}')";

But there is a better and safer way. Firstly it is a very bad idea to include values form POST directly to your query without cleaning them first. Someone can input a SQL injection code in one of your textboxes and run her query with bad intentions on your database. So you better clean the values first (at least escape them using i.e. mysql_real_escape_string - http://php.net/manual/en/function.mysql-real-escape-string.php). Secondly using quotes and curly braces as above is correct but can lead to errors. So better, safer and cleaner approach would be:

// clean values, I used trim and mysql_real_escape_string,
// you can also use filters or your functions, also depending on values
$txtEmail = mysql_real_escape_string(trim($_POST['txtEmail']), $con);
$txtPassword = mysql_real_escape_string(trim($_POST['txtPassword']), $con);
$txtRePassword = mysql_real_escape_string(trim($_POST['txtRePassword']), $con);
$txtFirstName = mysql_real_escape_string(trim($_POST['txtFirstName']), $con);
$txtLastName = mysql_real_escape_string(trim($_POST['txtLastName']), $con);
$cboNationality = mysql_real_escape_string(trim($_POST['cboNationality']), $con);
$cboGender = mysql_real_escape_string(trim($_POST['cboGender']), $con);

// use clean values in the query
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$txtEmail','$txtPassword','$txtRePassword','$txtFirstName','$txtLastName','$cboNationality','$cboGender')";
0

Another error (and probably the main reason to not working) is in line 7 of your code:

if ($txtEmail != '')

$txtEmail has probably not been declared yet. You probably meant $POST['txtEmail'].

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.