0

This is a really basic question. I validate evrything from my form in javascript so no validation is going through php. The problem is, when the user submits the form ajax has already checked is the username has already been taken or and gives them a message if it is. Now, this doesnt stop them from using the username anyway because when they submit eveything is posting no matter what. So here's the question if I do an if/else statement after if (isset($_POST['submit'])) what prevents php from posting anyway? Example:

if post check database
    if username already taken
    error
    else
    ?????

Whether this hits an error or not it's still going to post all the values in the form correct?

3
Contributors
6
Replies
26
Views
3 Years
Discussion Span
Last Post by almostbob
1

If the condition doesn't match then redirect with an error message, for example:

<?php

session_start();

if($_POST['submit'])
{
    $db = /* connection to database */
    $stmt = $db->prepare("SELECT username FROM users WHERE username = ?");
    $stmt->execute(array($_POST['username']));
    $row = $stmt->fetch(PDO::FETCH_NUM);

    # if FALSE then the username does not exists
    if($row === false)
    {
        # continue the registration process
    }

    else
    {
        # redirect with error message
        $_SESSION['error'][] = 'Username already in use';
        header('Location: ' . $_SERVER['HTTP_REFERER']);
    }
}

And in your form page:

<?php
    # always on top of file
    session_start();

And below, in your page, you display the errors:

<?php
    if($_SESSION['error'])
    {
        foreach($_SESSION['error'] as $err)
        {
            echo "<p>{$err}</p>";
        }

        # unset error messages
        $_SESSION['error'] = null;
    }
?>

Then it's up to you when validate the other submitted data (before or after verifying the username), but you should never rely on javascript, even using AJAX: it can be disabled.

0

you can use ajax to prevent submission : disable the submit button when ajax returns an error, enable submission when ajax confirms error corrected

.

but clientside validation, isnt, it just helps a little

Edited by almostbob

0

Right. I understand the logic. What I dont understand is what is keeping php from posting to a database when it is already in the $_POST function.

0

cereal's answer above demonstrates a short code version

check if username exists,
submit if not exist,
return to referring page if username exists
the error message 'username already exists' will be available to the script when the page returns to the form

some tweaking to match your site code, it is a functional example

Edited by almostbob

0

Let me first apoligize. Maybe I'm not asking my question correctly. I know that code works, I've been using one similar to it and it work perfectly. I come from a c++ background and I'm not use to a function just doing something without being specifically told to. So when I think of someone clicking the submit button I'm assuming the data is going to submit not matter what is inside because the submit function has been invoked.

2

php code is executed onload, unless explicitly coded as a function for later call
function name([variable list]) { code }
cereal's sample,
and yours,(not meant as disparagement)
will execute,
and return a result,
not always the expected result
but a result

the submit button submits the form as, name:value pairs, to the formhandler described in action='filename'
the formhandler then uses its code to validate, sanitise, & decide whether to
submit to the database, or
return for correction, or
discard the submission,
however coded by the developer.
Nothing is predetermined by language constructs

submission of incomplete or incorrect forms to the database, is always a bug in the handler script
some value not checked, within range, already in use, etc
to Stop the user submitting the form when an error is reported, is easy, disable submission until all fields are correctly filled, you are using ajax so its easy
Start with the submit button disabled
<input id='subm' type='submit' disabled='disabled'>

to stop unreported errors being submitted (there is always the chance, however small, of two users posting to the db at the same time) validate again in the form handler, and return

Edited by almostbob

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.