 |
|
|
| View previous topic :: View next topic |
| Author |
Message |
mcd87
Joined: 20 Apr 2008
Posts: 5
|
 Posted: Sun Apr 20, 2008 4:36 pm email validation not working |
 |
|
|
Hi
I have this form for users to register. when the submit button is hit, it is directed to this page for validation.
Everything works except the validation for the email. What have I done wrong?
| Code: |
<?php
$first_name=$_POST['first_name'];
$last_name=$_POST['last_name'];
$username=$_POST['username'];
$password=$_POST['password'];
$conpassword=$_POST['conpassword'];
$error=0;
$con=mysql_connect($mysqlserver,$mysqluser,$mysqlpass);
mysql_select_db($mysqldb);
$result = mysql_query("SELECT * FROM registration");
while($row = mysql_fetch_array($result))
{
if($row['username']==$username)
{
$error=1;
echo"This username already exists!<br>
<a href='register.php'>Please go back and try again</a><br>";
}
}
// check firstname
if(empty($first_name))
{
$error=1;
echo"You did not enter a first name!<br>";
}
// check last name
if(empty($last_name))
{
$error=1;
echo"You did not enter a last name!<br>";
}
// check username
if(empty($username))
{
$error=1;
echo"You did not enter a username!<br>";
}
if($password!=$conpassword)
{
$error=1;
echo"Your passwords do not match!<br>";
}
// check email address
if (preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $email)) {
echo"valid";
} else {
$error=1;
echo '<p class="error">Please enter a valid email address!</p>';
}
if($error==1)
{
echo"<br>Read above to see the errors you recieved, and then go back and change these!
<a href='register.php'>Please go back and try again</a>";
}
else
{
mysql_query("INSERT INTO registration (first_name,last_name,username,password,email) VALUES ('$first_name','$last_name','$username','$password','$email')");
echo"Your account was created!
<a href='index.php'> Login</a>";
}
?> |
Can anyone help?
Thanks in advace |
|
kanenas
Joined: 14 Dec 2004
Posts: 191
|
| Posted: Tue Apr 29, 2008 8:18 pm $email is undefined |
|
|
|
| mcd87 wrote: |
| Can anyone help? |
Yes, quite a few people can help.
Oh, you mean you're looking for help. The fact you're posting in the help forum already tells us that.
What isn't working with the e-mail validation? Are you getting false positives or false negatives? Saying what you want to happen and what actually is happening will make it that much easier to answer your question. What have you tried? As you say, most of the code works, so why post it? Create a minimal test case; this not only makes it easier to answer questions, it's also a useful debugging technique.
Reading up on debugging techniques for PHP programmers will help you out in the future.
I do happen to notice that, while you reference the value of $email, you don't set it in the sample. If your code produced a more informative error when e-mail failed validation (e.g."$email isn't a valid e-mail address" rather than "Please enter a valid e-mail address"), you probably would have spotted this yourself.
In passing the unescaped value of form variables to the SQL queries, you've opened your script up to a huge security hole. Read up on SQL injection.
The code to check for existing username is extraordinarily inefficient because the query fetches the entire table. Instead, try something like:
| Code: |
$username = msql_real_escape_string($_REQUEST['username']);
$result = mysql_query("SELECT username FROM registration WHERE username='$username'");
if (mysql_num_rows($result) > 0) {
// username already exists
...
|
Lastly, I hope you're doing some client side validation for the sake of the user to let hir know when a necessary field is blank. Of course, you still need the server side stuff for the sake of data integrity. |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
 |
|
|
|
|
|
|
Forum Home
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
