vonpea Posted May 10, 2010 Share Posted May 10, 2010 After many headaches i have finally got a registeration page to work and enter the said fields into the database i though ah-ha success but i realised soon that i didnt have a few lines of code to stop people leaving fields blank and it entering them into the database. What i basically want it to do is to tell the user that they must fill in all fields before they can register when they hit the register button and not enter anything into the database unless they are all filled. So i tried the below (please bear with me on this as i learnt C++ years ago and now trying to work with php) //if registering, check fields. if ($action) { echo "works?"; } if (!$_POST['user'] || !$_POST['pass'] || !$_POST['email'] || !$_POST['vpass']) { print "You must fill out all fields."; exit; } Now the echo was the check to see if it was following the code lines but all i get on my register page is the print line of the code. If i take those lines out the form shows as normal and i have the original problem of empty fields being entered into the database. Is there another way to do this or is it simply i am being stupid and putting this in the wrong place in my code. Thanks in advance for any assistance you may give me. (If i get any other problems along my journey into php i'll post in this same thread so it saves on spam on the forums as i hate spam) Quote Link to comment Share on other sites More sharing options...
Dayo Posted May 10, 2010 Share Posted May 10, 2010 try this if (!isset($_POST['user']) || !isset($_POST['pass']) || !isset($_POST['email']) || !isset($_POST['vpass'])) { print "You must fill out all fields."; exit; } Quote Link to comment Share on other sites More sharing options...
vonpea Posted May 10, 2010 Author Share Posted May 10, 2010 <?php mysql_connect("localhost","*******","******"); mysql_select_db("*********"); $action=$_POST['Submit']; $user=$_POST['user']; $email=$_POST['email']; $pass=$_POST['pass']; //if registering, check fields. if (!isset($_POST['user']) || !isset($_POST['pass']) || !isset($_POST['email']) || !isset($_POST['vpass'])) { print "You must fill out all fields."; exit; } $a=mysql_query("select * from udata where user='$user'"); $b=mysql_num_rows($a); if ($b > 0) { print "Someone already has that username."; exit; } $a2=mysql_query("select * from udata where email='$email'"); $b2=mysql_num_rows($a2); if ($b2 > 0) { print "Someone already has that email."; exit; } //check if passwords are the same if ($_POST['pass'] != $_POST['vpass']) { print "The passwords do not match."; exit; } //end //insert mysql_query("INSERT INTO udata (user, pass, email) VALUES ('$user','$pass','$email')") or die(mysql_error()); { print "You are now registered. Login."; } ?> <form action="" method="post" name="form2" id="form2"> <table> <tr><td>Username:</td><td><input type=text name=user></td></tr> <tr><td>Email:</td><td><input type=text name=email></td></tr> <tr><td>Pass:</td><td><input type=password name=pass></td></tr> <tr><td>Verify Pass:</td><td><input type=password name=vpass></td></tr> <tr><td colspan=2 align=center><input name="Submit" type="submit" class="submit" value="Register!" /> </td></tr> </table> </form> Thanks for you reply but i still get the same error. I know its me doing something stupid along the way as i said i am completely new to php. I know about the using of include db_connect.php but havent done it yet as i'll tidy it up later when it actually works! I starred out the database info as i know the database works as when i remove the code trying to stop themregistering with empty fields it saves the information fine. I hope posting the code will able people to see what i am doing wrong and better help me with this. My apologies for being that new at it but trying to convert from C++ to php isnt easy :S Thank-you in advance for any further help you may be able to give me. Quote Link to comment Share on other sites More sharing options...
iSOS Posted May 10, 2010 Share Posted May 10, 2010 if (isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['email']) && isset($_POST['vpass'])) { if((empty($_POST['user'])) || (empty($_POST['pass'])) || (empty($_POST['email'])) || (empty($_POST['vpass']))) { echo ('You must fill out all fields.'); exit; } Quote Link to comment Share on other sites More sharing options...
vonpea Posted May 10, 2010 Author Share Posted May 10, 2010 Thank-you so much Zed i didnt think of looking for an argument to ask if the field was empty. Its so simple when i think about it now. Although i still have an error where its doing the checks for existing username and email but i am now at least on the right track to resolving that. I'll have a play around and see if i can work it out (i like to try and figure thing sout first rather than the easy option as i dont learn anything otherwise) If i really cant figure it out i'll post again. Many many thanks Zed for that :) Quote Link to comment Share on other sites More sharing options...
vonpea Posted May 11, 2010 Author Share Posted May 11, 2010 <?php mysql_connect("localhost",*********","***********"); mysql_select_db("*****************"); $action=$_POST['Submit']; $user=$_POST['user']; $email=$_POST['email']; $pass=$_POST['pass']; //if registering, check fields. if (isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['email']) && isset($_POST['vpass'])) { if((empty($_POST['user'])) || (empty($_POST['pass'])) || (empty($_POST['email'])) || (empty($_POST['vpass']))) { echo ('You must fill out all fields.'); exit; } } if($_POST['submit']){ $_POST['user'] = trim($_POST['user']); if($_POST['user'] && strlen($_POST['user']) >= 3){ $query = mysql_query("SELECT * FROM udata WHERE user = '$user'"); if(mysql_num_rows($query)){ echo ('user exists.'); exit; } } } //check if passwords are the same if ($_POST['pass'] != $_POST['vpass']) { print "The passwords do not match."; exit; } //end //insert mysql_query("INSERT INTO udata (user, pass, email) VALUES ('$user','$pass','$email')") or die(mysql_error()); { print "You are now registered. Login."; } ?> <form action="" method="post" name="form2" id="form2"> <table> <tr><td>Username:</td><td><input type=text name=user></td></tr> <tr><td>Email:</td><td><input type=text name=email></td></tr> <tr><td>Pass:</td><td><input type=password name=pass></td></tr> <tr><td>Verify Pass:</td><td><input type=password name=vpass></td></tr> <tr><td colspan=2 align=center><input name="Submit" type="submit" class="submit" value="Register!" /> </td></tr> </table> </form> Well i had an attempt at is and the code seems to work aparat from the fact it doesnt seem to be able to see if the user already exists in the database. Again i know the database is right because it put information in there but i know i am missing something here. I spoke to a friend who suggested using if exists (select * from udata where user ='$user') but i did some research and cant find any reference to "exists". Could someone at least give me a point in the right direction or a slap round the back of the head for doing something wrong thats stupidly obvious. Many thanks again. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted May 11, 2010 Share Posted May 11, 2010 I've got a function to check rows in a table. Here it is: function _qn($col, $table, $where=0, /*$tempt=0*/) { global $c; // simple function to get the number of rows from a query $sql = 'SELECT ' . $col . ' FROM ' . $table . (!empty($where) ? ' WHERE ' . $where : ''); $ret = mysql_query($sql); // rewritten for this purpose if (empty($ret)) return 0; // actually get the number of rows, by mysql_num_rows // the function is simple, and does the job - so theres no need to rewrite it else $rows = mysql_num_rows($ret); return $rows; } It's been patched for your purpose, MCCodes. It's also not very pretty, but I use it. :) Anyway, to contribute it to your script you can simple add a call. if (_qn('username', 'users', '`username` = \'' . $username . '\'') > 0) { echo 'You already have an account with us! Please ....add what's necessary'; } I personally design my scripts in two parts: input and output. This means that the validation goes at the top of the script, and does the actually verification and processing work. The other part, relies on variables passed down to display anything that might be needed. Also, a technique I use for form validation is arrays. I have an array with all fields, and introduce it to a foreach loop to check all fields. This is then controlled by a $error variable, which - if any errors occured - returns true. The script could just ouput the error down the line. Here is an example: <?php $fields = array('name', 'password', 'confirm_password, 'email'); if (!empty($_POST)) { $error = array(); foreach($fields as $field) { if (empty($_POST[$field])) $error[] = 'The ' . $field . ' field can not be empty.'; else $_POST[$field] = sanitize_function($_POST[$field]); } // if further validation is requied, do it. if (_qn('username', 'users', '`username` =\'' . $_POST['name'] . '\') > 0) $error[] = 'This username is already in use.'; elseif ($_POST['password'] != $_POST['confirm_password']) $error[] = 'The passwords you entered does not match.'; else { // everything has been validated /* ... sql queries, mail, etc. */ } } if (count($error) > 0) { echo ' An error occurred! '; foreach($error as $e) echo $e . ' '; echo '</p>'; } echo '<form>'; // the actual HTML form, and other output ?> Just a template I find very rewarding. Quote Link to comment Share on other sites More sharing options...
vonpea Posted May 11, 2010 Author Share Posted May 11, 2010 Hi thanks for the post but just as i checked back i have found a way that what i want works! I havent tested it fully yet and i still have a few issues on the page like it creates a blank entry in the database when it loads the page. I know its not tidy and very sloppy but on my part its an achievement. // check if username exists in database. $qry = "SELECT user FROM udata WHERE user = '".$_POST['user']."'"; $sqlmembers = mysql_query($qry); $name_check = mysql_fetch_array ($sqlmembers); $name_checkk = mysql_num_rows ($sqlmembers); if ($name_checkk != 0) { die('Sorry, the username: [b]'.$_POST['uname'].'[/b]' . ' is already taken, please pick another one.'); } Quote Link to comment Share on other sites More sharing options...
Spudinski Posted May 11, 2010 Share Posted May 11, 2010 That would work, just remove the $name_check. It doesn't make sense to have it. Quote Link to comment Share on other sites More sharing options...
vonpea Posted May 11, 2010 Author Share Posted May 11, 2010 I now have a new issue. When the page is first visited it automatically creates blank entrys in the database for user,email and pass. Once the page has been visited the code is recognising the blank field user in the database as already there so is telling the page to print the username is already in use. How on earth do i stop the page saving those blank fields when it first loads? Below is the code i am using and thank-you in advance for any help Also a small bug the "you now are registered message" also displays the first time you load the page as well its a little irritating :? <?php mysql_connect("localhost","******","***********"); mysql_select_db("*************_udata"); $action=$_POST['Submit']; $user=$_POST['user']; $email=$_POST['email']; $pass=$_POST['pass']; //if registering, check fields. if (isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['email']) && isset($_POST['vpass'])) { if((empty($_POST['user'])) || (empty($_POST['pass'])) || (empty($_POST['email'])) || (empty($_POST['vpass']))) { echo ('You must fill out all fields.'); exit; } } // check if username exists in database. $qry = "SELECT user FROM udata WHERE user = '".$_POST['user']."'"; $sqlmembers = mysql_query($qry); $name_check = mysql_fetch_array ($sqlmembers); $name_checkk = mysql_num_rows ($sqlmembers); if ($name_checkk != 0) { die('Sorry, the username: [b]'.$_POST['uname'].'[/b]' . ' is already taken, please pick another one.'); } // check passwords match if ($_POST['passwd'] != $_POST['passwd_again']) { die('Passwords did not match.'); } // check show_email data if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) { die('Nope'); } /* $a=mysql_query("select * from udata where user='$user'"); $b=mysql_num_rows($a); if ($b > 0) { print "Someone already has that username."; exit; } $a2=mysql_query("select * from udata where email='$email'"); $b2=mysql_num_rows($a2); if ($b2 > 0) { print "Someone already has that email."; exit; }*/ //check if passwords are the same if ($_POST['pass'] != $_POST['vpass']) { print "The passwords do not match."; exit; } //end //insert mysql_query("INSERT INTO udata (user, pass, email) VALUES ('$user','$pass','$email')") or die(mysql_error()); { print "You are now registered."; } ?> <form action="" method="post" name="form2" id="form2"> <table> <tr><td>Username:</td><td><input type=text name=user></td></tr> <tr><td>Email:</td><td><input type=text name=email></td></tr> <tr><td>Pass:</td><td><input type=password name=pass></td></tr> <tr><td>Verify Pass:</td><td><input type=password name=vpass></td></tr> <tr><td colspan=2 align=center><input name="Submit" type="submit" class="submit" value="Register!" /> </td></tr> </table> </form> Quote Link to comment Share on other sites More sharing options...
iSOS Posted May 11, 2010 Share Posted May 11, 2010 Try this. <?php mysql_connect("localhost","******","***********"); mysql_select_db("*************_udata"); //if registering, check fields. if (isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['email']) && isset($_POST['vpass'])) { if((empty($_POST['user'])) || (empty($_POST['pass'])) || (empty($_POST['email'])) || (empty($_POST['vpass']))) { echo ('You must fill out all fields.'); exit; } $action=$_POST['Submit']; $user=$_POST['user']; $email=$_POST['email']; $pass=$_POST['pass']; // check if username exists in database. $qry = "SELECT user FROM udata WHERE user = '".$_POST['user']."'"; $sqlmembers = mysql_query($qry); $name_check = mysql_fetch_array ($sqlmembers); $name_checkk = mysql_num_rows ($sqlmembers); if ($name_checkk != 0) { die('Sorry, the username: [b]'.$_POST['uname'].'[/b]' . ' is already taken, please pick another one.'); } // check passwords match if ($_POST['passwd'] != $_POST['passwd_again']) { die('Passwords did not match.'); } // check show_email data if ($_POST['show_email'] != 0 & $_POST['show_email'] != 1) { die('Nope'); } /* $a=mysql_query("select * from udata where user='$user'"); $b=mysql_num_rows($a); if ($b > 0) { print "Someone already has that username."; exit; } $a2=mysql_query("select * from udata where email='$email'"); $b2=mysql_num_rows($a2); if ($b2 > 0) { print "Someone already has that email."; exit; }*/ //check if passwords are the same if ($_POST['pass'] != $_POST['vpass']) { print "The passwords do not match."; exit; } //end //insert mysql_query("INSERT INTO udata (user, pass, email) VALUES ('$user','$pass','$email')") or die(mysql_error()); { print "You are now registered."; } } ?> <form action="" method="post" name="form2" id="form2"> <table> <tr><td>Username:</td><td><input type=text name=user></td></tr> <tr><td>Email:</td><td><input type=text name=email></td></tr> <tr><td>Pass:</td><td><input type=password name=pass></td></tr> <tr><td>Verify Pass:</td><td><input type=password name=vpass></td></tr> <tr><td colspan=2 align=center><input name="Submit" type="submit" class="submit" value="Register!" /> </td></tr> </table> </form> Quote Link to comment Share on other sites More sharing options...
vonpea Posted May 11, 2010 Author Share Posted May 11, 2010 Thanks Zed :) That worked perfectly Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.