Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New to the CF scene
    Join Date
    Mar 2013
    Location
    minnesota
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    onsubmit wont work on this, why? please help

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

    <head>
    <title>PHP Script</title>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
    <script type="text/javascript" src="registration.js">
    </script>
    </head>
    <body>
    <?php require_once("database.php"); //my connection to the database?>

    <?php

    //*****************my variables***********************************//
    $strFirstName = "";
    $strLastName = "";
    $strEmail = "";
    $intAge = 0;
    $strGender = "";
    $strUserName = "";
    $strPassword = "";
    //******************checking if the form has been set*************************************//
    if (isset($_POST["submit"])) {
    $intFirstLoad = 0;
    $intAge = $_POST["intAge"];
    $strFirstname = $_POST["strFirstname"];
    $strLastname = $_POST["strLastname"];
    $strUsername = $_POST["strUsername"];
    $strEmail = $_POST["strEmail"];
    $strGender = $_POST["strGender"];
    $strPassword = $_POST["strPassword"];

    echo '<style type="text/css">#contact { display: block; }</style>';
    //******************dont add to thses below*************************************//
    if ($strFirstname != NULL && $strLastname != NULL && $strPassword != NULL) {
    echo "<p>Greetings $strFirstname $strLastname</p>";
    echo "<p>Your username is $strUsername and your password is $strPassword</p>";
    echo "<p>Thank you for registrating with us.</p>";
    echo '<p>Head back to the home page <a href="index.html" .</a> here. to log in</p>';
    //*******************PUTTING IN DATA INTO THE USERS DATA INTO THE DATABASE******************//
    $myTable = mysql_query("INSERT INTO mytable VALUES ('','$strFirstname', '$strLastname', '$strEmail', '$intAge', '$strGender', '$strUsername','$strPassword')", $dbLocalhost)
    or die ("problem writing to table: " . mysql_error());
    }
    }
    else
    $intFirstLoad = 1;
    ?>

    | <a href="index.html" >Home</a> |
    <a href="blog.html" >Blog</a> |
    <a href="event.html" >Event Calendar</a> |
    <a href="media.html" >Media</a> |
    <a href="volunteer.html">Volunteer</a> |
    <h2>Please fill out our registration form:</h2>


    <form action='<?php echo $_SERVER["PHP_SELF"]; ?>' onsubmit="return validateRegistration(this)" method='post' >

    <p>
    <label for="strFirstname">Firstname: </label>
    <input type='text' name='strFirstname' id='strFirstname'/>
    <?php if ($strFirstname == NULL && $intFirstLoad == 0) echo "Not Entered" ?>
    </p>
    <p>
    <label for="strLastname">Lastname: </label>
    <input type='text' name='strLastname' id='strLastname'/>
    <?php if ($strLastname == NULL && $intFirstLoad == 0) echo "Not Entered" ?>
    </p>
    <p>
    <label for="strUsername">Username: </label>
    <input type='text' name='strUsername' id='strUsername'/>
    <?php if ($strUsername == NULL && $intFirstLoad == 0) echo "Not Entered" ?>
    </p>
    <p>
    <label for="strEmail">e-Mail: </label>
    <input type='text' name='strEmail' id='strEmail'/>
    <?php if ($strEmail == NULL && $intFirstLoad == 0) echo "Not Entered" ?>
    </p>
    <p>
    <label for="strPassword">Password: </label>
    <input type='password' name='strPassword' id='strPassword'/>
    <?php if ($strPassword == NULL && $intFirstLoad == 0) echo "Not Entered" ?>
    </p>
    <p><input type='submit' name='submit'/></p>



    </form>
    </body>
    </html>





    //*****************here is the external js file code***************//
    function validateRegistration(loginForm)
    {
    var booValid=true;
    var strErrorMessage="";
    if(loginForm.pword.value.length < 5 || loginForm.pword.value.length > 30)
    {
    strErrorMessage += "Your password must be between 5 and 30 characters\n";
    booValid=false;
    }
    if(loginForm.strFirstName.value=="")
    {
    strErrorMessage +="The First name field cannot be empty\n";
    booValid=false;
    }
    if(loginForm.strLastName.value=="")
    {
    strErrorMessage +="The Last name field cannot be empty\n";
    booValid=false;
    }
    if(loginForm.strPassword.value=="")
    {
    strErrorMessage +="The password field cannot be empty\n";
    booValid=false;
    }
    if(loginForm.intAge.value=="")
    {
    strErrorMessage +="The Age field cannot be empty\n";
    booValid=false;
    }
    if(loginForm.strEmail.value.indexOf("@") == -1)
    {
    strErrorMessage += "The Email name field must use an email address\n";
    booValid=false;
    }
    if(!booValid)
    {
    alert(strErrorMessage);
    }
    return booValid;

    }

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,731
    Thanks
    202
    Thanked 2,508 Times in 2,486 Posts
    Three points:-

    When posting here please help us to help you by making it easier to copy, test and debug your scripts by following the posting guidelines and wrapping your code in CODE tags. This means use the octothorpe or # button on the toolbar. You can (and should) edit your previous post.


    Form validation of the pattern if (document.formname.formfield.value == "") - that is blank - is barely worthy of the name, and virtually useless, as even a single space, an X or a ? will return false, that is pass the validation. A proper name may only contain letters, hyphen, space and apostrophe.
    Numeric values, such as zip codes, phone numbers and dates, should be validated as such. Ditto email addresses. Simply to test for an @ sign is utterly inadequate. This topic has been covered many times before in this forum.

    A form field can never be null - only "" (blank).

    onsubmit="return validateRegistration(this.form)"

    All advice is supplied packaged by intellectual weight, and not by volume. Contents may settle slightly in transit.
    Last edited by Philip M; 03-15-2013 at 08:46 PM.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    Philip: Wrong on this one:
    Code:
    onsubmit="return validateRegistration(this.form)"
    Look again at his code:
    Code:
    <form action='xxx.php' onsubmit="return validateRegistration(this)" method='post' >
    The object here *IS* the <form>. So this refers to the <form>.

    this.form, if used here, will be null.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    One more thing: When posting in the JAVASCRIPT FORUM, please do *NOT* show us your PHP code!!!

    (a) Some of us don't use PHP.
    (b) Maybe there is an error in your PHP code and even those who use PHP might not be able to find it because it depends upon your particular setup and/or database.

    When posting in the JavaScript forum, do this:
    (1) Bring the page in question up in your own browser.
    (2) Click on the VIEW menu (or equivalent) of your browser.
    (3) Click on the SOURCE or PAGE SOURCE menu item.

    NOW you will be shown the HTML *as your browser sees it*, and *THAT* is what you need to copy/paste to this forum.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #5
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,020
    Thanks
    75
    Thanked 4,323 Times in 4,289 Posts
    I do see one major error.
    Code:
    <input type='password' name='strPassword' id='strPassword'/>
    versus
    Code:
    if(loginForm.pword.value.length < 5 || loginForm.pword.value.length > 30)
    KABLOOEY! Your script stops working as soon as it hits that line.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #6
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    17,731
    Thanks
    202
    Thanked 2,508 Times in 2,486 Posts
    Quote Originally Posted by Old Pedant View Post
    I do see one major error.
    Code:
    <input type='password' name='strPassword' id='strPassword'/>
    versus
    Code:
    if(loginForm.pword.value.length < 5 || loginForm.pword.value.length > 30)
    KABLOOEY! Your script stops working as soon as it hits that line.
    Well spotted! Later on he has if(loginForm.strPassword.value=="")
    which is in fact redundant as he has already tested for length <5.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • #7
    Regular Coder
    Join Date
    Jan 2013
    Location
    Germany
    Posts
    578
    Thanks
    4
    Thanked 77 Times in 77 Posts
    I don't know why I have to post this for the third time within a few days in the JS forum, but:

    Code:
    $myTable = mysql_query("INSERT INTO mytable VALUES ('','$strFirstname', '$strLastname', '$strEmail', '$intAge', '$strGender', '$strUsername','$strPassword')", $dbLocalhost)
    It cannot be overstated how dangerous it is what you're doing. It takes literally no effort to take over control of your database and do whatever I want with it – because you are not sanitizing your user input.

    Please read the following very carefully and adapt your code:
    http://php.net/manual/en/security.da...-injection.php

    Also, you are only validating the input client-side, which is another big problem. Client-side validation is nice for instant feedback to the user, but you always need to validate the input server-side, too, otherwise someone can just turn off their Javascript and bypass your validation.
    Last edited by Airblader; 03-15-2013 at 09:17 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •