Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Regular Coder Armondo's Avatar
    Join Date
    Feb 2007
    Posts
    144
    Thanks
    3
    Thanked 0 Times in 0 Posts

    user registration email + input validation

    i was messing around with a user registration code and i got it to work! the user registration sends the user's "name", "password", and "email" to the database. the username and password are hard to screw up, but i can't seem to get the email validation to work. i overlooked this because most of my users put in honest email addresses that i was able to contact. but one user that recently registered put as his email address..."whatever@fergetyou" obviously this isn't a real email. and while deleting this account from the database, i also found that there was some of blank entries. like they didn't put anything in, and then pressed submit. how would i verify the email and check that all the form fields are filled in? i found this tutorial on email verification but it returns errors for me...
    here be meh codes:
    PHP Code:
                <?
                
    //replace username and password with your mysql name and password
                
    $conn mysql_connect("***","***","***");
                
                
    //select the database
                
    $db mysql_select_db("flashanims_db");
                
                
    $username $_POST["username"];
                
    $password $_POST["password"];
                
    $email $_POST["email"];
                
                
    //insert the values
                
    $resultMYSQL_QUERY("INSERT INTO users (id, username, password, email)".
                   
    "VALUES ('NULL', '$username', '$password', '$email')");
                
                echo 
    "<span>Your name and password have been submitted into our database! <a href=\"/comboard/login.php\">Click Here To Login</a></span>";
                
    ?>
    ..
    ▲ ▲

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You can validate by checking for if its empty or not:
    PHP Code:
    if (empty($var))
    {
        
    // Do something when its empty

    You will want to probably trim the variables as well to remove any white spaces, this prevents the user from typing in nothing but spaces.
    Also, this:
    PHP Code:
    INSERT INTO .... VALUES ($_POST['values'
    Is not a good idea. Granted you have dumped it into a local variable, but you should be validating the data itself, mysql_real_escape_string, datatyping, email validation, etc, as these will help prevent an sql injection - which is very bad.
    Oh, and on a quick side note, assuming the id is an autoincrementing field, leave it out completely. Null is not of an integer datatype, so the newer versions of sql will reject the insertion attempt. I learned that the hard way.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    If you don't want to get into the hairy zone of validating email addresses, you could always just look for: text, @, text containing at least 1 period (use a regular expression).

    It won't get you 100% valid email addresses, but it'll get you some decent input.

    The easiest (although sometimes most bothersome for the user) way of validating the email is to actually require them to activate the account through an email. Or send the generated password to them in an email.

  • #4
    Regular Coder Armondo's Avatar
    Join Date
    Feb 2007
    Posts
    144
    Thanks
    3
    Thanked 0 Times in 0 Posts
    yeah, but how would i be able to do that? like check for it? and i keep getting errors when i try to put my insert the values into the database inside of the if statment. can anyone redirect me to some resources or give me an example? google is giving me bogus stuff .
    ..
    ▲ ▲

  • #5
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Post those "errors" that you keep getting, so that we may see what the problem is.

    And also post the code that you are attempting to run.

  • #6
    Regular Coder Armondo's Avatar
    Join Date
    Feb 2007
    Posts
    144
    Thanks
    3
    Thanked 0 Times in 0 Posts
    ok i now have it to where it you have to enter an email in the right format...witch will at least prevent totally bogus emails .
    and i also got it to only post the data to the database if the email is valid. but umm...how would be able to check if the fields are all filled in? and trim spaces out side of the text? like this:

    _ = space
    _ = trimmed space

    username:__Cool_guy89832121_
    password: ___poop__iscool__
    my code:
    PHP Code:
                <?
                
    //replace username and password with your mysql name and password
                
    $conn mysql_connect("p41mysql5.secureserver.net","flashanims_db","allnumeric132");
                
                
    //select the database
                
    $db mysql_select_db("flashanims_db");
                
                
    $username $_POST["username"];
                
    $password $_POST["password"];
                
    $email $_POST["email"];
                
                function 
    check_email_address($email) {
                
    // First, we check that there's one @ symbol, and that the lengths are right
                
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$"$email)) {
                
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
                
    return false;
                }
                
    // Split it into sections to make life easier
                
    $email_array explode("@"$email);
                
    $local_array explode("."$email_array[0]);
                for (
    $i 0$i sizeof($local_array); $i++) {
                if (!
    ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$"$local_array[$i])) {
                return 
    false;
                }
                }
                if (!
    ereg("^\[?[0-9\.]+\]?$"$email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
                
    $domain_array explode("."$email_array[1]);
                if (
    sizeof($domain_array) < 2) {
                return 
    false// Not enough parts to domain
                
    }
                for (
    $i 0$i sizeof($domain_array); $i++) {
                if (!
    ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$"$domain_array[$i])) {
                return 
    false;
                }
                }
                }
                return 
    true;
                }
                 
                if(
    check_email_address($email)) {
                
    //insert the values
                
    $resultMYSQL_QUERY("INSERT INTO users (id, username, password, email)".
                   
    "VALUES ('NULL', '$username', '$password', '$email')");
                echo 
    "<span>Your name and password have been submitted into our database! <a href=\"/comboard/login.php\">Click Here To Login</a></span>";
                } else { echo
    "<span>oh poop...there was an error</span>"; }
                
    ?>
    added a email validation function.
    Last edited by Armondo; 03-22-2007 at 12:46 AM.
    ..
    ▲ ▲

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    'NULL', '$username', '$password', '$email'
    These are string literals, not variables. Remove the quotations and you will get some values to work with. Trim will remove spaces on both sides of the string, if you want to use it on only one side, you can use ltrim or rtrim. You really should add some escaping on your $_POST inputs as well - you want to perserve your database after all
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #8
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts

    Exclamation

    These are string literals, not variables. Remove the quotations and you will get some values to work with
    You are correct on his use of 'NULL', however the other values are correctly quoted as they are strings.

  • #9
    Regular Coder Armondo's Avatar
    Join Date
    Feb 2007
    Posts
    144
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    'NULL', '$username', '$password', '$email'
    These are string literals, not variables. Remove the quotations and you will get some values to work with. Trim will remove spaces on both sides of the string, if you want to use it on only one side, you can use ltrim or rtrim. You really should add some escaping on your $_POST inputs as well - you want to perserve your database after all
    that is great, but how do i do it? lol? i can't find any good results on google. could you direct me to your resource that you use? i have some php books, but they don't really say anything about trimming data. and how do i escape characters that could harm mysql? what could harm mysql?
    ..
    ▲ ▲

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Quote Originally Posted by aedrin View Post
    You are correct on his use of 'NULL', however the other values are correctly quoted as they are strings.
    o.O
    You're right, what was I thinking with that one? Maybe off of the select statement (you'll have to help me out its been awhile, lol).

    Quote Originally Posted by Armondo View Post
    that is great, but how do i do it? lol? i can't find any good results on google. could you direct me to your resource that you use? i have some php books, but they don't really say anything about trimming data. and how do i escape characters that could harm mysql? what could harm mysql?
    Trimming is simple:
    PHP Code:
    $string '    This is my string to trim    ';  // Notice both sides need trimming
    $leftTrimmed ltrim($string);
    echo 
    $leftTrimmed "<br />\n";
    $rightTrimmed rtrim($string);
    echo 
    $rightTrimmed ."<br />\n";
    $allTrimmed trim($string);
    echo 
    $allTrimmed "<br />\n";
    echo 
    $string "<br />\n"
    Output (need to monospace this so you can see, also adding \n but it won't actually display):
    Code:
    [ltrim]: This is my string to trim    \n
    [rtrim]:     This is my string to trim\n
    [trim]:  This is my string to trim\n
    [notrim]:    This is my string to trim    \n
    To escape your input, most people use mysql_real_escape_string.
    This function adds a backslash to the following characters: \x00, \n, \r, \, ', " and \x1a.
    Here's where the fun comes from. magic_quote_gpc directive may already be escaping some of these strings if its enabled. Which means, attempting any type of escaping, be it mysql_real_escape_string or addslashes or whatever you are using, it will provide a double escaping:
    O'Reily (hey did I spell his name right!?)
    escaped:
    O\'Reily
    Escaped with magic_quotes_gpc enabled:
    O\\\'Reily [you don't want this]
    So you may need to configure your directives. Its simple, just use an ini_set on your magic_quotes_gpc directive, as I'm almost 100% that its a PHP_INI_ALL direct, meaning you can change it anywhere.
    Why escape input into your database? SQL-Injections can be used to overtake or modify your database. No matter what the degree, any type of injection is not favorable. Here is a link to an injection article on the php website.

    Hope I nailed it down for you there!
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #11
    Regular Coder
    Join Date
    Oct 2005
    Location
    Right Here
    Posts
    654
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Code:
    $error = false;
    if(empty($username)) {
         $error = true;
         $message .= "Username is Blank";
    }
    
    if($error == false) {
         //insert into the database
    } else {
         echo $message;
    }
    You can also check the char count on your fields you want to check by using strlen($field) > 0 (Or however many chars you are looking for.

    -Dennis

  • #12
    Regular Coder Armondo's Avatar
    Join Date
    Feb 2007
    Posts
    144
    Thanks
    3
    Thanked 0 Times in 0 Posts
    cool, i implemented it and i am just working out the bugs. thanks guys, i will post if i have further trouble
    ..
    ▲ ▲

  • #13
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    NP mate, glad to help.

    Quote Originally Posted by iLLin View Post

    You can also check the char count on your fields you want to check by using strlen($field) > 0 (Or however many chars you are looking for.

    -Dennis
    Good point, this is especially useful if you are requiring minimum lengths for usernames and / or passwords. Doesn't really help with validation, but is a great base starting point, and I'm glad you pointed it out.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •