Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Mar 2012
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Problem with registration script.

    Hi.
    I have a script written to register new members that is really basic but working.

    But at the moment I have it going to another page to process the code.

    This isnt ideal for error handling.

    I have tried numerous things to make the form send the data to the same page
    but cant get it to work.

    this is my signup.php file as it is now:
    PHP Code:
    <?php
    $user 
    "$_POST[username]";
    $pass "$_POST[password]";
    $mail "$_POST[email]";
    $date date('jS M Y');

    $ulength strlen($user);
    $user htmlspecialchars($user);

    $stripped strlen($user);
    $con mysql_connect("localhost","root","");
    if (!
    $con)
      {
      die(
    'Could not connect: ' mysql_error());
      }
      
    if (
    $ulength <=OR $ulength >=30)
    echo 
    "the username must be between 3 and 30 characters long.";

    else {

    mysql_select_db("users"$con);

    $sql="SELECT * FROM members WHERE username = '$user'";
    $result mysql_query($sql,$con);
    $num_rows mysql_num_rows($result);
    if (
    $num_rows 0)
    echo 
    "username taken";
    else {

    $sql="INSERT INTO members (username, password, email, registerdate)
    VALUES
    ('$user','$pass', '$mail', '$date')"
    ;

    if (!
    mysql_query($sql,$con))
      {
      die(
    'Error: ' mysql_error());
      }
    echo 
    "1 record added";
    }
    }
    mysql_close($con)

    ?> 

    <html>
    <body><center>
    <table width="400px"><tr><td>
    <form action="signup.php" method="post">
    Username: <input type="text" name="username" /><br>
    Password: <input type="text" name="password" /><br>
    Email: <input type="text" name="email" /><br>
    <input type="submit" />
    </form>
    </td></tr></table>
    </center>
    </body>
    </html>
    I tried using:
    PHP Code:
    <?=$_SERVER['PHP_SELF'];?>
    as the form action but it always tried to execute the script regardless of if the form was submitted or not and as such keeps returning username is too short or too long messages.

  • #2
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,535
    Thanks
    45
    Thanked 259 Times in 256 Posts
    First thing: If you have a variable like $POST['something'] being stored into another variable directly... you don't need to nor should you wrap it in quotes. By putting it in quotes, you're saying its a string, whether it is or not. Drop those quotes.

    Next, personally, you have it kind of backwards... forwarding a form to another page is the ideal way to handle it, precisely for the reasons you're having trouble with. By processing on another page, first, you don't bloat your registration page. Next, all the error checking can be done independently of the page content, then passed along. You can pass back errors via GET or SESSION variables with no issue. Plus, if someone is on their registration page, submits it back to itself, then tries to refresh, they get that message that data needs to be resent... its nasty IMO.

    But if you are set on having it on the same page, ERROR CHECK and SANITIZE! Your code is horribly ripe for hacking!

    1) On your page, you're immediately defining and submitting a set of POST variables. Since the POST values aren't set, PHP thinks its smart (though it sends a warning) and sets the variables to NULL, and continues on. Why shouldn't it? You haven't told it to check if a form was submitted or not. Check if your submit button was pushed. Give it a name, use if (ISSET($_POST['submit'])) or give it a value and verify with that. Your form is working exactly as its supposed to... you just haven't told it what you actually want it to do. Of course it will tell you the username is too short... NULL is too short.

    2) SANITIZE! Nothing should be entering your database unless you know EXACTLY what it is. You need to make sure that the name is actually a name (letters, spaces, and apostrophes). The email should be a valid email format (and no apostrophes). You need to escape any SQL characters.

    3) Using tables for layout, SPECIALLY just to make one box, is a BIG no no. Tables are meant to display tabulated data, not for general layout, specially not for a single box. Your code in general needs validation and restructuring; most of it isn't actually going to affect your problem, except for stuff like all inputs must have a name, including your submit.

  • Users who have thanked Keleth for this post:

    r1cky (03-04-2012)

  • #3
    New to the CF scene
    Join Date
    Mar 2012
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks for the reply.

    I just find tables really easy to work with and manipulate which is why I use them for layout purposes.

    And I am struggling with php due to every single tutorial ive read coding in a completely differant way.

    for example

    http://www.homeandlearn.co.uk/php/php.html

    and

    http://w3schools.com/php/default.asp

    do things in completely differant ways.

    the first link is the thing that made me think it was the best way to handle errors.

    are either of them tutorials reliable?
    Last edited by r1cky; 03-04-2012 at 06:07 PM.

  • #4
    Regular Coder
    Join Date
    Sep 2010
    Posts
    331
    Thanks
    9
    Thanked 6 Times in 6 Posts
    I personally find W3schools helpful, especially for the basics. But whatever you choose, I'd recommend only having one reference. And when you have all the code on the same page, I usually just leave action blank. (i.e action="")
    Last edited by elitis; 03-04-2012 at 06:52 PM.
    Coding is a challenge, get used to it
    Always remember to debug
    Try the guess & check method
    Break it down into simple steps


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •