Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Mar 2012
    Posts
    52
    Thanks
    2
    Thanked 0 Times in 0 Posts

    System keep updating table even registration fail

    Case 1: Empty fields -> update into database too(wrong!).
    Case 2: Register email is not valid -> update into database too(wrong!).
    Case 3: Username already exist -> update into database too(wrong!).

    the system shouldn't update the database if the cases above happen but it does update nor matter how.

    can anyone please check for me ? Thank you so much and i appreciate that a lots ^^

    Part of register.php

    PHP Code:
    <?php

    if (isset ($_POST['register_username'], $_POST['register_email'])){

        
    $password1=0;
        
    $password2=0;
        
    $password3=0;
        
    $password4=0;
        
    $password5=0;
        
        
    $register_username $_POST["register_username"];    
        
    $register_email $_POST["register_email"];    
        
    $password1 $_POST["pass1"];
        
    $password2 $_POST["pass2"];
        
    $password3 $_POST["pass3"];
        
    $password4 $_POST["pass4"];
        
    $password5 $_POST["pass5"];
        
        
    $errors = array();
        
        if (empty(
    $register_username) || empty($register_email) || empty($password1) || empty($password2) || empty($password3) || empty($password4) || empty($password5)){
            
    $error[] = '';
    ?>

    <script type = "text/javascript">

        alert("Please fill in all fields.");
        
    </script>

    <?php        
        
    }else{
        
        if (
    filter_var($register_emailFILTER_VALIDATE_EMAIL) === false) {
            
    $error[] = '';
    ?>
        
    <script type = "text/javascript">

        alert("Email address not valid.");
        
    </script>

    <?php
        
        
    }
        
        if (
    strlen($register_username) > 30 || strlen($register_email >255)){
            
    $error[] = '';
    ?>

    <script type = "text/javascript">

        alert("One or more fields contain too many characters.");
        
    </script>

    <?php
        
        
    }
        
        if (
    user_exists($register_username) === true){
            
    $error[] = '';
            
        }
        
      }
      
      if (!empty(
    $errors)) {
        foreach (
    $errors as $error) {
        
    ?>

    <script type = "text/javascript">

        alert("Registration error. Please try again.");
        
    </script>

    <?php 

        

        } else {

        
    $register user_register($register_username$password1$password2$password3$password4$password5$register_email); 
        
    $_SESSION['customer_email'] = $register;
    ?>

    <script type = "text/javascript">

            alert("Your have successfully registered!");
            location = "welcome.php";
            
    </script>

    <?php
        
    exit();
        }
        
    }
    ?>
    Part of user.func.php
    PHP Code:
    function user_register($customer_username$customer_pass1$customer_pass2$customer_pass3$customer_pass4$customer_pass5$customer_email){

        
    $customer_username mysql_real_escape_string($customer_username);
        
    $customer_pass1 mysql_real_escape_string($customer_pass1);
        
    $customer_pass2 mysql_real_escape_string($customer_pass2);
        
    $customer_pass3 mysql_real_escape_string($customer_pass3);
        
    $customer_pass4 mysql_real_escape_string($customer_pass4);
        
    $customer_pass5 mysql_real_escape_string($customer_pass5);
        
    $customer_email mysql_real_escape_string($customer_email);
        
    mysql_query("INSERT INTO `customerdetail` VALUES ('$customer_username', '$customer_pass1', '$customer_pass2', '$customer_pass3', '$customer_pass4', '$customer_pass5', '$customer_email')");
    }

    function 
    user_exists($customer_username){

        
    $customer_username mysql_real_escape_string($customer_username);
        
    $query mysql_query ("SELECT COUNT(customer_email) FROM `customerdetail` WHERE `customer_username` = '$customer_username'");
        return (
    mysql_result($query0) == 1) ? true false;

    Last edited by Jian0203; 01-05-2013 at 11:47 AM.

  • #2
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    PHP Code:
    strlen($register_email >255// should be
    strlen($register_email) >255 
    and

    PHP Code:
    if (!empty($errors)) { 
    you are setting $error(s)[] = '' which is still considered to be empty.

    empty(): Returns FALSE if var exists and has a non-empty, non-zero value. Otherwise returns TRUE.

    The following things are considered to be empty:

    "" (an empty string)
    0 (0 as an integer)
    0.0 (0 as a float)
    "0" (0 as a string)
    NULL
    FALSE
    array() (an empty array)
    $var; (a variable declared, but without a value)
    Actually, you have two arrays: errors and error; I assume there should only be one(?).
    Last edited by AndrewGSW; 01-05-2013 at 01:49 AM.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •