CodingForums.com - View Single Post - Resolved System keep updating table even registration fail

Jian0203 · 01-04-2013, 09:48 PM

Case 1: Empty fields -> update into database too(wrong!).
Case 2: Register email is not valid -> update into database too(wrong!).
Case 3: Username already exist -> update into database too(wrong!).

the system shouldn't update the database if the cases above happen but it does update nor matter how.

can anyone please check for me ? Thank you so much and i appreciate that a lots ^^

Part of register.php

PHP Code:


			
<?php



if (isset ($_POST['register_username'], $_POST['register_email'])){



    $password1=0;

    $password2=0;

    $password3=0;

    $password4=0;

    $password5=0;

    

    $register_username = $_POST["register_username"];    

    $register_email = $_POST["register_email"];    

    $password1 = $_POST["pass1"];

    $password2 = $_POST["pass2"];

    $password3 = $_POST["pass3"];

    $password4 = $_POST["pass4"];

    $password5 = $_POST["pass5"];

    

    $errors = array();

    

    if (empty($register_username) || empty($register_email) || empty($password1) || empty($password2) || empty($password3) || empty($password4) || empty($password5)){

        $error[] = '';

?>



<script type = "text/javascript">



    alert("Please fill in all fields.");

    

</script>



<?php        

    }else{

    

    if (filter_var($register_email, FILTER_VALIDATE_EMAIL) === false) {

        $error[] = '';

?>

    

<script type = "text/javascript">



    alert("Email address not valid.");

    

</script>



<?php

    

    }

    

    if (strlen($register_username) > 30 || strlen($register_email >255)){

        $error[] = '';

?>



<script type = "text/javascript">



    alert("One or more fields contain too many characters.");

    

</script>



<?php

    

    }

    

    if (user_exists($register_username) === true){

        $error[] = '';

        

    }

    

  }

  

  if (!empty($errors)) {

    foreach ($errors as $error) {

    

?>



<script type = "text/javascript">



    alert("Registration error. Please try again.");

    

</script>



<?php 



    } 

    } else {



    $register = user_register($register_username, $password1, $password2, $password3, $password4, $password5, $register_email); 

    $_SESSION['customer_email'] = $register;

?>



<script type = "text/javascript">



        alert("Your have successfully registered!");

        location = "welcome.php";

        

</script>



<?php

    exit();

    }

    

}

?>

Part of user.func.php

PHP Code:


			
function user_register($customer_username, $customer_pass1, $customer_pass2, $customer_pass3, $customer_pass4, $customer_pass5, $customer_email){



    $customer_username = mysql_real_escape_string($customer_username);

    $customer_pass1 = mysql_real_escape_string($customer_pass1);

    $customer_pass2 = mysql_real_escape_string($customer_pass2);

    $customer_pass3 = mysql_real_escape_string($customer_pass3);

    $customer_pass4 = mysql_real_escape_string($customer_pass4);

    $customer_pass5 = mysql_real_escape_string($customer_pass5);

    $customer_email = mysql_real_escape_string($customer_email);

    mysql_query("INSERT INTO `customerdetail` VALUES ('$customer_username', '$customer_pass1', '$customer_pass2', '$customer_pass3', '$customer_pass4', '$customer_pass5', '$customer_email')");

}



function user_exists($customer_username){



    $customer_username = mysql_real_escape_string($customer_username);

    $query = mysql_query ("SELECT COUNT(customer_email) FROM `customerdetail` WHERE `customer_username` = '$customer_username'");

    return (mysql_result($query, 0) == 1) ? true : false;

}

01-04-2013, 09:48 PM	PM User \| #1
Jian0203 New Coder Join Date: Mar 2012 Posts: 47 Thanks: 2 Thanked 0 Times in 0 Posts	System keep updating table even registration fail Case 1: Empty fields -> update into database too(wrong!). Case 2: Register email is not valid -> update into database too(wrong!). Case 3: Username already exist -> update into database too(wrong!). the system shouldn't update the database if the cases above happen but it does update nor matter how. can anyone please check for me ? Thank you so much and i appreciate that a lots ^^ Part of register.php PHP Code: <?php if (isset ($_POST['register_username'], $_POST['register_email'])){ $password1=0; $password2=0; $password3=0; $password4=0; $password5=0; $register_username = $_POST["register_username"]; $register_email = $_POST["register_email"]; $password1 = $_POST["pass1"]; $password2 = $_POST["pass2"]; $password3 = $_POST["pass3"]; $password4 = $_POST["pass4"]; $password5 = $_POST["pass5"]; $errors = array(); if (empty($register_username) \|\| empty($register_email) \|\| empty($password1) \|\| empty($password2) \|\| empty($password3) \|\| empty($password4) \|\| empty($password5)){ $error[] = ''; ?> <script type = "text/javascript"> alert("Please fill in all fields."); </script> <?php }else{ if (filter_var($register_email, FILTER_VALIDATE_EMAIL) === false) { $error[] = ''; ?> <script type = "text/javascript"> alert("Email address not valid."); </script> <?php } if (strlen($register_username) > 30 \|\| strlen($register_email >255)){ $error[] = ''; ?> <script type = "text/javascript"> alert("One or more fields contain too many characters."); </script> <?php } if (user_exists($register_username) === true){ $error[] = ''; } } if (!empty($errors)) { foreach ($errors as $error) { ?> <script type = "text/javascript"> alert("Registration error. Please try again."); </script> <?php } } else { $register = user_register($register_username, $password1, $password2, $password3, $password4, $password5, $register_email); $_SESSION['customer_email'] = $register; ?> <script type = "text/javascript"> alert("Your have successfully registered!"); location = "welcome.php"; </script> <?php exit(); } } ?> Part of user.func.php PHP Code: function user_register($customer_username, $customer_pass1, $customer_pass2, $customer_pass3, $customer_pass4, $customer_pass5, $customer_email){ $customer_username = mysql_real_escape_string($customer_username); $customer_pass1 = mysql_real_escape_string($customer_pass1); $customer_pass2 = mysql_real_escape_string($customer_pass2); $customer_pass3 = mysql_real_escape_string($customer_pass3); $customer_pass4 = mysql_real_escape_string($customer_pass4); $customer_pass5 = mysql_real_escape_string($customer_pass5); $customer_email = mysql_real_escape_string($customer_email); mysql_query("INSERT INTO `customerdetail` VALUES ('$customer_username', '$customer_pass1', '$customer_pass2', '$customer_pass3', '$customer_pass4', '$customer_pass5', '$customer_email')"); } function user_exists($customer_username){ $customer_username = mysql_real_escape_string($customer_username); $query = mysql_query ("SELECT COUNT(customer_email) FROM `customerdetail` WHERE `customer_username` = '$customer_username'"); return (mysql_result($query, 0) == 1) ? true : false; } Last edited by Jian0203; 01-05-2013 at 11:47 AM..