View Full Version : Form help

Oct 31st, 2009, 05:41 PM
I've used PHP to code an account registration system for my website, and it works perfectly. However, on the form where users enter their account information to be put into the database, I want to have a Confirm Password box that is compared to the Password box, and gives the user an error if they don't match. Also, I want the user to be unable to submit the form with blank entries.

This is my form at the moment:

<form method="post" action="register.php">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" name="Submit" value="Submit">

I'm not sure if it's HTML I need for this, but any help would be great, thanks.

Oct 31st, 2009, 09:03 PM
You need javascript for this on the client side but - VERY IMPORTANTLY - remember that you need to have the same checks (and then some) on the server-side to clean and validate data. Javascript can be disabled and/or modified by the user so you can't trust that it will take complete care of your form data. A user with something as simple as firebug can manipulate your HTML/javascript on their side and submit your form with extra fields that they entered. You also have to consider what happens if someone submits data to your form from another site as part of a malicious attack. The possibilities are endless but there are basic steps you can take to curtail the obvious ones.

Always always ALWAYS validate data server-side before storing or processing that data.

With that said, it's still a good idea to validate client-side first to avoid wasted bandwidth and server resources when legitimate users enter data that is obviously incorrect. So by all means, please do pursue a javascript solution for your form checking. Google can be a very good friend for this.

Nov 1st, 2009, 10:39 AM
Thanks for the reply, but I've already sorted it. I did IF statements for comparing Password and Confirm Password boxes, not allowing the user to submit blank fields, and to check the database if the username has already been taken.

I don't like javascript lol.