Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi guys

 

So here's what I'm trying to do.

 

1. Validate a user alias isn't already in use in the database - if it is - add it to errors

2. Validate if it's empty - if it is add it to errors

3. If not chuck it write into the database.

if (!empty($_POST['useralias'])) {
		$ua = $_POST['useralias'];
		$q = "SELECT useralias from USERS where email='$ua'";
		$r = mysqli_query($dbc, $q);
		$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
		
		if ($row) {
			$errors[] = 'That user alias has already been taken.';
		} else {
			$ua = mysqli_real_escape_string($dbc, trim($_POST['useralias']));
		}
} else {
		$errors[] = 'You forgot to enter your Screen Name.';
}			
		

Does this look about right?

 

Because when I run the script the error doesn't show if it's a duplicate - but I do get the SQL error telling me it needs to be unique.

Link to comment
Share on other sites

if (!empty($_POST['useralias'])) {
		$ua = $_POST['useralias'];
		$q = "SELECT useralias from USERS where email='$ua'";
		$r = mysqli_query($dbc, $q);
		$rowcount=mysqli_num_rows($r);
		
		if ($rowcount > 1) {
			$errors[] = 'That user alias has already been taken.';
		} else {
			$ua = mysqli_real_escape_string($dbc, trim($_POST['useralias']));
		}
} else {
		$errors[] = 'You forgot to enter your Screen Name.';
}	


Like this?

 

I think the problem is more that the IF function isn't catching it to create the error before the SQL Query tries to write it and then I get the SQL to the screen rather than the output of the $errors[ ] array...

Link to comment
Share on other sites

<?

// Check for form submission:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

	require ('../includes/mysqli_connect_dating.php'); // connect to the DB
	$errors = array(); // Initialize an error array.
	
	/* Check for a useralias name:
	if (empty($_POST['useralias'])) {
		$errors[] = 'You forgot to enter your Screen Name.';
	} elseif {
	
		$ua = $_POST['useralias'];
		$q = "SELECT useralias from USERS where email='$ua'";
		$r = mysqli_query($dbc, $q);
		$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
		    
	 	if ($row) {$errors[] = 'That user alias has already been taken.';}
		
	} else {	    
		$ua = mysqli_real_escape_string($dbc, trim($_POST['useralias']));
	}
	*/
	
	
	if (!empty($_POST['useralias'])) {
			$ua = $_POST['useralias'];
			$q = "SELECT useralias from USERS where email='$ua'";
			$r = mysqli_query($dbc, $q);
			$rowcount=mysqli_num_rows($r);
			
			if ($rowcount > 1) {
				$errors[] = 'That user alias has already been taken.';
			} else {
				$ua = mysqli_real_escape_string($dbc, trim($_POST['useralias']));
			}
	} else {
			$errors[] = 'You forgot to enter your Screen Name.';
	}	
	

	
	
	
	
	
	
	// Check for a first name:
	if (empty($_POST['firstname'])) {
		$errors[] = 'You forgot to enter your first name.';
	} else {
		$fn = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
	}
	// Check for a last name:
	if (empty($_POST['lastname'])) {
		$errors[] = 'You forgot to enter your last name.';
	} else {
		$ln = mysqli_real_escape_string($dbc,trim($_POST['lastname']));
	}
	// Check for an email address:
	if (empty($_POST['email'])) {
		$errors[] = 'You forgot to enter your email address.';
	} else {
		$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
	} 
	// Check for an GENDER:
	if (empty($_POST['gender'])) {
		$errors[] = 'You forgot to enter your Gender.';
	} else {
		$g = mysqli_real_escape_string($dbc, trim($_POST['gender']));
	} 
	//TRY IT THIS WASY
	if ($_POST['udobdate'] == '' && $_POST['udobmonth'] == '' && $_POST['udobyear'] == '') {
		$errors[] = 'You forgot to enter your Date of Birth.';
	} else {
		$udob = $_POST['udobyear'] . '/' . $_POST['udobmonth'] . '/' . $_POST['udobdate'];
		$dob = mysqli_real_escape_string($dbc, $udob);
	}

	// Check for a password and match against the confirmed password:
	if (!empty($_POST['pass1'])) {
		if ($_POST['pass1'] != $_POST['pass2']) {
			$errors[] = 'Your password did not match the confirmed password.';
		} else {
			$p = mysqli_real_escape_string($dbc, trim($_POST['pass1'])); //USE THE ESCAPE PIECE TO SECURE THE USER INPUT
		}
	} else {
		$errors[] = 'You forgot to enter your password.';
	}
	if (empty($errors)) { // If everything's OK.
	
		// Register the user in the database...
		require ('../includes/mysqli_connect_dating.php'); // Connect to the db.
				
		// Make the query:
		$q = "INSERT INTO users (useralias, firstname, lastname, email, gender, dob, password, registration_date) VALUES ('$ua', '$fn', '$ln', '$e', '$g', '$dob', SHA1('$p'), NOW() )";		
		$r = @mysqli_query ($dbc, $q); // Run the query.
		if ($r) { // If it ran OK.

			// Declare the session variable ready for register 2 session and go to the next page ? - Print a message:
			$_SESSION['user'] = $_POST['email'];
			echo '	<h1>Thank you! ' . $_SESSION['user'] . '</h1>
					<p>You are now registered. In Chapter 12 you will actually be able to log in!</p><p><br /></p>';	 
		} else { // If it did not run OK.
	
			// Public message:
			echo '<h1>System Error</h1>
			<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; 
	
			// Debugging message:
			echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
				
		} // End of if ($r) IF. 
		mysqli_close($dbc); // Close the database connection.
		// Include the footer and quit the script: 
		exit();
		
	} else { // Report the errors.
		echo '<h1>Error!</h1>
		<p class="error">The following error(s) occurred:<br />';
		foreach ($errors as $msg) { // Print each error.
			echo " - $msg<br />\n";
		}
		echo '</p><p>Please try again.</p><p><br /></p>';
		
	} // End of if (empty($errors)) IF.

} // End of the main Submit conditional.
?>


<h1>Register</h1>
<form action="register.php" method="post">
<fieldset>
<legend>Enter Your Details</legend>
	<p>Screen Name: <input type="text" name="useralias" size="15" maxlength="20" value="<?php if (isset($_POST['useralias'])) echo $_POST['useralias']; ?>" /></p>
	<p>First Name: <input type="text" name="firstname" size="15" maxlength="20" value="<?php if (isset($_POST['firstname'])) echo $_POST['firstname']; ?>" /></p>
	<p>Last Name: <input type="text" name="lastname" size="15" maxlength="40" value="<?php if (isset($_POST['lastname'])) echo $_POST['lastname']; ?>" /></p>
	<p>Email Address: <input type="text" name="email" size="20" maxlength="60" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"  /> </p>
	<p>Gender: (<input type="radio" name="gender" value="<?php if (isset($_POST['gender'])) echo $_POST['gender']; ?>Male"> Male) (<input type="radio" name="gender" value="<?php if (isset($_POST['gender'])) echo $_POST['gender']; ?>Female"> Female)</p>
	<!--<p>Date of Birth: (DD/MM/YY)<input type="date" name="udob" value="<?php if (isset($_POST['dob'])) echo $_POST['udob']; ?>"/></p> -->
	<p>Date of Birth: (Date) <select name="udobdate"><?php for ($day = 1; $day <=31; $day++) { echo "<option value=\"$day\">$day</option>\n"; } echo '</select>'; ?> (Month) <select name="udobmonth"><option value="01">January</option><option value="02">February</option><option value="03">March</option><option value="04">April</option><option value="05">May</option><option value="06">June</option><option value="07">July</option><option value="08">August</option><option value="09">September</option><option value="10">October</option><option value="11">November</option><option value="12">December</option></select> Year <select name="udobyear"><?php date_default_timezone_set('GMT'); for ($year = DATE(Y); $year >= 1900; $year--) { echo "<option value=\"$year\">$year</option>\n"; } echo '</select>'; ?>
	<p>Password: <input type="password" name="pass1" size="10" maxlength="20" value="<?php if (isset($_POST['pass1'])) echo $_POST['pass1']; ?>"  /></p>
	<p>Confirm Password: <input type="password" name="pass2" size="10" maxlength="20" value="<?php if (isset($_POST['pass2'])) echo $_POST['pass2']; ?>"  /></p>
	<p><input type="reset" name"clear" action"clear" value="clear"/> <input type="submit" name="submit" value="Register" /></p>
</fieldset>
</form>

</body>
</html>

Here's the whole script for reference. I'm 99.99999% sure I'm doing something wrong with the IF..

Link to comment
Share on other sites

Update: I fixed it with this line of code (thanks for your help again HartleySAN.

require ('../includes/mysqli_connect_dating.php'); // connect to the DB
	$errors = array(); // Initialize an error array.
	$ua = $_POST['useralias'];
	$q = "SELECT useralias from USERS where useralias='$ua'";
	$r = mysqli_query($dbc, $q);
	$rowcount = mysqli_num_rows($r);
	
	if ($rowcount == 1) {
		$errors[] = 'That screen name has already been taken';
	}
	
	$em = $_POST['email'];
	$q = "SELECT email from USERS where email='$em'";
	$r = mysqli_query($dbc, $q);
	$rowcount = mysqli_num_rows($r);
	
	if ($rowcount == 1) {
		$errors[] = 'That email address is already in use';
	}

I basically took the line that if I didn't need to nest the IF statement then I shouldn't, so the script checks to see if the password and screen name are unique. If not then it puts it into errors. 

 

How does the code look? Is there a more concise way of writing it?

Link to comment
Share on other sites

There's obviously something funky going on, so I think that further digging is required.

As a first step, I'd turn error handling on, and then start echoing lots of info to the screen to try and discover what is wrong.

I'd also start executing queries directly on the DB (as opposed through PHP), and see if you can find anything that way.

Link to comment
Share on other sites

 Share

×
×
  • Create New...