1

I have created a sign up page and it is working but I have one problem.

The page contains username, password, email, address and telephone. According to what I've reached, user can add all these requirements and can only add "username" to get a success signup I need a way to make user add all these requirements (username, password,email,address and telephone) not only add 1 requirement.

 <?php
 $con = mysql_connect("localhost","root","");
 if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

 mysql_select_db("theater", $con);

 $sql="INSERT INTO member (username, password, email, telephone, address)
 VALUES
    ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[telephone]','$_POST[address]')";

 if (!mysql_query($sql,$con))
 {
 die('Error: ' . mysql_error());
 }
 echo "records added";

 mysql_close($con);
 ?>

The signup.php page is a normal table that contains inputs username, email, password, address and telephone with a sign up button. I don't think we should use it here, no?

Songo
  • 5,618
  • 8
  • 58
  • 96
ouzoumzak
  • 95
  • 1
  • 7
  • I don't see any form validation in your code. And your script is vulnerable to SQL injection. – Antony Feb 03 '13 at 15:47
  • Remember that mysql_connect is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. – Kevin Jolan Feb 03 '13 at 15:51
  • You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Feb 03 '13 at 16:09

2 Answers2

1

You can check to see if a particular item is set and if it is, proceed.

$errors = array(); //Initialize an empty errors array.

if(!isset($_POST["username"]){
  $errors[] = "Username not set; please try again.";
}

if(!isset($_POST["email"]){
  $errors[] = "Email address not set; please try again.";
}

//If there are no errors in the $errors array (aka: every field is set):
if(empty($errors)) {
  //Query the database and whatnot.
} else {
  //Echo out the errors and demand proper values.
}
Rafay
  • 23,785
  • 4
  • 20
  • 27
0

You should try it this way to check if all the form fields are filled.

<?php
 $con = mysql_connect("localhost","root","");
 if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

 mysql_select_db("theater", $con);

if($_POST['username'] == '' || $_POST['password'] == '' || $_POST['email'] == '' || $_POST['telephone'] == '' || $_POST['address'] == '') $filled = false;
if($filled) {
 $sql="INSERT INTO member (username, password, email, telephone, address)
 VALUES
    ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[telephone]','$_POST[address]')"; } else echo 'Please fill all the fields!';

 if (!mysql_query($sql,$con))
 {
 die('Error: ' . mysql_error());
 }
 echo "records added";

 mysql_close($con);
 ?>
Alex
  • 4,674
  • 5
  • 38
  • 59
  • 1
    I think this is what i need...but unfortunately Notice: Use of undefined constant username - assumed 'username' in C:\xampp\htdocs\checksignup.php on line 10 – ouzoumzak Feb 03 '13 at 16:04
  • I updated my code and it should be fine now. It was because of some '. – Alex Feb 03 '13 at 16:08
  • Ive been trying since an hour lol Notice: Undefined variable: filled in C:\xampp\htdocs\checksignup.php on line 11 Please fill all the fields! Notice: Undefined variable: sql in C:\xampp\htdocs\checksignup.php on line 16 Error: Query was empty I think smth is wrong is in if($_POST['username'] == '' || $_POST['password'] == '' || $_POST['email'] == '' || $_POST['telephone'] == '' || $_POST['address'] == '') $filled = false; if($filled) { can you help? thnx – ouzoumzak Feb 03 '13 at 16:53