Inserting data from form

Question

I am fairly new to PHP and I am reading thru Learning PHP, MySQL, JavaScript & CSS 2nd edition by Robin Nixon. I am working through a script to insert username and password into a database. The book says to enter code to insert data from form fields. I tried to do that (between the /* / ) but the query gives me errors. Also when I omit the query there are no errors. When I put the query in, an error shows at the javascript right after the comments in the / */.

<?php // adduser.php
require_once 'login.php';


$forename = $surname = $username = $password = $age = $email = "";

if (isset($_POST['forename']))
$forename = fix_string($_POST['forename']);
if (isset($_POST['surname']))
$surname = fix_string($_POST['surname']);
if (isset($_POST['username']))
$username = fix_string($_POST['username']);
if (isset($_POST['password']))
$password = fix_string($_POST['password']);
if (isset($_POST['email']))
$email = fix_string($_POST['email']);

$fail  = validate_forename($forename);
$fail .= validate_surname($surname);
$fail .= validate_username($username);
$fail .= validate_password($password);
$fail .= validate_age($age);
$fail .= validate_email($email);

echo "<html><head><title>An Example Form</title>";

if ($fail == "") {
echo "</head><body>Form data successfully validated: $forename,
    $surname, $username, $password, $age, $email.</body></html>";

/*      require_once 'login.php';
$db_server = mysqli_connect($db_hostname, $db_username, $db_password, 
            $db_database) or die('Error connecting to MySQL server.');


$forename = mysqli_real_escape_string(db_server, trim($_POST['forename']));
$surname = mysqli_real_escape_string(db_server, trim($_POST['surname']));
$username = mysqli_real_escape_string(db_server, trim($_POST['username']));
$password = mysqli_real_escape_string(db_server, trim($_POST['password']));
$email = mysqli_real_escape_string(db_server, trim($_POST['email'])); 

$query = "INSERT INTO users VALUES" . "('$forename', '$surname', ". 
        "'$username', '$password', '$email');
$result = mysqli_query($db_server, $query); ". 
    "or die('Error querying database.');

mysqli_close($db_database);   */    


exit;

}



echo <<<_END


<style>.signup { border: 1px solid #999999;
font: normal 14px helvetica; color:#444444; }</style>
<script type="text/javascript">
function validate(form)
{
fail  = validateForename(form.forename.value)
fail += validateSurname(form.surname.value)
fail += validateUsername(form.username.value)
fail += validatePassword(form.password.value)
fail += validateEmail(form.email.value)
if (fail == "") return true
else { alert(fail); return false }
}
</script></head><body>
<table class="signup" border="0" cellpadding="2"
cellspacing="5" bgcolor="#eeeeee">
<th colspan="2" align="center">Signup Form</th>

<tr><td colspan="2">Sorry, the following errors were found<br />
in your form: <p><font color=red size=1><i>$fail</i></font></p>
</td></tr>

<form method="post" action="adduser.php"
onSubmit="return validate(this)">
 <tr><td>Forename</td><td><input type="text" maxlength="32"
name="forename" value="$forename" /></td>
</tr><tr><td>Surname</td><td><input type="text" maxlength="32"
name="surname" value="$surname" /></td>
</tr><tr><td>Username</td><td><input type="text" maxlength="16"
name="username" value="$username" /></td>
</tr><tr><td>Password</td><td><input type="text" maxlength="12"
name="password" value="$password" /></td>
</tr><tr><td>Age</td><td><input type="text" maxlength="3"
name="age" value="$age" /></td>
</tr><tr><td>Email</td><td><input type="text" maxlength="64"
name="email" value="$email" /></td>
</tr><tr><td colspan="2" align="center">
<input type="submit" value="Signup" /></td>
</tr></form></table>



<script type="text/javascript">
function validateForename(field) {
if (field == "") return "No Forename was entered.\\n"
return ""
}

function validateSurname(field) {
if (field == "") return "No Surname was entered.\\n"
return ""
}

function validateUsername(field) {
if (field == "") return "No Username was entered.\\n"
else if (field.length < 5)
    return "Usernames must be at least 5 characters.\\n"
else if (/[^a-zA-Z0-9_-]/.test(field))
    return "Only letters, numbers, - and _ in usernames.\\n"
return ""
}

function validatePassword(field) {
if (field == "") return "No Password was entered.\\n"
else if (field.length < 6)
    return "Passwords must be at least 6 characters.\\n"
else if (! /[a-z]/.test(field) ||
         ! /[A-Z]/.test(field) ||
         ! /[0-9]/.test(field))
    return "Passwords require one each of a-z, A-Z and 0-9.\\n"
return ""
}

function validateAge(field) {
if (isNaN(field)) return "No Age was entered.\\n"
else if (field < 18 || field > 110)
    return "Age must be between 18 and 110.\\n"
return ""
}

function validateEmail(field) {
if (field == "") return "No Email was entered.\\n"
    else if (!((field.indexOf(".") > 0) &&
               (field.indexOf("@") > 0)) ||
               /[^a-zA-Z0-9.@_-]/.test(field))
    return "The Email address is invalid.\\n"
return ""
}
</script></body></html>
_END;


function validate_forename($field) {
if ($field == "") return "No Forename was entered<br />";
return "";
}

function validate_surname($field) {
if ($field == "") return "No Surname was entered<br />";
return "";
}

function validate_username($field) {
if ($field == "") return "No Username was entered<br />";
else if (strlen($field) < 5)
    return "Usernames must be at least 5 characters<br />";
else if (preg_match("/[^a-zA-Z0-9_-]/", $field))
    return "Only letters, numbers, - and _ in usernames<br />";
return "";      
}

function validate_password($field) {
if ($field == "") return "No Password was entered<br />";
else if (strlen($field) < 6)
    return "Passwords must be at least 6 characters<br />";
else if (!preg_match("/[a-z]/", $field) ||
         !preg_match("/[A-Z]/", $field) ||
         !preg_match("/[0-9]/", $field))
    return "Passwords require 1 each of a-z, A-Z and 0-9<br />";
return "";
}

function validate_email($field) {
if ($field == "") return "No Email was entered<br />";
    else if (!((strpos($field, ".") > 0) &&
               (strpos($field, "@") > 0)) ||
                preg_match("/[^a-zA-Z0-9.@_-]/", $field))
    return "The Email address is invalid<br />";
return "";
}

function fix_string($string) {
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return htmlentities ($string);
}
?>

Answer 1

/* and */ are the operators for inserting block comments, try removing them and running the script

Also, what does the error say?

EDIT:

The error you are receiving is caused by you not closing off your PHP code with a ?> tag, meaning the server is attempting to read the preceding JavaScript code as PHP code.

You should still omit the comment operators /**/ as these will cause the code inside to not be executed by the server.