1

I am new to php validation. I'm working on registration form, which will go through php script for database checking two unqiue variables ac_title and email then after checking errors. It will insert the given values in databases. The file name is formvu.php then it'll move to activate.php. I'm getting the problem that if I use 

<form name="fone" method="post" onsubmit="return validateform(fone)" action="activate.php">

form will ignore the php script and it will move to next page. Buh when I'll use this:

<form name="fone" method="post" onsubmit="return validateform(fone)" action="<?php $_SERVER['PHP_SELF']?> ">

now page it will run whole the php errors and commands.

Here is my whole php code:

<?php
    if($_SERVER["REQUEST_METHOD"] == "POST")
    {
        $nun=$_POST['account'];
        $em=$_POST['email'];
        $register="SELECT ac_title,email FROM register";
        $query=mysql_query($register);
        while ($row= mysql_fetch_array($query))
        {   
            if ($nun == $row['ac_title'])
            {
                print "<span class=\"phclass\"><br/><b>
                    Your Account Title :</b></span>"." '"."<span class=\"ahclass\"><b>$nun</b></span>"."'".
                    " <span class=\"phclass\"><b>already exsist, please choose different.</b></span><br/>";
            }

            if($em == $row['email'])
            {
                print "<span class=\"phclass\"><b><br/>Your Email:</b>
                    </span>"." "."<span class=\"phclass\"><b> $em</b></span>"."<span class=\"phclass\">
                    <b> already exsist, please visit <a href=\"resetpassword.html\">
                    Forget password</a></b></span><br/>";
            }
            if ($nun != $row['ac_title'] && $em != $row['email'])
            {
                $ac_title=$_POST['account'];
                $email=$_POST['email'];
                $pass=$_POST['pwd'];
                $fn=$_POST['fname'];
                $gd=$_POST['gender'];
                $city=$_POST['city'];
                $VID=$_POST['vuid'];
                $course=$_POST['courseid'];
                $camp=$_POST['campus'];
                $hash=md5(rand(0,1000));

                $sql="INSERT INTO register (ac_title, email, pass,fn, sex, city,
                    VID, CRS, campus, hash,activate) VALUES('$ac_title', '$email',
                    '$pass','$fn', '$gd',' $city','$VID','$course',
                    '$camp','$hash','0')";

                $inst=mysql_query($sql,$connection);

                if (!$inst)
                {   
                    print "";
                }
                else 
                {
                    echo "Succesful ";
                }
            }// if
        } // while
    } // if
?>

If the action is default page it will run whole script. I want to run whole script and move to Next page (activate.php).

Emil Sierżęga
  • 1,785
  • 2
  • 31
  • 38
M.chaudhry
  • 651
  • 1
  • 6
  • 13
  • 2
    check the [header](http://php.net/manual/en/function.header.php) function for relocating your script (please note that NOTHING can be outputted - i.e. no HTML must be written previous to your redirect) – Zathrus Writer Oct 08 '13 at 14:45
  • i checked header() it is given me error that i posted down ...means i need to post that php script before my html coding – M.chaudhry Oct 08 '13 at 14:56
  • 1
    Exactly why I put the word "NOTHING" in capitals - you're outputting HTML before calling `header()` somewhere on your page. Don't do it, move your PHP processing part ABOVE your first `` tag and use Patrick's code to redirect – Zathrus Writer Oct 08 '13 at 14:58
  • THanks Patrick and Zathrus i got it :) – M.chaudhry Oct 11 '13 at 16:31

3 Answers3

1

Do you want a redirect when it was successful? If so add this code where you echo 'successful' is:

header("Location: activate.php");
die();

See here for more information on redirects.

Community
  • 1
  • 1
Patrick
  • 922
  • 11
  • 22
  • hello thankx for answering i did that header function too but browser is givin me this error "Warning: Cannot modify header information - headers already sent by (output started at F:\xampp\htdocs\ourwork\proper pages\formvu.php:7) in F:\xampp\htdocs\ourwork\proper pages\formvu.php on line 88" – M.chaudhry Oct 08 '13 at 14:53
  • That means you have output somewhere before the header call. It can be something as simple as a space. Make sure you check that there are no spaces before your . – Patrick Oct 08 '13 at 15:03
  • error Cannot modify header information - headers already sent by (output started at F:\xampp\htdocs\ourwork\proper pages\databaseregistration.php:9) in F:\xampp\htdocs\ourwork\proper pages\formvu.php on line 52 databaseregisration.php is just mysql commands for connecting to database – M.chaudhry Oct 08 '13 at 15:24
  • Double check everything, there is an output of something somewhere. Even just a HTML tag or space will break the header() function. – Patrick Oct 08 '13 at 16:26
1

Validation is a complex issue but there are also lots of resources online to help you. This is an early hit in Google for me: http://www.sitepoint.com/form-validation-with-php/

Whilst you can add form validation using JS (which you seem to be doing), if you want it to be more secure I would recommend validating the data server-side too (PHP) and the link provided should help you here.

I realise this answer doesn't directly answer your question but if you become more familiar with simple validation techniques you probably won't have the issue in the first place.

tommyd456
  • 10,443
  • 26
  • 89
  • 163
  • yes all fields are using javascript FOr basic requirement like empty or email or password validation what i need to to CHECK THE DATABASE FOR ACOUNT TITLE AND EMAIL THEN MOVE TO INSERT THEN GOIN TO NEXT PAGE FOR ACTIVATION.(caps was for mention it properly nothing else....i ll check the link for sure) – M.chaudhry Oct 08 '13 at 15:10
  • 1
    Javascript can be bypassed easily whereas server-side validation cannot. Client side validation does have it's advantages but security isn't one of them. – tommyd456 Oct 08 '13 at 15:15
1

You should use Array by checking you email and username

use this code of my

<?php
//Start session
session_start();

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($firstname == '') {
    $errmsg_arr[] = 'First name missing';
    $errflag = true;
}
if($lastname == '') {
    $errmsg_arr[] = 'Last name missing';
    $errflag = true;
}
if($email == '') {
    $errmsg_arr[] = 'Email missing';
    $errflag = true;
}
if($username == '') {
    $errmsg_arr[] = 'Username ID missing';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}
if($cpassword == '') {
    $errmsg_arr[] = 'Confirm password missing';
    $errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
    $errmsg_arr[] = 'Passwords do not match';
    $errflag = true;
}

//Check for duplicate email
if($email != '') {
    $qry = "SELECT * FROM ".$table." WHERE email='$email'";
    $result = mysql_query($qry);
    if($result) {
        if(mysql_num_rows($result) > 0) {
            $errmsg_arr[] = 'Email have already in Using!';
            $errflag = true;
        }
        @mysql_free_result($result);
    }
    else {
        die("Query failed");
    }
}

//Check for duplicate login ID
if($login != '') {
    $qry = "SELECT * FROM ".$table." WHERE login='$login'";
    $result = mysql_query($qry);
    if($result) {
        if(mysql_num_rows($result) > 0) {
            $errmsg_arr[] = 'User-Name already in Using!';
            $errflag = true;
        }
        @mysql_free_result($result);
    }
    else {
        die("Query failed");
    }
}

//If there are input validations, redirect back to the registration form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: register-form.php");
    exit();
}

//Create INSERT query
$qry = "INSERT INTO members(firstname, lastname, email, username, password) VALUES('$firstname','$lastname','$email','$username','$password')";
$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    header("location: register-success.php");
    exit();
}else {
    die("Query failed");
}
  ?>

And also use this code at you registration from page

<?php
//Start Session
session_start();
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
    echo '<ul class="err">';
    foreach($_SESSION['ERRMSG_ARR'] as $msg) {
        echo '<li>',$msg,'</li>'; 
    }
    echo '</ul>';
    unset($_SESSION['ERRMSG_ARR']);
}
?>
Asif Uz Zaman
  • 337
  • 1
  • 14
  • 1
    Your script is good, but your codes is not comparable of this Questions codes? I hope you get the answer! – Softbazz Jul 12 '15 at 08:58