-1

Continuing from my previous post "PHP and MYSQL database connection and table creation only once", I created the registration form with the PHP code and server side validation. I’m getting some errors as stated below. i.e. all errors are occurring at the place where i try to print the errors in their respected html class “”. I've made the html "span class" text bold for easy recognition. If their is anything extra solutions for better performance of the form please let me know...

List of errors:

Notice: Undefined variable: error_name in C:\wamp\www\18+\register.php
Notice: Undefined variable: error_username in C:\wamp\www\18+\register.php
Notice: Undefined variable: error_password in C:\wamp\www\18+\register.php
Notice: Undefined variable: error_password2 in C:\wamp\www\18+\register.php
Notice: Undefined variable: error_email in C:\wamp\www\18+\register.php

Register.php

<?php
include ‘database.php';
session_start();
if (isset($_POST['submit'])) {
    $error = " ";        //Declare a null variable to store error messages  

    //validation for fullname
    if (empty($_POST['fullname'])) {
        $error_name = 'Enter Fullname...';
    } else {
        $fullname = mysql_real_escape_string(trim($_POST['fullname'])); 
    }

    //validation for username
    if (empty($_POST['username'])){
        $error_username = 'Enter Username...';
    } else {
        $username = mysql_real_escape_string(trim($_POST['username']));
    }

    //validation for password
    if(empty($_POST['password'])){
        $error_password = 'Please Enter Your Password...';
    } else {
        if (empty($_POST['password2'])) {
            $error_password2 = 'Re-enter Your Password...';
        } else {
            if(($_POST['password'])!=($_POST['password2'])){
                $error_password2 = 'Passwords Do not match...';
            } else {
                $confirm = mysql_real_escape_string(md5($_POST['password2']));
            }
        }
    }

    //validation for e-mail
    if (empty($_POST['email'])) {
        $error_email = 'Please Enter your Email ';
    } else {
        if (preg_match("//custom preg match characters", $_POST['e-mail'])) {
            //regular expression for email validation
            $email = mysql_real_escape_string($_POST['email']);
        } else {
            $error_email = 'Your E-mail Address is invalid '; 
        }
    }

    if (empty($error)) //send to Database if there's no error '
    {
        $query= "DB INSERT QUERY";
        $result = mysqli_query($dbc, $query);
        if (!$result) {
            echo 'Failed to Register Your Account...!';
        } else {
            echo 'Account Registered Successfully...!';
        }
    }   
    mysqli_close($sql);//Close the DB Connection
} 
?>

Index.php

<form action="register.php" method="post" id="user_registration">
<p id="head">Create Account</p>

<input type="text" id="fullname" name="fullname"/>
**<span class="error" id="fullname"><?php echo $error_name; ?></span>**

<input type="text" id="username" name="username"/>
<span id="availability_status"></span>
**<span class="error" id="username"><?php echo $error_username; ?></span>**

<input type="password" id="password" name="password"/> 
**<span class="error" id="password"><?php echo $error_password; ?></span>**

<input type="password" id="password2" name="password2"/>
**<span class="error" id="divCheckPasswordMatch"><?php echo $error_password2;?></span>**

<input type="email" id="email" name="email"/>
**<span class="error" id="email"><?php echo $error_email; ?></span>**

<p class="submit">
<button type="submit"id="submit" name="submit" value="Register”>Register</button>
</p>

</form>
Community
  • 1
  • 1
Charan Balse
  • 71
  • 5
  • 14
  • 2
    Please correct the quote at `include ‘database.php';`, it's blocking the rest of the code. – AyB Mar 20 '14 at 06:04
  • 1
    Curly quotes; beautiful yet *deadly*. – Funk Forty Niner Mar 20 '14 at 06:07
  • 1
    An empty string is not null ... just sayin. – Realitätsverlust Mar 20 '14 at 06:07
  • 1
    Sidenote: Using MD5 for password storage, highly **not** recommended. – Funk Forty Niner Mar 20 '14 at 06:24
  • @I Can Has Cheezburger, @ Fred -ii, @Y U NO WORK..thank you very much. Your answers solved many of my errors and helped me a lot..:) – Charan Balse Mar 20 '14 at 09:41
  • You're welcome @CharanBalse Glad to see a solution was found, cheers. Do be careful when wanting to use quotes. Maybe you are using Windows Write/Word as a text editor or copied from the Web. That could happen and will throw an error when using those "beautiful, yet deadly" curly quotes ;-) Look into using [`crypt()`](http://php.net/crypt) or PHP 5.5 [`password_hash()`](http://www.php.net/manual/en/function.password-hash.php) function for password storage. – Funk Forty Niner Mar 20 '14 at 17:27
  • @ Fred -ii, Thank U for ur precious solution, learnt a lot from those..:) – Charan Balse Mar 25 '14 at 14:22

4 Answers4

3

First of all You need to fix the quote at include ‘database.php'; to include 'database.php'; never use curly quote due to this all your code is being blocked.

Next You need to initialize all variable to null or simply ""

OR

You can check if the variable exist or not using isset() like if you want to print value of an variable $val then use this if(isset($val)) echo $val;

UPDATE

You can easily use an array to store errors: simply use like 

$error['name']='Enter Fullname...';

And to check if name error occurs use

if(isset($error['name'])){
//Its an error print error
}
  • There's also `value="Register”` for the bad quotes; don't forget that one. ;-) – Funk Forty Niner Mar 20 '14 at 06:21
  • Can i initialize all variables inside an array and then use it..? IF yes can u tell me how to do it..? plz.. – Charan Balse Mar 20 '14 at 08:27
  • Updated My answer check it out. –  Mar 20 '14 at 09:27
  • thank you very much. Your answer solved many of my errors and helped me a lot.. But rite now i'm getting the following warnings... Warning: mysqli_close() expects parameter 1 to be resource, string given in C:\wamp\www\18+\register.php – Charan Balse Mar 20 '14 at 09:37
  • and YES my dB connection object is '$connect'. I tried using it like mysqli_close($connect); but still the warning occurs.. – Charan Balse Mar 20 '14 at 09:39
  • I cant say without looking on code I will suggest you to open an new question for it –  Mar 20 '14 at 09:40
  • My database code is shown in this link below..http://stackoverflow.com/questions/22369364/php-and-mysql-database-connection-and-table-creation-only-once – Charan Balse Mar 20 '14 at 09:48
  • Seems you have made connection using mysql and using mysqli to close connection. I will suggest you to convert your code into mysqli. –  Mar 20 '14 at 13:02
0

you may need to define these variable on top of the page before using them in code something like this.

$error_name         = '';
$error_username     = '';
$error_password     = '';
$error_password2    = '';
$error_email        = '';
Ram Sharma
  • 8,676
  • 7
  • 43
  • 56
0

Put an else to your if (isset($_POST['submit']))

else { /* What if the user didn't click submit? Else is the answer */

$error_name="";
$error_username="";
$error_password="";
$error_password2="";  
$error_email="";

}
Logan Wayne
  • 6,001
  • 16
  • 31
  • 49
  • Notice: Undefined variable: fullname Notice: Undefined variable: username Notice: Undefined variable: confirm Notice: Undefined variable: email in C:\wamp\www\18+\register.php Warning: mysqli_query() [function.mysqli-query]: Couldn't fetch mysqli in C:\wamp\www\18+\register.php...these errors are occuring in the following two lines..$query= "INSERT INTO `users` ( `Name`, `Username`, `Password`, `Email`) VALUES ( '$fullname', '$username', '$confirm', '$email')"; $result = mysqli_query($connect, $query); – Charan Balse Mar 20 '14 at 12:04
-1

The problem is, you are setting the messages only if certain conditions are true. Thus, these variables are not found if those conditions aren't true. To resolve this, use isset() when displaying the errors, e.g.

<?php echo isset($error_name)?$error_name:'' ; ?>

This means check if $error_name is set, if yes display it or display nothing.

Another thing (logically) is that your code is not actually checking for the errors. The $error remains an empty string and you are checking if it is empty which will always be true. You need to either store the errors as arrays or check if all the variables are empty.

Additional:

Can u tell me how to store the errors as arrays..plz

Try this:

<?php
include 'database.php';
session_start();
if (isset($_POST['submit'])) {
    $error = array();        //<-- Declare array here 

    //validation for fullname
    if (empty($_POST['fullname'])) {
        $error['fullname'] = 'Enter Fullname...'; //<-- adding error into array
    } else {
        $fullname = mysql_real_escape_string(trim($_POST['fullname'])); 
    }

    //validation for username
    if (empty($_POST['username'])){
        $error['username'] = 'Enter Username...'; //<-- here too and so on..
    } else {
        $username = mysql_real_escape_string(trim($_POST['username']));
    }

    //validation for password
    if(empty($_POST['password'])){
        $error['password'] = 'Please Enter Your Password...';
    } else {
        if (empty($_POST['password2'])) {
            $error['password2'] = 'Re-enter Your Password...';
        } else {
            if(($_POST['password'])!=($_POST['password2'])){
                $error['password2'] = 'Passwords Do not match...';
            } else {
                $confirm = mysql_real_escape_string(md5($_POST['password2']));
            }
        }
    }

    //validation for e-mail
    if (empty($_POST['email'])) {
        $error['email'] = 'Please Enter your Email ';
    } else {
        if (preg_match("//custom preg match characters", $_POST['e-mail'])) {
            //regular expression for email validation
            $email = mysql_real_escape_string($_POST['email']);
        } else {
            $error['email'] = 'Your E-mail Address is invalid '; 
        }
    }

    if (!empty($error)) //send to Database if there's no error '
    {
        $query= "DB INSERT QUERY";
        $result = mysqli_query($dbc, $query);
        if (!$result) {
            echo 'Failed to Register Your Account...!';
        } else {
            echo 'Account Registered Successfully...!';
        }
    }   
} 
?>

Change your HTML to:

<form action="register.php" method="post" id="user_registration">
<p id="head">Create Account</p>

<input type="text" id="fullname" name="fullname"/>
<!-- checking if error message is set -->
**<span class="error" id="fullname"><?php echo isset($error['fullname'])?$error['fullname']:''; ?></span>** 

<input type="text" id="username" name="username"/>
<span id="availability_status"></span>
**<span class="error" id="username"><?php echo isset($error['username'])?$error['username']:''; ?></span>**

<input type="password" id="password" name="password"/> 
**<span class="error" id="password"><?php echo isset($error['password'])?$error['password']:''; ?></span>**

<input type="password" id="password2" name="password2"/>
**<span class="error" id="divCheckPasswordMatch"><?php echo isset($error['password2'])?$error['password2']:''; ?></span>**

<input type="email" id="email" name="email"/>
**<span class="error" id="email"><?php echo isset($error['email'])?$error['email']:''; ?></span>**

<p class="submit">
<button type="submit"id="submit" name="submit" value="Register">Register</button>
</p>

</form>

Note:

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Zoe
  • 27,060
  • 21
  • 118
  • 148
AyB
  • 11,609
  • 4
  • 32
  • 47
  • Can u tell me how to store the errors as arrays..plz – Charan Balse Mar 20 '14 at 08:30
  • @CharanBalse I've updated the answer to show how you can store error messages as one array. – AyB Mar 20 '14 at 09:09
  • thank you very much. Your answer solved many of my errors and helped me a lot.. But rite now i'm getting the following warnings... Warning: mysqli_query() expects parameter 1 to be string, resource given in C:\wamp\www\18+\register.php...&... Warning: mysqli_close() expects parameter 1 to be resource, string given in C:\wamp\www\18+\register.php – Charan Balse Mar 20 '14 at 09:19
  • @CharanBalse Have you not written a `INSERT` query in place of `$query= "DB INSERT QUERY";`? Also `mysqli_close($sql);` you need to pass the connection object. Not sure if it's `$sql`. You need to check your `database.php` to find the connection object. – AyB Mar 20 '14 at 09:23
  • This is my insert query.. but still the warning occurs...$query= "INSERT INTO `users` ( `Name`, `Username`, `Password`, `Email`) VALUES ( '$fullname', '$username', '$password2', '$email')"; – Charan Balse Mar 20 '14 at 09:24
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/50111/discussion-between-i-can-has-cheezburger-and-charan-balse) – AyB Mar 20 '14 at 09:47
  • Notice: Undefined variable: fullname Notice: Undefined variable: username Notice: Undefined variable: confirm Notice: Undefined variable: email in C:\wamp\www\18+\register.php Warning: mysqli_query() [function.mysqli-query]: Couldn't fetch mysqli in C:\wamp\www\18+\register.php...these errors are occuring in the following two lines..$query= "INSERT INTO users ( Name, Username, Password, Email) VALUES ( '$fullname', '$username', '$confirm', '$email')"; $result = mysqli_query($connect, $query); – Charan Balse Mar 20 '14 at 12:05
  • @CharanBalse Updated the answer. `if (empty($error))` should be `if (!empty($error))` (the exclamation mark saying if no errors) – AyB Mar 20 '14 at 12:29