0

I'm new to PHP. I am building a registration page. When I submit a button it inserts into the database, that's okay. But when I like to redirect when all the fields are filled its not redirecting. I have also used the header().

While using header() it just redirects but not considering about the validation. Also empty fields are submitting. I just wanted to validate the form, after it gets validated then the submit button working then storing and redirecting to the next page, in my case its "sucess.php".

Here is code:

<html>
<head>
<title>Register</title>
<style>
.error{color:blue}
</style>
</head>
<body>
<?php

     $link=mysqli_connect("localhost","root","","all");
        if(!link){echo "not connected";}
$query=mysqli_query($link,"insert into test(name,email,gender,password,cpassword)values('$_POST[name]','$_POST[email]','$_POST[gender]','$_POST[password]','$_POST[cpassword]')");

     $nameErr=   $emailErr= $genderErr= $passwordErr= $cpasswordErr="";
     $name= $email= $gender= $password= $cpassword="";

 if($_SERVER['REQUEST_METHOD']=="POST")
 {
     if (empty($_POST['name']))
     {
         $nameErr="Name required";
     }
     else
     {
         $name=test($_POST['name']);
     }



     if (empty($_POST["email"]))
     {
         $emailErr="Email required";
     }
     else
     {
         $email=test($_POST['email']);
     }
     if(!filter_var($email,FILTER_VALIDATE_EMAIL))
     {
         $emailErr="Invald Email";
     }

     if (empty($_POST["password"]))
     {
         $passwordErr="Password required";
     }
     else
     {
         $password=test($_POST['password']);
     }
     if (empty($_POST["cpassword"]))
     {
         $cpasswordErr="cpassword required";
     }
     else
     {
         $cpassword=test($_POST['cpassword']);
     }
}


function test($valid)
 {
     $valid=trim($valid);
     $valid=stripslashes($valid);
     $valid=htmlspecialchars($valid);
     return $valid;
 }  
 if(test($valid)==true)
 {
    header("location:Sucess.php");
}
{
else "sorry";
}
?>

<p><span class="error">*Required</span></p>
<form method="POST" action=""><?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>>
Name:<input type="text" name="name" value="<?php echo $name;?>"><span class="error">*<?php echo $nameErr;?></span><br><br>
Email:<input type="text" name="email" value="<?php echo $email;?>"><span class="error">*<?php echo $emailErr;?></span><br><br>
Gender<input type="radio" name="gender" value="female">Female<span class="error">*<?php if(isset($gender)&&$gender=="female"){ echo "checked";}?></br></span>
<input type="radio" name="gender" value="male">Male<span class="error">*<?php if(isset($gender)&&$gender=="male"){echo "checked";}?></br></span>
Password:<input type="password"  name="password" value="<?php echo $password;?>"><span class="error">*<?php echo $passwordErr;?></span><br><br>
Confirm Password:<input type="password" name="cpassword" value="<?php echo $cpassword;?>"><span class="error">*<?php echo $cpasswordErr;?></span><br><br>
<?php if($password!==$cpassword){echo "<b><u>password doesnot match<u><b>";}?><input type="submit" name="submit" value="SubmiT">
</form>
</body>
</html>
halfer
  • 19,824
  • 17
  • 99
  • 186
The Keeper
  • 429
  • 7
  • 16
  • A `header()` statement will only work if it is run BEFORE any data is sent to the browser. Yours is coded after you send info to the browser on line 1,2,3,4,..... Headers as the name implies must be sent before anything else – RiggsFolly Feb 02 '17 at 01:59
  • If you look in yur php error log it will be giving an error message to that effect – RiggsFolly Feb 02 '17 at 02:00
  • You need to set the form action to the path of the file that will handle the form – Jack Vial Feb 02 '17 at 02:01
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Feb 02 '17 at 02:01
  • @Jack It will default to _This script_ But I agree it would not hurt – RiggsFolly Feb 02 '17 at 02:02
  • I kinda still dont know what to do.. could you clear me whats the problem with my code please.. – The Keeper Feb 02 '17 at 02:21
  • only one is working.. if validation works no redirecting and vice-versa. Please help me out with that. – The Keeper Feb 02 '17 at 02:33
  • Ashok, if you are posting using a mobile phone, you may find it easier to observe usual writing rules (in particular upper case letters) if you use a laptop or desktop computer. Please note that Stack Overflow is not a traditional forum - we ask here that effort is made to make posts as readable as possible here, and written in a way that will be useful for future readers. Thank you. – halfer Feb 18 '17 at 21:17

0 Answers0