-4
if(count($_POST)>0) { /* Form Required Field Validation / foreach($_POST as $key=>$value) { 
if(empty($_POST[$key])) {
 $message = ucwords($key) . " field is required"; break; } } / Password Matching Validation */ 

if($_POST['password'] != $_POST['confirm_password']){ $message = 'Passwords should be same '; }

/* Email Validation */ if(!isset($message)) { if (!filter_var($_POST["userEmail"], FILTER_VALIDATE_EMAIL)) { $message = "Invalid UserEmail"; }

}

/* Validation to check if gender is selected */ if(!isset($message)) { if(!isset($_POST["gender"])) { $message = " Gender field is required"; } }

if(!isset($message)) { require_once("dbcontroller.php"); $db_handle = new DBController();

$query = "INSERT INTO users (username, name, last_name, gender, BirthMonth, BirthDay, BirthYear, Country, email, password, phone) VALUES ('" . $_POST["userName"] . "', '" . $_POST["name"] . "', '" . $_POST["lastName"] . "', '" .$_POST["gender"] . "', '" . $_POST["BirthMonth"] . "', '" . $_POST["BirthDay"] . "' , '" . $_POST["BirthYear"] ."','". $_POST["Country"] ."', '" . $_POST["userEmail"]. "','" . $_POST["password"]. "','".$_POST["Phone"]. "')"; $result = $db_handle->insertQuery($query);

Edit: Format the code to visib;e errors better. Thanks in advance to anyone who answers.

vimuth
  • 5,064
  • 33
  • 79
  • 116
chanter rainey
  • 3
  • 2

3 Answers3

0

Email Validation: Apart from checking for common symbols like '@' and alpha-numeric, you must also check for white spaces/tabs in start and most importantly convert the incoming input using htmlspecialchars() as:

function reduceInput($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

Call the reduceInput() function on $_POST['userEmail'] and then use your filter_var() funciton to validate it.

Rahul Bharadwaj
  • 2,555
  • 2
  • 18
  • 29
0

I understand you mean not to pass exploiting strings to database? You don't have to validate these values for that. There is a php function which will pass the strings safely to your database. That's it:

mysqli_real_escape_string($mysqli_object, $_POST['userName']);

But if you'd like to validate your email and username, do this:

if (ctype_alnum($nick)==false) exit(0);// this makes your nick can only contain letters and numbers
$emailB = filter_var($email, FILTER_SANITIZE_EMAIL);//this sanitizes your email
if ((filter_var($emailB, FILTER_VALIDATE_EMAIL)==false) || ($emailB!=$email)) exit(0);//this validates your email
Excalibur
  • 151
  • 3
  • 9
0

you want to check that your email is exit in database then use this code. add this code after this line . 

/* Email Validation */ if(!isset($message)) { if(!filter_var($_POST["userEmail"], FILTER_VALIDATE_EMAIL))
 { $message = "Invalid UserEmail"; }

  }

your db connection need to connect for this so first connect this

require_once("dbcontroller.php"); $db_handle = new DBController();

hope your connection is ok so this code will check 

<?php

$sql = "SELECT anyfiled FROM yourtable WHERE email = " .$_POST['userEmail'];
$select = mysqli_query($con, $sql);
$row = mysqli_fetch_assoc($select);

 if (mysqli_num_rows($select) > 0) {
 $message = "exist";
 }
 ?>
Shafiqul Islam
  • 5,570
  • 2
  • 34
  • 43
  • so where will i put this code? should i create a new php file for that? – chanter rainey Mar 23 '17 at 07:37
  • $sql = "SELECT anyfiled FROM yourtable WHERE email = " .$_POST['userEmail']; $select = mysqli_query($con, $sql); $row = mysqli_fetch_assoc($select); if (mysqli_num_rows > 0) { message = "exist"; } i put this code after the line email validation.now it says , unexpected '=' in C:\xampp\htdocs\final\register.php on line 35 – chanter rainey Mar 23 '17 at 07:56
  • please check now – Shafiqul Islam Mar 23 '17 at 08:44