-1

So I am learning PHP and i have a registration form that i am starting to add validation I have a registration form that takes you to this page here in which i am creating session varibales for each error but I am struggling to echo back the error to the user.

if(isset($_POST['submit'])) 
{
    if(preg_match("/^[a-zA-Z ]*$/", $Firstname))
    {
        if (preg_match("/^[a-zA-Z ]*$/", $LastName))
        {
            $query ="
            INSERT INTO Users
            (Firstname, Lastname, Email, Username, Age, Password)
            VALUES 
            ('$Firstname','$Lastname','$Email','$Username', '$Age', '$HashedPassword')";
            mysqli_query($Connection,$query);
            header("Location: Home.php");
        }
        else
        {
            $_SESSION['ErrorLastname']='Firstname must contain only letters and white space';
            echo $_SESSION['ErrorLastname'];
            header("Location: {$_SERVER['HTTP_REFERER']}");
        }
    }
    else
    {
        $_SESSION['ErrorFirstname']='Firstname must contain only letters and white space';
        echo $_SESSION['ErrorFirstname'];

        header("Location: {$_SERVER['HTTP_REFERER']}");
Deeroy
  • 303
  • 5
  • 16
  • 1
    Have you firstly used `session_start()` ? Is error reporting enabled ? If so, are you getting any errors? – Jaquarh Dec 11 '18 at 23:45
  • 3
    `header('Location: ..');` is going to send the user to another page without them seeing the error when you `echo` it. I suggest showing this message on the page you're sending them too, you can use `isset()` to check for errors in the `$_SESSION`. Try `var_dump($_SESSION)` to see if it is in there. – Jaquarh Dec 11 '18 at 23:48
  • Yeah i have started session validation does work as it stops from inserting into in a database but I don't know how to display the error back to the user – Deeroy Dec 11 '18 at 23:48

1 Answers1

0

Here is an efficient way of doing this, there is nothing wrong with your code. However, header(Location: ...) is redirecting your script to another page before you're able to see the output of echo $_SESSION[...]

session_start();

# Build a configuration of data to error

$config = array(
    'forname' => (object) array(
        'value' => $Firstname,
        'onError' => function() {
            $_SESSION['error'] = 'Forname must contain only letters and white space.';
            header("Location: {$_SERVER['HTTP_REFERER']}");
            exit;
        },
    ),
    'surname' => (object) array(
        'value' => $Lastname,
        'onError' => function() {
            $_SESSION['error'] = 'Surname must contain only letters and white space.';
            header("Location: {$_SERVER['HTTP_REFERER']}");
            exit;
        },
     ),
);

if(isset($_POST['submit'])) {

    # Loop through each data and validate

    foreach($config as $arg)
        if(!preg_match("/^[a-zA-Z ]*$/", $arg->value)
            $arg->onError();

    # Suggestion: Use prepared statements!
    # Execute query if all data is validated

    $query ="INSERT INTO Users
            (Firstname, Lastname, Email, Username, Age, Password)
            VALUES 
            ('$Firstname','$Lastname','$Email','$Username', '$Age', '$HashedPassword')";

    mysqli_query($Connection,$query);

    header("Location: Home.php");
    exit;
}

In your previous page, or where ever this request is coming from. You can display the error message to the user by doing this:

session_start();

if(isset($_SESSION['error'])) echo $_SESSION['error'];
Jaquarh
  • 6,493
  • 7
  • 34
  • 86