RSS Get a PHP Job Submit an article Shop for clothes and other merchandise Home page English German Spanish French Italian Portuguese Russian Japanese Korean Traditional Chinese Simplified Chinese Arabic
Login |  Register 
Your open source Rocks PHP Library has really made developing PHP easier!
Alan
| Patterns | Error Handling | PHP Code Structures | Programming Techniques |
 

Quick Form Verification

In the hopes of a free sub I decided to post an article for a PHP code on user input validation, as for sign up pages. So lets get started.  First we check for connection:

<?php

$con = mysql_connect("localhost", "your_user", "your_pass");
if (!$con)
{
 echo "<h2>Sorry, we can not process your request at this time, please try again later</h2><br/>n";
 echo "<a href="index.php?content=register">Try again</a><br>n";
 echo "<a href="index.php">Return to Home</a>n";
 exit;
}

If this is not true we will redirect them with a couple hyperlinks. If true we continue and set some variables.

mysql_select_db("grandma_recipe", $con) or die('Could not connect to database');

$userid = $_POST['userid'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$fullname = $_POST['fullname'];
$email = $_POST['email'];
$baduser = 0;

<p>Everything is grabbed via $_post method from user input. Next we will check it</p>
<code>
// Check if userid was entered

if (trim($userid) == '')
{
 echo "<h2>Sorry, you must enter a user name.</h2><br>n";
 echo "<a href="index.php?content=register">Try again</a><br>n";
 echo "<a href="index.php">Return to Home</a>n";
 $baduser = 1;
}

//Check if password was entered

if (trim($password) == '')
{
 echo "<h2>Sorry, you must enter a password.</h2><br/>n";
 echo "<a href="index.php?content=register">Try again</a><br>n";
 echo "<a href="index.php">Return to Home</a>n";
 $baduser = 1;
}

//Check if password and confirm password match

if ($password != $password2)
{
 echo "<h2>Sorry, the passwords you entered did not match.</h2><br>n";
 echo "<a href="index.php?content=register">Try again</a><br>n";
 echo "<a href="index.php">Return to Home</a>n";
 $baduser = 1;
}

//Check if userid is already in database

$query = "SELECT userid from users where userid = '$userid'";
$result = mysql_query($query);
$row = mysql_fetch_array($result, MYSQL_ASSOC);
if ($row['userid'] == $userid)
{
 echo "<h2>Sorry, that user name is already taken.</h2><br>n";
 echo "<a href="index.php?content=register">Try again</a><br>n";
 echo "<a href="index.php">Return to Home</a>n";
 $baduser = 1;
}

//check for correct email parameters

if (trim($email) == (!eregi("^[_a-zA-Z0-9-]+(.[_a-zA-Z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,6})$",$email))) {
{
 echo "<h2>That is not a valid email!</h2></br>n";
 echo "<a href="index.php?content=register">Try again</a><br>n";
 echo "<a href="index.php">Return to Home</a>n";
 $baduser = 1;
}

Now that the data has passed our tests we can enter it into our db, Also start the users session.

if ($baduser != 1)
{
 //Everything passed, enter userid in database
 
 $query = "INSERT into users VALUES ('$userid', PASSWORD('$password'), '$fullname', '$email')";
 $result = mysql_query($query) or die('Sorry, we are unable to process your request.');
 
 if ($result)
 {
  $_SESSION['valid_recipe_user'] = $userid;
  echo "<h2>Your registration request has been approved and you are now logged in!</h2>n";
  echo "<a href="index.php">Return to Home</a>n";
  exit;
 }
 else
 {
  echo "<h2>Sorry, there was a problem processing your login request</h2><br>n";
  echo "<a href="index.php?content=register">Try again</a><br>n";
  echo "<a href="index.php">Return to Home</a>n";
 }
}

Many more methods can be used to validate user input, which is very important. This should be a starting guide to build on for better security.


No comments have been provided.
security image
Written by Jonathan Teel
Last Updated: 2011-10-25 16:00:38
Bookmark us | Facebook | Twitter | Website terms | FAQs | Ezine | About us | Contact us
Validated PHP Developer
© Copyright PHP Rocks! - 2012