0

I am designing a sign up form with PHP PDO for user to insert there information, which will then be uploaded to database through PHPMyAdmin all within the same PHP webpage.

With this it works, and the validation work. but the problem I am having is that even when there is a validation error for example all the fields are blank, after the user hits "Submit". The form still goes through and then inserts a blank row into the database.

I can't see why the form insert the information to database, even if there is an error.

<?php
    ini_set("display_errors", 1);
    error_reporting(E_ALL);

        // First we execute our common code to connection to the database and start the session 
        require("common.php");

        $usernameErr = $emailErr = $passwordErr = $password1Err = "";
        $username = $email = $password = "";

        ///////////////////////////////////////////////////////////////////

        if(!empty($_POST)) 
        { 
        $usernamePOST = $_POST['username'];
        $emailPOST = $_POST['email'];
        $passwordPOST = $_POST['password'];
        $password1POST = $_POST['password1'];

            // Email validation

            if (empty($_POST["email"])) {
             $emailErr = "<p class='errorm'>Email is required</p>";
           } else {
             $email = test_input($_POST["email"]);
             // check if e-mail address is well-formed
             if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
               $emailErr = "<p class='errorm'>Invalid email format</p>";
             }
           }

           //if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
                //echo "<p class='errorm'>Please enter a valid email address</p>";
            //}

            ///////////////////////////////////////////////////////////////////

            // Username validation

            // Make sure the user entered a username 
            if (strlen($username) <= 6){
                $usernameErr = "<p class='errorm'>Choose a Username longer then 7 characters</p>";
            }

            if (empty($_POST["username"])) {
             $usernameErr = "<p class='errorm'>Username is required</p>";
           } else {
             $username = test_input($_POST["username"]);
             // check if name only contains letters and whitespace
             if (!preg_match("/^[a-zA-Z ]*$/",$username)) {
               $usernameErr = "<p class='errorm'>Only letters allowed</p>";
             }
           }

            ///////////////////////////////////////////////////////////////////

            // Password validation
           if (empty($_POST["password"])) {
             $passwordErr = "<p class='errorm'>Password is required</p>";
           } else {
             $password = test_input($_POST["password"]);
           }

           // Password match
            if ($_POST["password"] != $_POST["password1"]){
                $password1Err = "<p class='errorm'>Passwords in both fields, don't match</p>";
            }

            // Password length
            if (strlen($password) <= 5){
                $passwordErr = "<p class='errorm'>Choose a Password longer then 6 characters</p>";
            }

            ///////////////////////////////////////////////////////////////////

            function test_input($data) 
            {
               $data = trim($data);
               $data = stripslashes($data);
               $data = htmlspecialchars($data);
               return $data;
            }

            ///////////////////////////////////////////////////////////////////

        if(!isset($error)){
        //no error
        $sthandler = $db->prepare("SELECT username FROM users WHERE username = :username");
        $sthandler->bindParam(':username', $username);
        $sthandler->execute();

        if($sthandler->rowCount() > 0){
            header("refresh:10;url=index.php" );
            echo "<p>Sorry, this Username already exists<p>";
            echo '<p>You\'ll be redirected back to the Register page in about 10 secs. If this does not happen, please click <a href="index.php">here</a></p>';
            //$errmsg_arr[] = "Username Already Exists";
            //$errflag = true;
        } else {
            //Securly insert into database
            $sql = 'INSERT INTO users (username, email, password) VALUES (:username,:email,:password)';
            $query = $db->prepare($sql);
            $query->execute(array(
            ':username' => $_POST['username'], ':email' => $_POST['email'], ':password' => $_POST['password']));

            }
        }
    }
?>
Improve this question

1 Answer 1

Reset to default
1

You have not intiated $error variable anywhere. and if validation error occurs not also flagged it anywhere You have to do something like this

$error = false;
if(! check email fails)
  $error = true.

and so on for all fields. and when inserting row check the error variable set to true

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you that made it work, did not notice I did not have this, thanks agian

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.