I am new to PHP, just been learning over the last few weeks. I have made a slightly modified version of a script in the book PHP6 and MySQL 5 by Larry Ullman. It is a page that is intended to register new users. Everything works fine except if there is an error when actually applying the query, I want to terminate the script and leave what I have already output on there, if that makes any sense. I intentionally put a mis-spelling in there to trigger an error (birst_name).This works properly in Chrome, but in Firefox it displays as it should briefly, then almost instantly refreshes the page. Is this a bug, or is there another way to do this that will be more consistent across browsers? Also, if anyone else sees any other issues such as security risks in my code, please let me know. I would probably do some more strict filtering of the form entries, but I don't really know what to filter out at this point. I'm sure it will be covered more further in this book.
Code: Select all
<?php
$page_title = 'Register';
include_once ('includes/header.html');
// Check to see if a form has been submitted yet
if (isset($_POST['submitted'])) {
// The user has submitted a form, check to see if all items are proper
// Initialize an array to store all problems that arise
$errors = array();
if (empty($_POST['first_name'])) {
$errors[] = 'You did not enter a first name.';
$first_name = NULL;
} else {
$first_name = trim($_POST['first_name']);
}
if (empty($_POST['last_name'])) {
$errors[] = 'You did not enter a last name.';
$last_name = NULL;
} else {
$last_name = trim($_POST['last_name']);
}
if (empty($_POST['email'])) {
$errors[] = 'You did not enter an email address.';
$email = NULL;
} else {
$email = trim($_POST['email']);
}
if (empty($_POST['pass1'])) {
$errors[] = 'You did not enter a password.';
$pass1 = NULL;
} else {
$pass1 = trim($_POST['pass1']);
}
if (empty($_POST['pass2'])) {
$errors[] = 'You did not confirm your password.';
$pass2 = NULL;
} else {
$pass2 = trim($_POST['pass2']);
}
// They entered 2 passwords, check and make sure they match
if ($pass1 && $pass2) {
if ($pass1 != $pass2) {
$errors[] = 'Your passwords did not match.';
$pass1 = NULL;
$pass2 = NULL;
} else {
$pass = $pass1;
}
}
// If there were no errors in the submission, register the user in the database
if (empty($errors)) {
// Connect to the database
require_once('../mysqli_connect.php');
// Put together the query
$query = "INSERT INTO users
(birst_name, last_name, email, pass, registration_date) VALUES
('$first_name', '$last_name', '$email', SHA1('$pass'), NOW() )";
// Run the query
$result = @mysqli_query($dbc, $query);
// If the query ran successfully
if ($result) {
echo '
<h1>Thank you!</h1>
<p>
You are now registered.
</p>
<p><br /></p>
';
}
// There was a problem with the query
else {
echo '
There was a system error while trying to register you. This error has been logged and the site manager has been notified. The issue will be resolved as quickly as possible. We apologize for the inconvenience.
';
$error_message = 'MySQLi Error: ' . mysqli_error($dbc)
. '\n Query: ' . $query;
error_log($error_message, 3, 'error_log.txt');
// notify somebody?
}
// Whether or not the submission was successful, we now want to close the
// database connection and prevent the form from showing again
mysqli_close($dbc);
include_once('includes/footer.html');
exit();
}
// There were errors in the user's form, display the errors and the form again
else {
echo '
<h1>Error!</h1>
<p class="error">
The following error(s) occurred:<br />';
foreach ($errors as $e) {
echo " - $e<br />\n";
}
echo '
</p>
<p>
Please try again.
</p>
<p><br /></p>
';
}
} // end if (isset($_POST['submitted']))
// The user has not submitted a form, or had errors in their submission
// display form and populate with any valid values they entered previously
?>
<form action="" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="20" value="<?php if(isset($first_name)) {echo $first_name;} ?>" /></p>
<p>Last Name:<input type="text" name="last_name" size="15" maxlength="40" value="<?php if (isset($last_name)) {echo $last_name;} ?>" /></p>
<p>Email Address: <input type="text" name="email" size="20" maxlength="80" value="<?php if (isset($email)) {echo $email;} ?>" /></p>
<p>Password: <input type="password" name="pass1" size="10" maxlength="20" value="<?php if (isset($pass1)) {echo $pass1;} ?>"/></p>
<p>Confirm Password: <input type = "password" name="pass2" size="10" maxlength="20" value="<?php if (isset($pass2)) {echo $pass2;} ?>" />
<p><input type="submit" name="submit" value="Register" /></p>
<p><input type="hidden" name="submitted" value="TRUE" /></p>
</form>
<?php
include_once('includes/footer.html');
?>