Right now, when I register new user which should not trigger this condition
the notice come out
below is my code
Code: Select all
<?php
$server="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="test_db"; // Database name
$tbl_name="test"; // Table name
//Connect to server
mysql_connect("$server", "$username", "$password")or die("cannot connect to server");
//Connect to database
mysql_select_db("$db_name")or die("cannot select database");
if(isset($_POST['register']))
{
//USERNAME CHECKING
if(!$_POST['username'])
{
die('Username is empty');
}
//check for invalid character
$invalid=array('.',',','/','\\',"'",';','[',']','-','_','*','&','^', '%','$','#','@','!','~','+','(',')','|','{','}','<','>','?',':','"','=');
//length of username
$length = strlen($_POST['username']);
//replace invalid characters
$_POST['username'] = str_replace($invalid, '', $_POST['username']);
$test = $_POST['username'];
//if lenghts are different ($len smaller), invalid characters found, so prompt error.
if(strlen($test) != $length)
{
die('Username Error: Username contained invalid characters. You can only use A-Z, 0-9 and the underscore (_).');
}
This part is the one for name checking
Code: Select all
//check for unique name
$check1 = mysql_query("SELECT * FROM $tbl_name WHERE username= '".$_POST['username']."'");
// for SELECT statements mysql_query will return false if the query fails.
if (!$check1) { echo 'An error has occured'; }
$check2 = mysql_fetch_object($check1);
if($check2->username == $_POST['username'])
{
die('Sorry but username "'.$check2->username.'" is taken');
}
Code: Select all
//PASSWORD CHECKING
if(!$_POST['password'])
{
die('Error: Password field was blank');
}
if(!$_POST['verifypassword'])
{
die('Error: Verify Password field was blank.');
}
if($_POST['password'] != $_POST['verifypassword'])
{
die('Error: The passwords do not match.');
}
if(strlen($_POST['password']) < 6 )
{
die('Error: Your password is too short. Must be 6 or more characters in length.');
}
//EMAIL CHECKING
if(!$_POST['email'])
{
die('Error: Email field was blank');
}
//check for invalid character
$emailinvalid=array(',','/','\\',"'",';','[',']','-','_','*','&','^', '%','$','#','!','~','+','(',')','|','{','}','<','>','?',':','"','=');
//length of username
$emaillength = strlen($_POST['email']);
//replace invalid characters
$_POST['email'] = str_replace($emailinvalid, '', $_POST['email']);
$emailcheck = $_POST['email'];
//if lenghts are different ($len smaller), invalid characters found, so prompt error.
if(strlen($emailcheck) != $emaillength)
{
die('Email Error: Email contained invalid characters.');
}
$insertuser="INSERT INTO $tbl_name (username, password,email) VALUE('".$_POST['username']."','".md5($_POST['password'])."','".$_POST['email']."')";
$insertuser2=mysql_query($insertuser);
if(!$insertuser2)
{
die(mysql_error());
}
echo "Registration Succesful";
}
else
{
}
?>