Registration Form Script
Posted: Tue Aug 30, 2005 3:25 pm
Hi
I am trying to use the below code to process a the data from a registration form. Basically it should do 3 things (none of which it is doing!!
)
1. Check that the variables have been set to prevent anyone highjacking the script
2. Validate that someone has entered data in the FirstName, LastName and Email fields.
3. Append the data to my database.
Can anyone spot any obvious mistakes? I have been staring at this for toooooooo long now and as you can probably guess am a bit of a noobie when it comes to PHP.
TIA
I am trying to use the below code to process a the data from a registration form. Basically it should do 3 things (none of which it is doing!!
1. Check that the variables have been set to prevent anyone highjacking the script
2. Validate that someone has entered data in the FirstName, LastName and Email fields.
3. Append the data to my database.
Can anyone spot any obvious mistakes? I have been staring at this for toooooooo long now and as you can probably guess am a bit of a noobie when it comes to PHP.
Code: Select all
<?
include "config.php";
$table = "tblCustomer"; // database table
$ID = ''
$OldRef = 0
$Ref = 'Web'
$Title = $_POST['Title']
$FirsName = $_POST['FirstName']
$MiddleName = $_POST['MiddleName']
$LastName = $_POST['LastName']
$Organisation = $_POST['Organisation']
$Address1 = $_POST['Address1']
$Address2 = $_POST['Address2']
$Address3 = $_POST['Address3']
$City= $_POST['City']
$PostCode = $_POST['PostCode']
$State = $_POST['State']
$Country = 0 //need country ID from drop box
$Email = $_POST['Email']
$Phone = $_POST['Phone']
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
//check variable is set to prevent users typing in script name
if (!isset($Email)) {
header( "Location: http://www.rrbltd.com/development/regis ... orm_v1.htm" );
}
//test if user has input values in FirstName, LastName and Email fields
elseif (empty($FirstName]) || empty($LastName] || empty($Email])) {
header( "Location: http://www.rrbltd.com/development/name_error.htm" );
}
else {
$insert = mysql_query("insert into $table values ('$ID', '$OldRef','$Ref','$Title', '$FirstName', '$MiddleName'', '$LastName', '$Organisation','$Address1', '$Address2', '$Address3', '$City', '$PostCode', '$State', $Country, '$Email', '$Phone','')", $link)
or die("Could not insert data because ".mysql_error());
mysql_close();
echo "Thank you for registering";
}
?>TIA