Page 1 of 1

Registration Form Script

Posted: Tue Aug 30, 2005 3:25 pm
by ethoemmes
Hi

I am trying to use the below code to process a the data from a registration form. Basically it should do 3 things (none of which it is doing!! :? )

1. Check that the variables have been set to prevent anyone highjacking the script
2. Validate that someone has entered data in the FirstName, LastName and Email fields.
3. Append the data to my database.

Can anyone spot any obvious mistakes? I have been staring at this for toooooooo long now and as you can probably guess am a bit of a noobie when it comes to PHP.

Code: Select all

<?

include "config.php";

$table = "tblCustomer"; // database table
$ID = ''
$OldRef = 0
$Ref = 'Web'
$Title = $_POST['Title']
$FirsName = $_POST['FirstName']
$MiddleName = $_POST['MiddleName']
$LastName = $_POST['LastName']
$Organisation = $_POST['Organisation']
$Address1 = $_POST['Address1']
$Address2 = $_POST['Address2']
$Address3 = $_POST['Address3']
$City= $_POST['City']
$PostCode = $_POST['PostCode']
$State = $_POST['State']
$Country = 0 //need country ID from drop box
$Email = $_POST['Email']
$Phone = $_POST['Phone']

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

//check variable is set to prevent users typing in script name
  if (!isset($Email)) {
    header( "Location: http://www.rrbltd.com/development/regis ... orm_v1.htm" );
  }
//test if user has input values in FirstName, LastName and Email fields
  elseif (empty($FirstName]) || empty($LastName] || empty($Email])) {
    header( "Location: http://www.rrbltd.com/development/name_error.htm" );
  }
  else {

$insert = mysql_query("insert into $table values ('$ID', '$OldRef','$Ref','$Title', '$FirstName', '$MiddleName'', '$LastName', '$Organisation','$Address1', '$Address2', '$Address3', '$City', '$PostCode', '$State', $Country, '$Email', '$Phone','')", $link)
or die("Could not insert data because ".mysql_error());

mysql_close();

echo "Thank you for registering";
}

?>


TIA

Posted: Tue Aug 30, 2005 3:31 pm
by feyd
  1. you're missing many semi-colons on the early lines
  2. you really should check if the variables exist before using them: isset()

Posted: Tue Aug 30, 2005 3:35 pm
by raghavan20
do you ever know, whether there is something in $_POST array?

guys, try using

if (isset($_POST["submit_button_name"])){
if ($_POST["submit_button_name"] == $submit_button_value){
//get all post values
//process and store them
}
}

Posted: Tue Aug 30, 2005 3:43 pm
by infolock
$databsed is undefined first of all.

second of all, try telling your insert statement what fields you want to update.

third, print out the post array and see what ya got

Code: Select all

echo '<pre>';
print_r($_POST);
echo '</pre>';

this should get ya started at least.

Posted: Tue Aug 30, 2005 3:53 pm
by raghavan20
your signature

Code: Select all

eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$")
the last part "(\.[a-z]{2,3})"
I hope you are getting to the last part like .com, .biz; think this does not work for ".co.uk" - {2,3}
sometimes i feel its better we dont validate the last part or be less rigid.

Code: Select all

\.([a-z]+[a-z\.]*){3,5}

Posted: Tue Aug 30, 2005 4:16 pm
by ethoemmes
Right, I have attempted to understand your responses but I am a complete noobie so please stick with me.
you're missing many semi-colons on the early lines
I have corrected these.
you really should check if the variables exist before using them: isset()
How would I do this....
:oops:
third, print out the post array and see what ya got
PHP:
echo '<pre>';
print_r($_POST);
echo '</pre>';
I tried using this and got the following text displayed in the browser.
'; print_r($_POST); echo ''; // connect to the mysql server $link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error()); // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); //check variable is set to prevent users typing in script name if (!isset($Email)) { header( "Location: http://www.rrbltd.com/development/regis ... orm_v1.htm" ); } //test if user has input values in FirstName, LastName and Email fields elseif (empty($FirstName]) || empty($LastName] || empty($Email])) { header( "Location: http://www.rrbltd.com/development/name_error.htm" ); } else { $insert = mysql_query("insert into $table values ('$ID', '$OldRef','$Ref','$Title', '$FirstName', '$MiddleName'', '$LastName', '$Organisation','$Address1', '$Address2', '$Address3', '$City', '$PostCode', '$State', $Country, '$Email', '$Phone','')", $link) or die("Could not insert data because ".mysql_error()); mysql_close(); echo "Thank you for registering"; } ?>


Can anyone help further and once again I apologise for my ignorance when it comes to PHP...

update code

Code: Select all

<?

include "config.php";

$table = "tblCustomer"; // database table
$ID = '';
$OldRef = 0;
$Ref = 'Web';
$Title = $_POST['Title'];
$FirsName = $_POST['FirstName'];
$MiddleName = $_POST['MiddleName'];
$LastName = $_POST['LastName'];
$Organisation = $_POST['Organisation'];
$Address1 = $_POST['Address1'];
$Address2 = $_POST['Address2'];
$Address3 = $_POST['Address3'];
$City= $_POST['City'];
$PostCode = $_POST['PostCode'];
$State = $_POST['State'];
$Country = 0; //need country ID from drop box
$Email = $_POST['Email'];
$Phone = $_POST['Phone'];

PHP:
echo '<pre>';
print_r($_POST);
echo '</pre>';

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

//check variable is set to prevent users typing in script name
  if (!isset($Email)) {
    header( "Location: http://www.rrbltd.com/development/regis ... orm_v1.htm" );
  }
//test if user has input values in FirstName, LastName and Email fields
  elseif (empty($FirstName]) || empty($LastName] || empty($Email])) {
    header( "Location: http://www.rrbltd.com/development/name_error.htm" );
  }
  else {

$insert = mysql_query("insert into $table values ('$ID', '$OldRef','$Ref','$Title', '$FirstName', '$MiddleName'', '$LastName', '$Organisation','$Address1', '$Address2', '$Address3', '$City', '$PostCode', '$State', $Country, '$Email', '$Phone','')", $link)
or die("Could not insert data because ".mysql_error());

mysql_close();

echo "Thank you for registering";
}

?>
TIA

Posted: Tue Aug 30, 2005 8:54 pm
by infolock
you don't have php installed correctly...

http://www.thesitewizard.com/archive/php4install.shtml

Posted: Wed Aug 31, 2005 11:14 am
by thomas777neo
If the email is not set then it won't check the first name and last name according to your code logic.
You spelt first name in correctly in the first few lines of your code.
Don't need the "PHP:" piece of code (copy / paste error)

Posted: Wed Aug 31, 2005 3:35 pm
by infolock
the issue is he doens't even have php installed. if you'd look at the error he is reporting, his browser is outputting his php code... so, either a) he didn't install php correctly or b) he hasn't installed it at all.