I am creating a form/script for a public user to register for classes at a small studio. It will be a four form proccess, the first will be the students info, followed by the parents info, then the class info they're siging up for and then the payment info.
on the first form I want to check the DB for the user's first_name, last_name, and their dob. (those are the names of the fields in my DB).
If I do not get any result from that query than I want to go ahead and register them and then redirect them to the next form and take their sid(primary key - studentID) turn it into a cookie and then pass it along to the next form.
If my first query finds that same three values for name and dob than an error should be displayed "already registered"
Well all has been well except I can enter the exact same user info (firsdt_name, Last_name, and dob).
I can not get that error message to display no matter what I type into my form.
sorry for posting long code, but I think it might be necessary as I have no idea what is causing the error.
Also their is a function being used throughout this script that is defined in an external document. the function escape_data checks the server settings for magic_quotes and applies mysql_real_escape_string to data.
here is my script,
and I apologize for it being messy, it is my first ever.
Code: Select all
<?php # - register student -
$page_title = 'Register';
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
require_once ('./includes/mysql_connect.php');
$errors = array(); // Initialize error array.
// Check for a first name.
if (empty($_POST['first_name'])) {
$errors[] = 'You forgot to enter your first name.';
} else {
$fn = escape_data($_POST['first_name']);
}
// Check for a last name.
if (empty($_POST['last_name'])) {
$errors[] = 'You forgot to enter your last name.';
} else {
$ln = escape_data($_POST['last_name']);
}
// Check for a date of birth.
if (empty($_POST['month'])) {
$errors[] = 'You forgot to enter students birthdate.';
} else {
$dob = ($_POST['year']).($_POST['month']).($_POST['day']);
}
// Check for sex value.
if (empty($_POST['sex'])) {
$errors[] = 'You forgot to enter students sex.';
} else {
$sex =($_POST['sex']);
}
//following fields not mandatory
// Check for a school attending.
if (empty($_POST['school'])) {
$school ='null';
} else {
$school = escape_data($_POST['school']);
}
// Check for a medical issues.
if (empty($_POST['medical'])) {
$medical ='null';
} else {
$medical = escape_data($_POST['medical']);
}
// Check for a students phone.
if (empty($_POST['students_phone'])) {
$stud_phon ='null';
} else {
$stud_phon = escape_data($_POST['students_phone']);
}
// Check for a students email.
if (empty($_POST['student_email'])) {
$stud_email ='null';
} else {
$stud_email = escape_data($_POST['stud_email']);
}
// Check for notes.
if (empty($_POST['notes'])) {
$notes ='null';
} else {
$notes = escape_data($_POST['notes']);
}
if (empty($errors)) { // If everything's okay.
$query0 = "SELECT sid FROM student_info WHERE first_name = '\"$fn\"' AND last_name = '\"$ln\"' AND dob = '\"$dob\"' " ;
$result0 = @mysql_query ($query0);
if(mysql_num_rows($result0)>0) {
echo 'you are already registered!';
exit() ;
} else{
// Make the query.
$query = "INSERT INTO student_info (sid, first_name, last_name, sex, reg_date, dob, school, email, phone, active, medical_issues, notes, secret_classification, last_update) VALUES ('null', '$fn', '$ln', '$sex', now(), '$dob', '$school', '$stud_email', '$stud_phone', 'y', '$medical', '$notes', '0', 'null' )";
$result = @mysql_query ($query); // Run the query.
}
if ($result) { // If it ran OK.
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$sid = mysql_insert_id();
setcookie('SID', $sid);
//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Redirect the user to the thanks.php page.
// Start defining the URL.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/parent_info.php';
header("Location: $url");
exit();
} else { // If it did not run OK.
include ('./includes/header.inc.htm');
echo '<h1 id="mainhead">System Error</h1>
<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>'; // Public message.
echo '<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; // Debugging message.
exit();
}
mysql_close(); // Close the database connection.
} else { // Report the errors.
echo '<h1 id="mainhead">Error!</h1>
<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p><p><br /></p>';
} // End of if (empty($errors)) IF.
} // End of the main Submit conditional.
include ('./includes/header.inc.htm');
?>this is followed by a bunch of html, there is no need to post it.
I am open to any and all criticism as I said I this is my first project.
thanks