PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I have a form for creating new users on a database. The form has 3 fields; Username; Password and Confirm Password. In the script that follows the form i check to make sure that both passwords are the same. Now i've fiddled around with the code a little bit, but it doesn't seem to want to validate it. I can put anything in the two fields (completely different) but it still goes through to the database anwyay.
This is code i've used:
if(empty($username) || empty($password) || empty($confirm_password))
{
echo "Fields are empty";
}
else
{
//?????????????????????????????????????????????????//
//???Problem comparing first and second password???//
//?????????????????????????????????????????????????//
if($password != $confirm_password)
{
echo "New passwords did not match'";
}
else
{
//Turn posted fields into sha1 values
$password = sha1($password);
$confirm_password = sha1($confirm_password);
//Determine what the ID number will be
$sql = "SELECT * FROM $tbl_name";
$result = mysql_query($sql,$con);
$num_rows = mysql_num_rows($result);
$num_rows ++;
//Enter new user into database
$create = "INSERT INTO $tbl_name (id, username, password)
VALUES('$num_rows', '$username', '$password')";
mysql_query($create,$con);
//Take user to Success! page
header("location:****.php");
}
}
//Catch data from form
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
And the script has no trouble putting the data onto MySQL, because i've then tested it with a login system to make sure the ones added work. Just can't get my head round it >=(.
//Determine what the ID number will be
$sql = "SELECT * FROM $tbl_name";
$result = mysql_query($sql,$con);
$num_rows = mysql_num_rows($result);
$num_rows ++;
//Enter new user into database
$create = "INSERT INTO $tbl_name (username, password)
VALUES('$username', '$password')";
mysql_query($create,$con);
The select statement is completely unncessary in this case, and will not function correctly if you have deleted any rows in your users table. Instead, you can omit the select statement and get the newly inserted rows id by using mysql_insert_id() after the insert query. You should never have the specify the id, since your primary key should typically set to auto_increment, to assure each row has a unique PK.
//Enter new user into database
$create = "INSERT INTO $tbl_name (id, username, password)
VALUES('$num_rows', '$username', '$password')";
mysql_query($create,$con);
$id = mysql_insert_id();
Okay i've done that, but i still can't get it to validate that both the password and confirm_password fields are the same. Here's the whole script in it's amateurish entirety:
<?php
//Check user is logged in in first place
session_start();
if(!isset($_SESSION['logged']))
{
header("location:login/main_login.htm");
}
//Stores mysql login details
$host="localhost"; // Host name
$sql_username="****"; // Mysql username
$sql_password="****"; // Mysql password
$db_name="****"; // Database name
$tbl_name="***"; // Table name
//Catch data from form
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
//Protect against MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$confirm_password = stripslashes($confirm_password);
$username = mysql_escape_string($username);
$password = mysql_escape_string($password);
$confirm_password = mysql_escape_string($confirm_password);
//MySQL Connect variable
$con = mysql_connect("$host","$sql_username","$sql_password");
//If the mysql connect variable can't connect, die
if(!$con)
{
die('Could not connect: ' . mysql_error());
}
//Database select
mysql_select_db($db_name, $con);
//Validates form was not empty
if(empty($username) || empty($password) || empty($confirm_password))
{
echo "Fields are empty";
}
else
{
//?????????????????????????????????????????????????//
//???Problem comparing first and second password???//
//?????????????????????????????????????????????????//
if($password != $confirm_password)
{
echo "New passwords did not match'";
}
else
{
//Turn posted fields into sha1 values
$password = sha1($password);
$confirm_password = sha1($confirm_password);
//Enter new user into database
$create = "INSERT INTO $tbl_name (username, password)
VALUES('$username', '$password')";
mysql_query($create,$con);
//Take user to Success! page
header("location:user_create_success.php");
}
}
?>
The form preceeding it had 3 $_POST values: username, password and confirm_password.