Firstly, seasons greeting, hope everyone is closing out the year with style....

Down to business.... I am trying to create a real time form validator much like Ibegin (http://www.ibegin.com/register/), if you notice once you fill out one of the inputs it will immidiatly give you either an "okay" or an error message next to it.

This is done with javascript and is pretty sraight forward, however the username and password are also checked against the database for duplicates (try to input "tomms" in username to see example). This is done through file called "register.php. I do have a database set up, and it is populated by a similar member signup form. However, i need some help writing the register.php file. I do have some coding background but am a relative newbie to Php, any help would be appreicated.

The javascript....

<script type="text/javascript">
function checkusername() {
	var username = document.register.username.value;
	if (username.length < 4 || username.length > 25) {
		if (username.length < 4) {
			document.getElementById('usernamecheck').innerHTML="<font style=\"color: red\">Username must be at least 4 characters</font>";
			document.getElementById('username').style.border='red 1px solid';

	} else {
		document.getElementById('usernamecheck').innerHTML="<font style=\"color: red\">Username cannot be longer than 25 characters</font>";
		document.getElementById('username').style.border='red 1px solid';
	}
} else {
	LoadIntoElementRegistration('register.php?action=check&username='+username,'usernamecheck','Checking ...', 'username');
}
}


function checkemail() {
	var email = document.register.email.value;
	if (email.length < 6 || email.length > 49) {
		if (email.length < 6) {
			document.getElementById('emailcheck').innerHTML="<font style=\"color: red\">Email is too short</font>";
			document.getElementById('email').style.border='red 1px solid';
		} else {
			document.getElementById('emailcheck').innerHTML="<font style=\"color: red\">Email cannot be longer than 50 characters</font>";
			document.getElementById('email').style.border='red 1px solid';
		}
	} else {
		if (check_email(email)) {
			LoadIntoElementRegistration('register.php?action=check&email='+email,'emailcheck','Checking ...','email');
		} else {
			document.getElementById('emailcheck').innerHTML="<font style=\"color: red\">Invalid email</font>";
			document.getElementById('email').style.border='red 1px solid';
		}
	}
}

function check_email(e) { ok = "1234567890qwertyuiop[]asdfghjklzxcvbnm.@-_QWERTYUIOPASDFGHJKLZXCVBNM";  for(i=0; i < e.length ;i++){ if(ok.indexOf(e.charAt(i))<0){  return (false); } }   if (document.images) { re = /(@.*@)|(\.\.)|(^\.)|(^@)|(@$)|(\.$)|(@\.)/; re_two = /^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/; if (!e.match(re) && e.match(re_two)) { return (-1); }   }  }
</script>
    10 days later

    Hi, did you ever get a resolution to make this happen? I would like to do something very similar. I have a php form that submits user info to a mysql database and would like check for duplicate names when submitting... Or something similar. Thanks.

      cant say i have, i actually put it aside for the time being as im working on another part of my web site....

      ill keep you updated...ill report any progress

        I can't answer everything here, but a few things is possible.

        First, search for AJAX to find out how you can check it against the database. I haven't used it, so I can't help you with how to do it.

        Second, don't trust the values that are sent. Check them again in PHP. JavaScript is checking the values, but since it is possible to turn it off or just send values without having it checked it is always needed to check them in PHP as well.

          If you search these forums for 'form validation' you will find untold posts covering this topic in detail.

          1. Piranha is right, don't rely on js as it can be turned off: always validate form data in your target script as well.

          2. You need to read up on mysql real escape string if you are going to be using form data in queries. Pay attention to the part about sql injection attacks and use the best practice function you'll find there.

          Since js can be turned off, and malicious users can bypass all of its checks, you can't rely on ajax to check if user name has been taken - it only improves the uesr experience if you do use it. So your register.php has to:

          validate all required fields are present
          protect against sql injection
          query the db for chosen username and prompt user for new name if found - many sites offer suggestions at this point
          insert user name and password when all is ok

          // check username not taken - password is immaterial for this
$check_query = "SELECT * from users WHERE username = '" . quote_smart($_POST['username']) . "'";
$result = mysql_query($check_query);
if (mysql_num_rows($result < 0 ) ) {
   // inform user that name is taken
}
else
{
// insert username and do what ever else
}
            Write a Reply...