Can anyone please explain why this form validation work?
The code all runs perfectly except for the email validation.
The email validation code always fails showing that an incorrect email address was entered even when it was correct. When the INSERT runs all variables are added correctly to the DB except for the email attribute which is left blank.
Can anyone help please?
<?php
if (isset($_POST['submit'])) { // Handle the form.
require_once ('../../mysql_connect_bargain.php'); // Connect to the database.
// Check for a username.
if (eregi ("^[[:alnum:]_]{4,20}$", stripslashes(trim($_POST['username'])))) {
$u = escape_data($_POST['username']);
} else {
$u = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid username!</font></p>';
}
// Check that an email address has been entered.
if (eregi ("^[[:alnum:]_]{4,20}$", stripslashes(trim($_POST['email'])))) {
$email = escape_data($_POST['email']);
} else {
$email = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>';
}
// Check for a password and match against the confirmed password.
if (eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))) {
if ($_POST['password1'] == $_POST['password2']) {
$p = escape_data($_POST['password1']);
} else {
$p = FALSE;
echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';
}
} else {
$p = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
}
if ($u && $p) { // If everything's OK.
// Check the email address is unique.
$query = "SELECT email FROM users WHERE email='$email'";
$result_email = @mysql_query ($query);
if (mysql_num_rows($result_email) == 0) {
$reg_date = date("Y.m.d, H:i:s");
// If it is avaliable...
// Make sure the username is available.
$query = "SELECT user_id FROM users WHERE username='$u'";
$result = @mysql_query ($query);
if (mysql_num_rows($result) == 0) { // Available.
// Add the user.
$query = "INSERT INTO users (username, email, password, reg_date) VALUES ('$u', '$email', PASSWORD('$p'), '$reg_date')";
$result = @mysql_query ($query); // Run the query.
if ($result) { // If it ran OK.
// Send an email, if desired.
echo '<h3>Thank you for registering!</h3>';
exit();
} else { // If it did not run OK.
// Send a message to the error log, if desired.
echo '<p><font color="red" size="+1">You could not be registered due to a system error. We apologize for any inconvenience.</font></p>';
}
} else { // The username is not available.
echo '<p><font color="red" size="+1">That username is already taken.</font></p>';
}
} else {
echo '<p><font color="red" size="+1">That email address is already taken.</font></p>';
}
mysql_close(); // Close the database connection.
} else { // If one of the data tests failed.
echo '<p><font color="red" size="+1">Please correct your information and try again.</font></p>';
}
} // End of the main Submit conditional.
?>
<style type="text/css">
<!--
.style1 {
font-size: 14px;
font-family: Arial, Helvetica, sans-serif;
}
.style2 {
font-family: Arial, Helvetica, sans-serif;
font-size: 24px;
}
-->
</style>
<h1 class="style1 style2">Register</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" class="style1">
<p>Username:
<input type="text" name="username" size="30" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" />
</p>
<p>Email Address:
<input type="text" name="email" size="30" maxlength="50" />
</p>
<p>Password:
<input type="password" name="password1" size="30" maxlength="20" />
</p>
<p>Confirm Password:
<input type="password" name="password2" size="30" maxlength="20" />
</p>
<p>
<input type="submit" name="submit" value="Register" />
</p>
</form>
<!-- End of Form -->
