Null Value for menus

herschen

I am using Dreamweaver with the Developer Toolbox and testing my site locally with XAMPP (including PHP, MySQL and Apache). I am trying to create a registration page. I use the "Insert Record Form Wizard" and link it up to the users database that includes fields for the user name, password, e-mail, address, and whether or not they want the newsletter. I have a list for both the state field and the newsletter field ('Yes, please' or 'No thanks'). Everything works fine, except for the menu boxes. Even when I click on these fields and select an option, I still get an error message that these columns "cannot be null." (On a side note--I changed the 'state' column to allow null fields since putting in a mailing address is optional, but I would like users to be able to fill in this information if they want to)

I also am curious how I could set up the registration form to let someone know that the username they chose was already taken (and of course not allow them to use that name)

Last side note, I set up the template for my site as a PHP file with a login button that is a CSS layer. This links to the login page and when they login successfully, they are redirected to the home page (or whichever restricted page they were trying to access before they logged in) and another CSS layer with a greater Z-Index than the login layer covers up the login button and says "Welcome back, Username" (where username is the MM_Username session variable). Is this a good way to set up the site? Is it secure? Thank you.

bpat1434

I also am curious how I could set up the registration form to let someone know that the username they chose was already taken (and of course not allow them to use that name)

You can do an AJAX request to a PHP script and tell them "instantly" that it's taken, or upon submit just check in the database for it:

$query = "SELECT id FROM `table` WHERE username='".mysql_real_escape_string($_POST['username'])."'";

// If mysql_num_rows() > 0: Duplicate name
// Otherwise, they're okay

Is this a good way to set up the site? Is it secure?

Well, you'd probably want to just replace the contents of the div rather than cover it up. Covered up items can actually be "uncovered" by the end user. As far as security, it all depends on how you handle the request. If it's SSL, then it should be secure. If you're storing your passwords as plaintext, not so secure. If you're sending your passwords as plaintext, not so secure. If you don't check your inputs before creating the SQL statement, not so secure. You can post your code in the "Code Critique" section of the forums for help in securing your code if you'd like.

Even when I click on these fields and select an option, I still get an error message that these columns "cannot be null."

You should probably switch them to a radio button, and have the "Yes" selected as default. This way, there's no "null" value possibility, and your newsletter goes to more people (obviously an unsubscribe feature should be available). To that end, you should be checking all data prior to database insertion to make sure it really is the kind / type you expect it to be. For example, zip codes should only be numbers and as such you don't want any letters, and most fields shouldn't have a single-quote or semi-colon in them. But proper data inspection can alleviate many security issues. Even using mysql_real_escape_string() on any inserted string is a step in the right direction.