Hello, I wrote the following script to to enter a few simple things into a database. It works the way it is supposed to, but when the user enters something that doesn't fit the regular expression line for that field it will only say "INVALID!" next to the field that is bad. Does anyone here know how I could go about showing why their input doesn't match the pattern? Perhaps giving them a message like "The following characters are not allowed: $badchar" and only echo-ing the bad character(s) they put in? I'd really appreciate some sample code if any of you fell like taking the time. Sorry if my code isn't the prettiest, I'm still fairly new to php.
<?php
//Database info/selection
include("con.php");
//Adds a "?" to the end of the url if it doesn't have one alread. (If it doesn't detect info is being passed, the form field won't show up.
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
$url2 = $url.'?';
if (!eregi("[\?]", $url))
{
header("location:$url2");
die();
}
// GETs the info passed from the form.
$username = $_GET["username"];
$password = $_GET["password"];
$email = $_GET["email"];
$ip_address = $_SERVER['REMOTE_ADDR'];
$message = $_GET["message"];
//Added a style for the "INVALID!" text
echo '<html><style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>';
######################################################
############# Beginning of Text field Validations
######
if(eregi("^[A-Za-z]+$", $username))
{
echo "First Name OK!<br />";
}
else
{
echo "Invalid First Name.<br />";
$a = '<span class="style1">INVALID! </span>';
}
#####################################################
if(eregi("^[A-Za-z0-9 ]+$", $password))
{
echo "Last Name OK!<br />";
}
else
{
echo "Invalid Last Name.<br />";
$b = '<span class="style1">INVALID! </span>';
}
#####################################################
if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))
{
echo "Email Address OK!<br />";
}
else
{
echo "Invalid email address.<br />";
$c = '<span class="style1">INVALID! </span>';
}
#####################################################
if(eregi("^[A-Za-z0-9 ?\.\"\:\;\'\,]+$", $message))
{
echo "Message OK!<br />";
}
else
{
echo "Invalid message.<br />";
$d = '<span class="style1">INVALID! </span>';
}
######
############# End of Text field Validations
######################################################
//Shows what you entered into the text fields.
echo "<br />First Name: $username <br /> Last Name: $password <br />Email: $email <br /> IP Address: $ip_address <br /> Message: $message <br />";
//If any of the RegEx patters did not match, it will show the form again and put "INVALID!" next to the field the user messed up.
if (isset($a) or isset($b) or isset($c) or isset($d))
{
echo "<br />TRY AGAIN!<br />";
echo '<form action="register.php" method="get">
<p>User Name:
<input name="username" type="text" value="'; echo $username; echo '" />';
echo $a; echo '</p>
<p>Password:
<input name="password" type="password" value="'; echo $password; echo '" />';
echo $b; echo'</p>
<p>Email:
<input name="email" type="text" value="'; echo $email; echo '" />';
echo $c;
echo '</p>
<p>Message:
<input name="message" type="text" value="'; echo $message; echo '" />';
echo $d; echo '</p>
<p>
<input name="Submit" type="submit" value="Sumbit" />
</p>
</form>';
}
else {
//If the input matched the patterns the info is saved to the db, and the user can login with their credentials on the next page.
$password = md5($password);
mysql_query("INSERT INTO members (username, password, email, message, ip) VALUES ('$username', '$password', '$email', '$message', '$ip_address')");
echo 'The information you entered has been saved to the database. <br/> you can now <a href="login.php">login</a>.';
}
mysql_close($con);
?>
