Help with Login; some data not being received

dudbud

Hello:
I have just started learning php and mysql in order to create a login page for new members to my website. It seems to do OK, except that I have hacked together some of the code, and have seemingly messed something up.
When a guest fills out the registration form, if he/she inputs any numbers into the fields (except email and password), it gets rejected and does not transfer to the mysql db. If I go to the database itself, I can input the data fine. So, it must be somewhere in the register.php code that is denying numerical data from being input into these (varchar) fields.
Can someone please help me? Thanks so much.
Vic

<?php
# Script 16.6 - register.php
// This is the registration page for the site.

require_once ('includes/config.inc.php');
$page_title = 'Register';
include ('includes/header.html');

if (isset($_POST['submitted'])) { // Handle the form.

require_once (MYSQL);

// Trim all the incoming data:
$trimmed = array_map('trim', $_POST);

// Assume invalid values:
$fn = $ln = $e = $p = FALSE;

// Check for a first name:
if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['first_name'])) {
	$fn = mysqli_real_escape_string ($dbc, $trimmed['first_name']);
} else {
	echo '<p class="error">Please enter your first name!</p>';
}

// Check for a last name:
if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['last_name'])) {
	$ln = mysqli_real_escape_string ($dbc, $trimmed['last_name']);
} else {
	echo '<p class="error">Please enter your last name!</p>';
}

// Check for a state:
if (preg_match ('/^[A-Z \'.-]{2,2}$/i', $trimmed['state'])) {
	$s = mysqli_real_escape_string ($dbc, $trimmed['state']);
} else {
	echo '<p class="error">Please enter your state!</p>';
}

// Check for a date of birth:
if (preg_match ('/^[A-Z \'.-]{2,10}$/i', $trimmed['date_of_birth'])) {
	$dob = mysqli_real_escape_string ($dbc, $trimmed['date_of_birth']);
} else {
	echo '<p class="error">Please enter your date of birth!</p>';
}

// Check for a doctor name:
if (preg_match ('/^[A-Z \'.-]{2,80}$/i', $trimmed['doctor_name'])) {
	$dn = mysqli_real_escape_string ($dbc, $trimmed['doctor_name']);
} else {
	echo '<p class="error">Please enter your doctor name!</p>';
}

// Check for a doctor phone:
if (preg_match ('/^[A-Z \'.-]{2,80}$/i', $trimmed['doctor_phone'])) {
	$dp = mysqli_real_escape_string ($dbc, $trimmed['doctor_phone']);
} else {
	echo '<p class="error">Please enter your doctor phone number with area code!</p>';
}

// Check for a date of recommendation:
if (preg_match ('/^[A-Z \'.-]{2,10}$/i', $trimmed['date_of_recommendation'])) {
	$dor = mysqli_real_escape_string ($dbc, $trimmed['date_of_recommendation']);
} else {
	echo '<p class="error">Please enter the date on your doctor recommendation!</p>';
}

// Check for an email address:
if (preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,60}$/', $trimmed['email'])) {
	$e = mysqli_real_escape_string ($dbc, $trimmed['email']);
} else {
	echo '<p class="error">Please enter a valid email address!</p>';
}

// Check for a password and match against the confirmed password:
if (preg_match ('/^\w{4,20}$/', $trimmed['password1']) ) {
	if ($trimmed['password1'] == $trimmed['password2']) {
		$p = mysqli_real_escape_string ($dbc, $trimmed['password1']);
	} else {
		echo '<p class="error">Your password did not match the confirmed password!</p>';
	}
} else {
	echo '<p class="error">Please enter a valid password!</p>';
}

if ($fn && $ln && $e && $p) { // If everything's OK...

	// Make sure the email address is available:
	$q = "SELECT user_id FROM users WHERE email='$e'";
	$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

	if (mysqli_num_rows($r) == 0) { // Available.

		// Create the activation code:
		$a = md5(uniqid(rand(), true));

		// Add the user to the database:
		$q = "INSERT INTO users (email, pass, first_name, last_name, state, date_of_birth, doctor_name, doctor_phone, date_of_recommendation, active, registration_date) VALUES ('$e', SHA1('$p'), '$fn', '$ln', '$s', '$dob', '$dn', '$dp', '$dor', '$a', NOW() )";
		$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

		if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

			// Send the email:
			$body = "Thank you for registering at VicRemedy.com. To activate your account, please click on this link:\n\n";
			$body .= BASE_URL . 'activate.php?x=' . urlencode($e) . "&y=$a";
			mail($trimmed['email'], 'Registration Confirmation', $body, 'From: [email]webmaster@vicremedy.com[/email]');

			// Finish the page:
			echo '<h3>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h3>';
			include ('includes/footer.html'); // Include the HTML footer.
			exit(); // Stop the page.

		} else { // If it did not run OK.
			echo '<p class="error">You could not be registered due to a system error. We apologize for any inconvenience.</p>';
		}

	} else { // The email address is not available.
		echo '<p class="error">That email address has already been registered. If you have forgotten your password, use the link at right to have your password sent to you.</p>';
	}

} else { // If one of the data tests failed.
	echo '<p class="error">Please re-enter your passwords and try again.</p>';
}

mysqli_close($dbc);

} // End of the main Submit conditional.
?>

<h1>Welcome to VicRemedy.com's Patient Registration Page</h1>
<small>(Your information is confidential and will not be shared or sold)</small></p>
<form action="register.php" method="post">
	<fieldset>

<p><b>First Name:</b> <input type="text" name="first_name" size="20" maxlength="20" value="<?php if (isset($trimmed['first_name'])) echo $trimmed['first_name']; ?>" /></p>

<p><b>Last Name:</b> <input type="text" name="last_name" size="20" maxlength="40" value="<?php if (isset($trimmed['last_name'])) echo $trimmed['last_name']; ?>" /></p>

<p><b>State:</b> <input type="text" name="state" size="2" maxlength="2" value="<?php if (isset($trimmed['state'])) echo $trimmed['state']; ?>" /></p>

<p><b>Date of Birth (YYYY-MM-DD):</b> <input type="text" name="date_of_birth" size="10" maxlength="10" value="<?php if (isset($trimmed['date_of_birth'])) echo $trimmed['date_of_birth']; ?>" /></p>

<p><b>Doctor Name:</b> <input type="text" name="doctor_name" size="20" maxlength="80" value="<?php if (isset($trimmed['doctor_name'])) echo $trimmed['doctor_name']; ?>" /></p>

<p><b>Doctor Phone:</b> <input type="text" name="doctor_phone" size="20" maxlength="20" value="<?php if (isset($trimmed['doctor_phone'])) echo $trimmed['doctor_phone']; ?>" />
<small>Please include Area Code (if we cannot verify your recommendation, your membership will be rejected)</small></p>

<p><b>Date of Recommendation (YYYY-MM-DD):</b> <input type="text" name="date_of_recommendation" size="10" maxlength="10" value="<?php if (isset($trimmed['date_of_recommendation'])) echo $trimmed['date_of_recommendation']; ?>" /></p>

<p><b>Your Email Address:</b> 
<input type="text" name="email" size="30" maxlength="80" value="<?php if (isset($trimmed['email'])) echo $trimmed['email']; ?>" />
<small>Very Important! A confirmation email will be sent to this address.</small></p>

<p><b>Password:</b> 
  <input type="password" name="password1" size="20" maxlength="20" /> 
  <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p>
<p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>
</fieldset>

<div align="center"><input type="submit" name="submit" value="Register" /></div>
<input type="hidden" name="submitted" value="TRUE" />

</form>


<?php // Include the HTML footer.
include ('includes/footer.html'); ?>

bradgrafelman

dudbud wrote:
if he/she inputs any numbers into the fields (except email and password), it gets rejected

Not sure why this is a surprise; your preg_match() if statements don't include numbers in the character sets, thus numbers won't match the pattern and cause the if statements to be false.