[RESOLVED] Checking if condition

VeryNewToPhp

Dear all,

Am very new to php..

I've created a registration form in html and am inserting the values through the following php code into the database.. 😕:confused

<?php

$con = mysql_connect("localhost","dbusername","dbpassword");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("dbname", $con);

$sql="INSERT INTO Users(Age, ScreenName, EmailAddress, Password)
VALUES
('$_POST[age]','$_POST[username]','$_POST[email]','$_POST[password]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }




mysql_close($con)
?>
<script type="text/javascript">
alert("You Have Successfully Registered");
</script>

earlier i faced a problem as it also allowed the registration a number of times for the same user with same username and email.. later i sorted it out by using Primary key and Unique key for username and email respectively.. But for the validations like 'cannot leave the email field empty n etc' I'm using javascript hardcoded in my html form of the registration page.. it alerts the user with an alert box.. similary i want the users to be alerted in an alert box if they are already registered.. can i get the code for it??????? pls direct me how and where to insert the code(in my above php code i.e., above or below which line) which u r posting.... Pls help am a newbie as i told earlier.... 😕:confused

johanafm

$errors = array();
$feedback = array();

$con = mysql_connect("localhost","dbusername","dbpassword");
if (!$con)
{
	# Never display these errors to the end user. They have no need for the info
	# and it could be used to gain info of your system and potentially break security

# This is sufficient
# Usually I'd recommend keeping errors in an array and display them
# in the content part of your html pages. But if you can't connect to the db
# you probably won't be able to show much of a page anyway, so dieing here is fine
die('Could not connect. Try again later');
}
mysql_select_db("dbname", $con);

$sql="INSERT INTO Users(Age, ScreenName, EmailAddress, Password)
VALUES
('$_POST[age]','$_POST[username]','$_POST[email]','$_POST[password]')";

if (!mysql_query($sql,$con))
{
	# Once again, don't output these errors.
	# Also, don't die here. The query might fail due to the email address having
	# been registered allready. Inspect the error code

# Unless I'm misstaken, this is represented by 1062, duplicate entry '%s' for key %d.
# You can try re-registering an existing email address and see what error you get...
if (mysql_errno($con) == 1062)
{
	$feedback[] = 'Email address has allready been registered.<br/>'.
		'If you have forgotten your password, you can request a new one'.
		' to be sent by following <a href="retrieve_password.php">this link</a>';
}
else
{
	$errors[] = 'Unable to register. Try again later or contact support at ...';
}
}
else
{
	$feedback[] = 'You have successfully registered!';
}

# Later, when you get to the content part where you redisplay the registration form
foreach ($errors as $e)
{
	echo '<div class="error">'.$e.'</div>';
}
foreach ($feedback as $f)
{
	echo '<div class="feedback">'.$f.'</div>';
}

# and the registration form goes here.

VeryNewToPhp;10986764 wrote:
<script type="text/javascript">
alert("You Have Successfully Registered");
</script>[/code]

Don't use javascript for this, at least no unless you let your users register via ajax (javascript function XMLHttpRequest), since you might just as well do that using feedback in the actual page like I've shown above.

VeryNewToPhp;10986764 wrote:
by using Primary key and Unique key for username and email respectively.. But for the validations like 'cannot leave the email field empty n etc' I'm using javascript hardcoded in my html form of the registration page..

This can't be used as a safeguard as far as your system is concerned. The user may send data to you without using your form, so you have to do validation server side.

if (!isset($_POST['email']))
	$errors[] = 'You must supply an email address';
elseif (!is_valid_email($_POST['email']))
	$errors[] = 'The email address you entered is invalid';
if (!isset($_POST['username']) || !trim($_POST['username']))
	$errors = 'You must supply a username';

# no errors so far
if (!count($errors))
{
	# here goes the insert into part from the previous code part
}

VeryNewToPhp;10986764 wrote:
it alerts the user with an alert box..

This is good, assuming the user has javascript enabled, but it still doesn't mean you can ignore validation server side like I described above.

VeryNewToPhp;10986764 wrote:
similary i want the users to be alerted in an alert box if they are already registered..

As I said before, there is no reason to use an alert box for this. It just means another unnecessary click for the user. Go with the above method and display the errors and/or feedback.

VeryNewToPhp

johanafm;10986772 wrote:

$errors = array();
$feedback = array();

$con = mysql_connect("localhost","dbusername","dbpassword");
if (!$con)
{
	# Never display these errors to the end user. They have no need for the info
	# and it could be used to gain info of your system and potentially break security

# This is sufficient
# Usually I'd recommend keeping errors in an array and display them
# in the content part of your html pages. But if you can't connect to the db
# you probably won't be able to show much of a page anyway, so dieing here is fine
die('Could not connect. Try again later');
}
mysql_select_db("dbname", $con);

$sql="INSERT INTO Users(Age, ScreenName, EmailAddress, Password)
VALUES
('$_POST[age]','$_POST[username]','$_POST[email]','$_POST[password]')";

if (!mysql_query($sql,$con))
{
	# Once again, don't output these errors.
	# Also, don't die here. The query might fail due to the email address having
	# been registered allready. Inspect the error code

# Unless I'm misstaken, this is represented by 1062, duplicate entry '%s' for key %d.
# You can try re-registering an existing email address and see what error you get...
if (mysql_errno($con) == 1062)
{
	$feedback[] = 'Email address has allready been registered.<br/>'.
		'If you have forgotten your password, you can request a new one'.
		' to be sent by following <a href="retrieve_password.php">this link</a>';
}
else
{
	$errors[] = 'Unable to register. Try again later or contact support at ...';
}
}
else
{
	$feedback[] = 'You have successfully registered!';
}

# Later, when you get to the content part where you redisplay the registration form
foreach ($errors as $e)
{
	echo '<div class="error">'.$e.'</div>';
}
foreach ($feedback as $f)
{
	echo '<div class="feedback">'.$f.'</div>';
}

# and the registration form goes here.

This can't be used as a safeguard as far as your system is concerned. The user may send data to you without using your form, so you have to do validation server side.

if (!isset($_POST['email']))
	$errors[] = 'You must supply an email address';
elseif (!is_valid_email($_POST['email']))
	$errors[] = 'The email address you entered is invalid';
if (!isset($_POST['username']) || !trim($_POST['username']))
	$errors = 'You must supply a username';

# no errors so far
if (!count($errors))
{
	# here goes the insert into part from the previous code part
}

This is good, assuming the user has javascript enabled, but it still doesn't mean you can ignore validation server side like I described above.

As I said before, there is no reason to use an alert box for this. It just means another unnecessary click for the user. Go with the above method and display the errors and/or feedback.

Thanks a LOT Mr.Johanafm

I fixed it b4 seeing ur reply by placing

if (!mysql_query($sql,$con))
  {
  die('<script type="text/javascript">
alert("The ScreenName or EmailAddress is already in use.. Please try a differnt user name or if U R already registered, please use the Login Page");
</script>');
  }

in place of

if (!mysql_query($sql,$con))
  {
  die('ERROR:' . mysql_error());
  }

But after seeing your reply, i felt i shall change the errors as we need not show the unncessary errors to end users.. (AS U SAY) and Thanks for ur Advice.. I've modified the code with ur above code.. Thanks a lot.. u were of great help..
And in no other forum i got such an explanatory code.. Really Thanks..

As I said before, there is no reason to use an alert box for this. It just means another unnecessary click for the user. Go with the above method and display the errors and/or feedback

And Actually am calling the php externally through the html form Sir.. and after the php code ends, it leads to the next page (I've coded the next page's coding here) Hence i thought there'd not be big strain in clicking 😉 Still i take ur advice and echo the "already registered" sentence in the next page tha comes after registration(As it also looks good, to be true, better)