Validate fields problem

genista

All,

I am writing a very simple user registration form. The problem I am having is when the submit button is pressed that various checks are done to make sure the fields are populated, that the email address is ok. The script below is allowing me to bypass any checks and write straight to the db. In addition, despite this successful write to the db the success message is not being dislayed.

if(isset($_POST["submit"])){
        $name = mysql_real_escape_string($_POST['name']); // Turn our post into a local variable
        $email = mysql_real_escape_string($_POST['email']);
        $password = mysql_real_escape_string($_POST['password']);// Turn our post into a local variable

if(!filter_var($email, FILTER_VALIDATE_EMAIL) AND isset($_POST["submit"]))
  {
  echo "E-mail is not valid";
  }
else
  {
  echo "E-mail is valid";
  }

  //check for fields being empty

  if($_POST['name']==""){
echo "Empty name!";
}

 if($_POST['email']==""){
echo "Empty email!";
}

 if($_POST['password']==""){
echo "Empty password!";
}

if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']) AND ($_POST['password']) && !empty($_POST['password'])){

$hash = md5( rand(0,1000) ); // Generate random 32 character hash and assign it to a local variable.
// Example output: f4552671f8909587cf485ea990207f3b



    // We have a match, activate the account
         mysql_query("INSERT INTO users (name, password, email, hash) VALUES('$name', '$password', '$email', '$hash' )") or die(mysql_error());

        $to      = $email; // Send email to our user
$subject = 'Signup | Verification'; // Give the email a subject
$message = '

Thanks for signing up!
Your account has been created, you can login with the following credentials after you have activated your account by pressing the url below.

Thanks in advance for your help!

Regards,

bradgrafelman

Few issues:

The isset() condition here:
```
if(!filter_var($email, FILTER_VALIDATE_EMAIL) AND isset($_POST["submit"])) 
```
is redundantly redundant; you're already inside of an if() block that checks that very same condition.
Note that for all three local variables as well as the 3 if() conditions that "check for fields being empty," you never verify that the external data exists (such as by using [man]isset/man or [man]empty/man) before accessing it. This will generate E_NOTICE level errors if any of them do not exist.
This if() statement:
```
if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['email']) && !empty($_POST['email']) AND ($_POST['password']) && !empty($_POST['password'])){
```
is redundantly redundant. [man]empty/man will (gracefully) return FALSE for variables that aren't set, so doing an additional isset() check for the same variable does nothing but add unnecessary code.
Most importantly, note that an invalid e-mail address will not violate any of those if() conditions, thus the DB insert will still be performed.

EDIT: Also.. why the mix of '&&' and 'AND' ?