form validation

phpwand

i cant make out why the validation is not working here

<head>
<script language="javascript">
function checkform()
{
document.write("function");
var uid = document.form1.username;

<?php $q=mysql_query("select username from users where username=uid");
				$r=mysql_fetch_array($q);
				?>

var temp=<?php echo $r[0];?>
if(uid==""||uid==null)
{
	window.alert("Please enter a username.");
 	username.focus();
 	return false;
}
if(temp!=null)
{
	window.alert("username unavailable.");
 	username.value="";
	username.focus();
 	return false;
}
	return true;

}
</script>

</head>

<body>
<form name="form1" onSubmit="return checkform();" action="2.php" method="post" >
<p>Username:
<input name="username" type="text" id="username"/>

Emma

phpwand;11006135 wrote:
var uid = document.form1.username;
<?php $q=mysql_query("select username from users where username=uid");

I'm not certain you can use a JavaScript variable in PHP like that, as it won't have a value until the username (uid) has been sent back to the server.

Bonesnap

phpwand;11006135 wrote:
i cant make out why the validation is not working here

What isn't working?

johanafm

All of your code is first created as output by the server. That is, the following string is sent by the server to the web browser

Step 1. Generate output and send to browser

<head>
<script language="javascript">
function checkform()
{
document.write("function");
var uid = document.form1.username;

<?php $q=mysql_query("select username from users where username=uid");

The browser interprets the string, and finds javascript code among other things (although your script tag is incorrect and should be simply <script>
Step 2. Browser does stuff

var uid = document.form1.username;

Among the things the browser does is get information from document.form.username

However, there is no step 3 (which you seems to assume would be the server knowing what the browser is up to).

This line has allready been handled in Step 1, where there was no javascript variable called uid

<?php $q=mysql_query("select username from users where username=uid");

As such, the query being executed is trying to use "uid", not as a string literal, but as an identifier. It could have been used as a reserved word as well, but uid isn't reserved in MySQL. If you have no such field in table users, then you will have an error in your SQL query.

Thus, first let the server do what it needs in order to produce output. Then let the client do what it needs to send data back to the server (usually through a GET or POST request). Then let the server handle the information sent back.