0

I am a beginner at PHP and I am trying to build a register form for a project, I made all the validations possible, however I am stuck from here as where it should go, I want the form to validate all the following then submit if all is true.

PHP code:

<?php

//register form v1.0

error_reporting(0);

//declares register form


$formFields = array('reg-username' => 'اسم المستخدم', 
    'reg-email' => 'البريد الإلكتروني', 
    'reg-password' => 'كلمة المرور', 
    'reg-confirmPassword' => 'تأكيد كلمة المرور');




function checkBlank(){

global $formFields;


//now I want the browser to check each field if its empty

foreach($formFields as $fieldName => $fieldRealName){
    if(empty($_POST[$fieldName])){
        echo '<ul class="ErrorMessage"><li>لم تدخل '. $fieldRealName .' * </li></ul>';
        echo '<style>.'. $fieldName .'{
            border-color: red;
        }
        .'. $fieldName .'::-webkit-input-placeholder {
   color: red;
}
        .'. $fieldName .'-h{
            color: red;
        }
        #asetrik{
            display: none;
        }
        </style>';
}
}

}



//blank fields have been checked
function checkPass(){

        $regPassword = $_POST['reg-password'];
        $regConfPassword = $_POST['reg-confirmPassword'];



    if($regPassword !== $regConfPassword){
        echo '<ul class="ErrorMessage"><li>كلمات المرور غير متطابقة *</li></ul>';
    } //if the fields are not empty i want it to check if the passwords match
    }   


    function checkEmail(){



        $regEmail = $_POST['reg-email'];

        if (!filter_var($regEmail, FILTER_VALIDATE_EMAIL)) {

                echo '<ul class="ErrorMessage"><li>البريد الإلكتروني المدخل غير صحيح *</li></ul>';
    }

    function checkName(){
        $regUsername = $_POST['reg-username'];
if ( !preg_match('/^[A-Za-z][A-Za-z0-9]{5,31}$/', $regUsername)){
  echo '<ul class="ErrorMessage"><li>اسم المستخدم يجب أن يبدأ بحرف *</li></ul>'; 
}
    }



function checkExist(){

        $regUsername = $_POST['reg-username'];
        $regEmail = $_POST['reg-email'];
        $connectToDB  = mysql_connect('localhost', 'root', '') or die(mysql_error());
        $selectDB = mysql_select_db('supermazad') or die(mysql_error());
        $checkIfExist = mysql_query("SELECT * FROM users WHERE username LIKE '".$regUsername."' OR email LIKE '".$regEmail."' ");


        if(mysql_num_rows($checkIfExist) > 0){
        echo '<ul class="ErrorMessage"><li>اسم المستخدم/ البريد الإلكتروني موجود *</li></ul>';

}
}















?>
Khalid Almalki
  • 65
  • 1
  • 7
  • I'm not sure what you are expecting. This isn't a problem, it is missing code. You have functions, so you need a loop that has an if -then-else block that checks to see if the form was submitted and validated, using your validation functions. For the else statement, you should return your form, possibly annotated with error messages. Your validation functions should not echo the errors directly but instead should add them to an array variable that is used in your form if it exists. The functions need to return true, if validated and false if not. – gview Mar 22 '16 at 19:43
  • Your code is vulnerable to SQL injection. Please read [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for information on how to fix it. – Matt Raines Mar 23 '16 at 08:00
  • The `mysql_*` functions in PHP are deprecated and shouldn't be used. Please read [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) for information on why and what to replace them with. – Matt Raines Mar 23 '16 at 08:00

3 Answers3

0

See my comment. There are different ways to handle submits, and often pages have multiple forms on them. Let's say your form has a submit button.

<input type="submit" name="submit-form" value="Done">

Pseudo code for this would be something like this:

$formErrors = array();
// You would need to add this as a global to all your functions, and as mentioned in my comment, add your errors to this array rather than echoing them out from the functions

if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['submit-form'])) && checkblank() && checkPass() && ...etc) {
    //form was submitted and is ok
} else {
    //You echo out your form.
}
gview
  • 14,876
  • 3
  • 46
  • 51
0

why not using jquery validator plugin? It's a very good option.

Check this: http://jqueryvalidation.org/

jonal
  • 55
  • 9
0

I knew that you are new on php but you have to keep in mind that all backend code have to be secured. That's why you need to make a lot of checks. Furthermore when you deal with database, you need to secure your code against injection. Now you will find some people telling you to do it in javascript, DON'T LISTEN TO THEM !

Anyone can make post queries without using your js code, and so all your js checking will be bypassed. Of course you can make a layer of checking in browser before sending to the server, but you have to do the checking in the server as well.

So when you check for element sended to the server, you have to check if it exist (!=null) which can be easily made with the function isset :

    if ( isset($_POST['reg-username'],$_POST['reg-email'],$_POST['reg-password'], $_POST['reg-confirmPassword'] ){
         // Further checks
    }else{
         // call a function that will return an error message
         error($PARAMETERS_NOT_SET)
    }

The second thing that you have to bear in mind when using parameters from the client in database queries, check if there's an injection. This can be a bit painfull, that's why you have to use the prepared queries: 

$statement ="SELECT * FROM users WHERE username LIKE :username OR email LIKE :email ";
$sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array("username"=>$regUsername,"email"=>$regEmail));
$resultList= $sth->fetchAll();

PS : That's very cool to see arabic in stackoverflow.

rsabir
  • 738
  • 1
  • 7
  • 17