Member Avatar for jokomamamita

Greetings all,

Me and my friend are doing a group project and we encountered a problem lately.

If you check out the site : www.meteor-idea.com

And you click on Login -> Signup -> Put everything blank and hit submit, you will notice an error message saying "Please insert userid."

We managed to get the source code and tried in our own host:

http://vikgfx.com/mhms

And if we go through the same step, Login > SignUp > Leave everything blank and hit submit, the error message is not appearing.

Any help would be greatly appreciated. We are doing our project base on the meteor-idea site and if this can be worked out, it would help us to deal with other aspects of our project. If we can get the UserID error message to work, all the other IDs can be done easily.

Basically what I am trying to do is:

1. When a user submits the form without filling anything
2. The same page will re-appear with an error message "Please insert userid."

The code that we have is:

<?php require_once('Connections/mysqlConnection.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }



  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);



  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;    

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}



$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}



if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

      

    $userid=$_POST['txtUserID'];

    $password1=$_POST['txtPassword1'];

    $password2=$_POST['txtPassword2'];

    $level=$_POST['level'];

    $title=$_POST['cboTitle'];

    $name=$_POST['txtName'];

    $street=$_POST['txtStreet'];

    $city=$_POST['txtCity'];

    $state=$_POST['cboState'];

    $zipcode=$_POST['txtZipCode'];

    $country=$_POST['cboCountry'];

    $phoneno=$_POST['txtPhoneNo'];

    $altphoneno=$_POST['txtAltPhoneNo'];

    $faxno=$_POST['txtFaxNo'];

    $email=$_POST['txtEmail'];

    

    $suserid ="";

    $spassword1 ="";

    $spassword2 ="";

    $stitle ="";

    $sname ="";

    $sstreet ="";

    $scity ="";

    $sstate ="";

    $szipcode ="";

    $scountry ="";

    $sphone ="";

    $saltphone ="";

    $sfax ="";

    $semail ="";

    

   if ($userid == "" and $password1 == "" and $password2 == "" and $level == ""  and $name == ""  and  $street == ""  and $city == "" and $zipcode == ""  and $phoneno == ""  and $altphoneno == ""  and $faxno == ""  and $email == "" ) {

      $suserid = "Please insert userid.";

      //$spassword1 = "Please insert password.";

      //$spassword2 = "Please insert re-type password.";

      //$stitle = "Please insert title.";

      //$sname = "Please insert name.";

      //$sstreet = "Please insert street.";

      //$sstate = "Please insert state.";

      //$szipcode = "Please insert zipcode.";

      //$scountry = "Please insert country.";

      //$sphone = "Please insert phone no.";

      //$semail = "Please insert email.";

      $url="SignUp.php?suserid=".$suserid."&spassword1=".$spassword1."&spassword2=".$spassword2."&stitle=".$stitle."&sname=".$sname."&sstreet=".$sstreet."&sstate=".$sstate."&szipcode=".$szipcode."&scountry=".$scountry."&sphone=".$sphone."&semail=".$semail;

      header("Location: ". $url );



}



  else if ($userid == "" ) {

      //echo "<p>" .   $_POST['txtuserID'] . "</p>";

      $suserid = "Please insert userid";

      $url="SignUp.php?suserid=".$suserid."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );

  }

  elseif ($password1 == ""){

      $spassword1 = "Please insert password.";

      $url="SignUp.php?spassword1=".$spassword1."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($password2 == ""){

      $spassword2 = "Please insert re-type password.";

      $url="SignUp.php?spassword2=".$spassword2."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($title == "" ){

      $stitle = "Please insert title.";

      $url="SignUp.php?stitle=".$stitle."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($name == ""){

      $sname = "Please insert name.";

      $url="SignUp.php?sname=".$sname."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($street == "" ){

      $sstreet = "Please insert street.";

      $url="SignUp.php?sstreet=".$sstreet."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($state == "" ){

      $sstate = "Please insert state.";

      $url="SignUp.php?sstate=".$sstate."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($zipcode == ""  ){

      $szipcode = "Please insert zipcode.";

      $url="SignUp.php?szipcode=".$szipcode."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($country == ""  ){

      $scountry = "Please insert country.";

      $url="SignUp.php?scountry=".$scountry."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($phoneno == ""  ){

      $sphone = "Please insert phone no.";

      $url="SignUp.php?sphone=".$sphone."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }

  elseif ($email == "" ){

      $semail = "Please insert email.";

      $url="SignUp.php?semail=".$semail."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );      

  }



  else

  {

  if ($password1 == $password2){

  mysql_select_db($database_mysqlConnection, $mysqlConnection);          

  $LoginRS__query=sprintf("SELECT Count(*) From user WHERE userID=%s",

  GetSQLValueString($userid, "text"));

  $LoginRS = mysql_query($LoginRS__query, $mysqlConnection) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

    $loginStrGroup  = mysql_result($LoginRS,0);

    if ( $loginStrGroup == "0" ) {



  $insertSQL = sprintf("INSERT INTO user (userID, password, `level`) VALUES (%s, %s, %s)",

                       GetSQLValueString($_POST['txtUserID'], "text"),

                       GetSQLValueString($_POST['txtPassword1'], "text"),

                       GetSQLValueString($_POST['level'], "text"));



  mysql_select_db($database_mysqlConnection, $mysqlConnection);

  $Result1 = mysql_query($insertSQL, $mysqlConnection) or die(mysql_error());



  $insertSQL = sprintf("INSERT INTO `userinfo` (userID, Title, Name, Street, City, `State`, ZipCode, Country, PhoneNo, AltPhoneNo, FaxNo, Email) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",

                       GetSQLValueString($_POST['txtUserID'], "text"),

                       GetSQLValueString($_POST['cboTitle'], "text"),

                       GetSQLValueString($_POST['txtName'], "text"),

                       GetSQLValueString($_POST['txtStreet'], "text"),

                       GetSQLValueString($_POST['txtCity'], "text"),

                       GetSQLValueString($_POST['cboState'], "text"),

                       GetSQLValueString($_POST['txtZipCode'], "text"),

                       GetSQLValueString($_POST['cboCountry'], "text"),

                       GetSQLValueString($_POST['txtPhoneNo'], "text"),

                       GetSQLValueString($_POST['txtAltPhoneNo'], "text"),

                       GetSQLValueString($_POST['txtFaxNo'], "text"),

                       GetSQLValueString($_POST['txtEmail'], "text"));



  mysql_select_db($database_mysqlConnection, $mysqlConnection);

  $Result1 = mysql_query($insertSQL, $mysqlConnection) or die(mysql_error());



  $insertGoTo = "SignUpSuccess.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

    $insertGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $insertGoTo));

    }

    else

    {

          $greetingx = "User ID already exist.";

      $url="SignUp.php?greetingx=".$greetingx."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );    

    }

  }

  }

  else if ($password1 != $password2)

  {

      $greetings = "Password do not match.";

      $url="SignUp.php?greetings=".$greetings."&userid=".$userid."&password1=".$password1."&password2=".$password2."&level=".$level."&title=".$title."&name=".$name."&street=".$street."&city=".$city."&state=".$state."&zipcode=".$zipcode."&country=".$country."&phoneno=".$phoneno."&altphoneno=".$altphoneno."&faxno=".$faxno."&email=".$email;

      header("Location: ". $url );

  }

}

}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">



<html>

<head>

    <title>Master Hotel Management System</title>

    <link rel=stylesheet type="text/css" href="style.css">

    <script type="text/javascript">

<!--

function MM_preloadImages() { //v3.0

  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();

    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)

    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}

}

//-->

    </script>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><style type="text/css">

<!--

body {

    background-color: #000;

}

-->

</style></head>



<body  text="#EAF5FF" bottommargin="0" leftmargin="0" marginheight="0" marginwidth="0" rightmargin="0" topmargin="0">



<table width="100%" height="33" cellpadding="0" cellspacing="0" border="0">

    <tr valign="top">



        <td width="368" height="33"><img src="3buttonarea.jpg" width="427" height="33" border="0" alt=""></td>

        <td width="100%" height="33" background="3buttonareabg.jpg">&nbsp;</td>

  </tr>

</table>







<table width="100%" cellpadding="0" cellspacing="0" border="0">

    <tr valign="top">



        <td width="207">

<!-- the rest of the menu buttons go below, edit blankbutton.jpg / or .psd and save as a different

name to create a new button.  Then change the src="" below to the new file name -->

<BR>

<BR>

<BR>

<BR>

<BR>

<BR>

<!-- end of button menu -->

<!-- you can add other text/images for the left side menu below this comment but not after the </td> -->



      </td>



    

    

        <td width="20">&nbsp;&nbsp;&nbsp;</td>



        <td width="100%">



            <table width="100%" cellpadding="10" cellspacing="0" border="0">

                <tr valign="top">

                    <td>            

<!------------------------ Content area, delete anything below this comment and add your content below ---------------------------->

<H3>.: Please Sign Up</h3>

<br />





<form name="form1" method="POST" action="<?php echo $editFormAction; ?>">

  

  

  <table width="527" border="0">

    <tr>

      <td>User ID</td>

      <td style="color: red"><input type="text" name="txtUserID" id="txtUserID"  value="<?php echo $_GET["userid"]; ?>"><H5><p><span class="wrong"><?php echo $suserid; ?></span></p></H5></td>

      </tr>

    <tr>

      <td>Password</td>

      <td style="color: red"><input type="password" name="txtPassword1" id="txtPassword1"  value="<?php echo $_GET["password1"]; ?>"> 

       <?= $spassword1 ?></td>

      </tr>

    <tr>

      <td>Re-type password</td>

      <td style="color: red"><input type="password" name="txtPassword2" id="txtPassword2" value="<?php echo $_GET["password2"]; ?>"> <?= $spassword2 ?></td>

      ....

....

....

..........

    <tr>

      <td>&nbsp;</td>

      <td><input type="submit" name="btnSubmit" id="btnSubmit" value="Submit">

        <input type="reset" name="btnCancel" id="btnCancel" value="Reset"></td>

      </tr>

    <tr>

      <td>&nbsp;</td>

      <td><p>&nbsp;</p></td>

      </tr>

    </table>

  <input type="hidden" name="MM_insert" value="form1">

</form>

<p align="justify" style="color:#F00"> 

<p align="justify"><BR><BR><BR>

  

  <center>

    Master Hotel

    Management Software © Copyright 2010, All rights reserved.

  </center>

  

  <center>

</center></td>

                </tr>

            </table>            

        </td>

        

        <td width="20">&nbsp;&nbsp;&nbsp;</td>

    </tr>

</table>



</body>

</html>

Thanks in advance!

  • 4 Contributors
  • 6 Replies
  • 223 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by rajarajan2017
Member Avatar for rajarajan2017

Try with : $_GET["suserid"];

commented: Thanks for your help ~ jokomamamita +0
Member Avatar for nonshatter

Why do you want the user to enter the user id? Shouldn't this be handled by an auto increment field in your database?

This is roughly how I would validate it...

<?php
function VerifyForm(&$values, &wrong)  {

    if (strlen($values['userid']) == 0) {
		$wrong['userid'] = 'Enter your user id';   	
    }	
    return (count($wrong) == 0);
}
?>

<html>
<head></head>
<body>

<?php
	if (count($wrong) > 0) {
        	echo "There were some errors in your form...";     
   	}  
?>
<form action="#" method="post">
<table><tr>
	<td>User id:</td>
	<td><input type="text" name="userid"  <?php echo htmlentities($values['userid']) ?>></td>
	<td class="wrong"><?php echo $wrong['userid'] ?></td>
</tr></table>
</form>
</body>
</html>
commented: Thanks for your tips ~ jokomamamita +0
Member Avatar for colweb

This can be done with php but it is a lot easier to use javascript for it. Like so:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<script type="text/javascript">
	function final_check(form) {
		if ( form.userid.value == "" ) {
			document.getElementById('errormsg').style.display='block';
			return false;
		}
		if ( form.passwd.value == "" ) {
			document.getElementById('errormsg').style.display='block';
			return false;
    		}
		form.submit();
	}
</script>
</head>
<body>
	<form name="loginform" action="whatever.php" method="post">

	<table border="0" cellpadding="0" cellspacing="3" style="border-style:none;">
	<tr>
		<td>User ID:</td>
		<td><input type="text" name="userid" value=""></td>
	</tr>
	<tr>
		<td>Password</td>
		<td><input type="text" name="passwd" value=""></td>
	</tr>
	<tr>
		<td colspan="2" align="center"><input type="Button" value="Submit" onclick="final_check(this.form)"></td>
	</tr>
	</table>
	
	</form>
	<div id="errormsg" style="display:none">Please enter a userid and password</div>
</body>
</html>

This will display the from with a submit button and when clicked, the javascript function will either submit the fom or unhide a hidden div with the error message. It that case, you can simple enter a userid and/or password and click submit again. The javascript doesn't unhide the div anymore, because if all is well, the form will be submitted to whatever.php where the full validation can take place.

Edited by colweb because: n/a
commented: Thanks for your tips ~ jokomamamita +0
Member Avatar for jokomamamita

@colweb - Thanks a lot for the tips. Although I have been told not to use javascript for the form part, but what you have written certainly did thought me some bits and pieces about the implementation of javascript validation. Thanks for your great help! :)

@nonshatter - Thanks a lot for your reply as well. Well, the 'user id' supposed to be the username. Sorry for the confusion though. Thanks for your tips as well. It was really helpful. :)

@rajarajan07 - Thanks for the instant reply. Your method works like a charm! Exactly what I was looking for. Can you let me know why the $_GET should be used instead of the usual echo? Thanks once again.

Thank you all!

Member Avatar for colweb

@colweb - Thanks a lot for the tips. Although I have been told not to use javascript for the form part, but what you have written certainly did thought me some bits and pieces about the implementation of javascript validation. Thanks for your great help! :)

Thank you all!

As stated already, there is no reason not to use javascript to validate form data before submitting it.
But, in this case (userid and password) you must always use a php script to do the final validation. Javascript can be used to check if an id is entered, does it contain any invalid characters and things like that. The php script must check with the database if the entered userid is a valid user.

Sometimes I get the feeling that the posters in this forum are too much focused on doing everything only with PHP. Even when there are easier methods.

Edited by colweb because: n/a
Member Avatar for rajarajan2017

@rajarajan07 - Thanks for the instant reply. Your method works like a charm! Exactly what I was looking for. Can you let me know why the $_GET should be used instead of the usual echo? Thanks once again.

$GET is used to access the value of a variable to another variable. means suserid is retrieved with the $GET and you can store or echo to display the value.

Echo is just a print statement to print your values and statements as a string. You can display the value whatever you get from $GET and display on the page using echo.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.