Hi all in daniweb,
I attempted some form validation but I seem to have made a complete mess of it. Before I introduced the validation and regular expressions it was working fine but because I'm not really sure of this topic I made some syntax errors. I would really appreciate any help with this as I really need this form to validate properly and I'd like to know where I went wrong. I left out some of the form fields for brevity.

The Form Action

case 'Create Account': 
        $error=array(); 
        $name = (isset($_POST['name'])) trim(? $_POST['name']) : ''; 
        if(empty($name)){ 
        $error[]=urlencode('Please enter your fullname.'); 
        } 
         
        $email = (isset($_POST['email'])) trim(? $_POST['email']) : ''; 
        if(empty($email)){ 
        $error[]=urlencode('Please enter your email.'); 
        if (strpos($email, ".") > 0) && 
                   (strpos($email, "@") > 0)) || 
                    preg_match("/[^a-zA-Z0-9.@_-]/", $email)) 
        $error[] = urlencode('The Email address is invalid.'); 
        } 
         
        $username = (isset($_POST['username'])) trim(? $_POST['username']) : ''; 
        if(empty($username)){ 
        $error[]=urlencode('Please enter a username.'); 
        if (strlen($username)) < 5){ 
         $error[] = urlencode('Usernames must be at least 5 characters long.'); 
        } 
         
        // check if username already is registered 
        $sql = 'SELECT username FROM site_users WHERE username = "' . 
        $username . '"'; 
        $result = mysql_query($sql, $db) or die(mysql_error()); 
        if (mysql_num_rows($result) > 0) { 
        $errors[] = 'Username ' . $username . ' is already registered.'; 
        $username = ''; 
    } 
        $age = (isset($_POST['age'])) trim(? $_POST['age']) : ''; 
        if(empty($age)){ 
        $error[]=urlencode('Please enter your age.'); 
        if (!is_numeric($age)) { 
            $error[] = urlencode('Please enter a numeric value for age.'); 
        } else if ($age < 18 || $age > 110) { 
            $error[] = urlencode('Please enter age between 18 and 110.'); 
        } 
         
        $phone = (isset($_POST['phone'])) trim(? $_POST['phone']) : ''; 
        if(empty($phone)){ 
        $error[]=urlencode('Please enter your phone number.'); 
        if (!is_numeric($phone)) { 
            $error[] = urlencode('Please enter a numeric value for phone number.'); 
        } 

        $password_1 = (isset($_POST['password_1'])) trim(? $_POST['password_1']) : ''; 
        if(empty($password_1)){ 
        $error[]=urlencode('Please enter password 1.'); 
        if (strlen($password_1)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 

        $password_2 = (isset($_POST['password_2'])) trim(? $_POST['password_2']) : ''; 
        if(empty($password_2)){ 
        $error[]=urlencode('Please enter password 2.'); 
        if (strlen($password_2)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 
         
        $password = ($password_1 == $password_2) ? $password_1 : ''; 
        if (empty($error)) {  
            $sql = 'INSERT INTO site_users 
                    (email, password, name, username, age, phone, address, county) 
                VALUES 
                ("' . mysql_real_escape_string($email, $db) . '", 
                PASSWORD("' . mysql_real_escape_string($password, $db) . '"),  
                "' . mysql_real_escape_string($name, $db) . '", 
                "' . mysql_real_escape_string($username, $db) . '", 
                  "' . mysql_real_escape_string($age, $db) . '", 
                   "' . mysql_real_escape_string($phone, $db) . '" 

             
            mysql_query($sql, $db) or die(mysql_error($db)); 

            session_start(); 
            $_SESSION['user_id'] = mysql_insert_id($db); 
            $_SESSION['access_level'] = 1; 
            $_SESSION['name'] = $name; 
            $_SESSION['username'] = $username; 
         
        }else{ 
        header('Location:register.php?action=create account' . 
              '&error=' . join($error, urlencode('<br/>'))); 
        } 
        redirect('cms_index.php'); 
        break;

The checkuser availability might be in the wrong place and also I think
the last bit after the else statement isn't right. I'm not sure what I need to do at that point in the function.
The Form

<form method="post" action="cms_transact_user.php"> 
<td> 
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> 
  <tr> 
  <td colspan="3"><strong><br/>Sign Up</strong></td> 
  </tr> 
  <tr> 
  <td>&nbsp;</td> 
  </tr> 
  <tr> 
   <td><label for="name">Full&nbsp;Name: </label></td> 
   <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" 
     value="<?php echo htmlspecialchars($name); ?>"/></td> 
  </tr> 
ETC....
<tr> 
   <td> 
    <input type="submit" name="action" value="Create Account"/> 
   </td> </tr> 
  </table> 
  </form>

I would be extremely grateful if someone can help me to get this form to work properly as if I could get the syntax right for one form I can work away with the rest. I've tried tutorials online but they all use different methods to validate and as my forms are already built I need to keep the form structure I have. I'm really stuck on this and
I have to have this working by tomorrow so if anyone can help, you would definately be doing your good deed for the day.

Hi

Try using this regular expression to validate your email.

^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]

and for the rest? try posting the specific validations that arent working.

Regards

Hi all in daniweb,
I attempted some form validation but I seem to have made a complete mess of it. Before I introduced the validation and regular expressions it was working fine but because I'm not really sure of this topic I made some syntax errors. I would really appreciate any help with this as I really need this form to validate properly and I'd like to know where I went wrong. I left out some of the form fields for brevity.

The Form Action

case 'Create Account': 
        $error=array(); 
        $name = (isset($_POST['name'])) trim(? $_POST['name']) : ''; 
        if(empty($name)){ 
        $error[]=urlencode('Please enter your fullname.'); 
        } 
         
        $email = (isset($_POST['email'])) trim(? $_POST['email']) : ''; 
        if(empty($email)){ 
        $error[]=urlencode('Please enter your email.'); 
        if (strpos($email, ".") > 0) && 
                   (strpos($email, "@") > 0)) || 
                    preg_match("/[^a-zA-Z0-9.@_-]/", $email)) 
        $error[] = urlencode('The Email address is invalid.'); 
        } 
         
        $username = (isset($_POST['username'])) trim(? $_POST['username']) : ''; 
        if(empty($username)){ 
        $error[]=urlencode('Please enter a username.'); 
        if (strlen($username)) < 5){ 
         $error[] = urlencode('Usernames must be at least 5 characters long.'); 
        } 
         
        // check if username already is registered 
        $sql = 'SELECT username FROM site_users WHERE username = "' . 
        $username . '"'; 
        $result = mysql_query($sql, $db) or die(mysql_error()); 
        if (mysql_num_rows($result) > 0) { 
        $errors[] = 'Username ' . $username . ' is already registered.'; 
        $username = ''; 
    } 
        $age = (isset($_POST['age'])) trim(? $_POST['age']) : ''; 
        if(empty($age)){ 
        $error[]=urlencode('Please enter your age.'); 
        if (!is_numeric($age)) { 
            $error[] = urlencode('Please enter a numeric value for age.'); 
        } else if ($age < 18 || $age > 110) { 
            $error[] = urlencode('Please enter age between 18 and 110.'); 
        } 
         
        $phone = (isset($_POST['phone'])) trim(? $_POST['phone']) : ''; 
        if(empty($phone)){ 
        $error[]=urlencode('Please enter your phone number.'); 
        if (!is_numeric($phone)) { 
            $error[] = urlencode('Please enter a numeric value for phone number.'); 
        } 

        $password_1 = (isset($_POST['password_1'])) trim(? $_POST['password_1']) : ''; 
        if(empty($password_1)){ 
        $error[]=urlencode('Please enter password 1.'); 
        if (strlen($password_1)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 

        $password_2 = (isset($_POST['password_2'])) trim(? $_POST['password_2']) : ''; 
        if(empty($password_2)){ 
        $error[]=urlencode('Please enter password 2.'); 
        if (strlen($password_2)) < 6){ 
        $error[] = urlencode('Passwords must be at least 6 characters long.'); 
        } 
         
        $password = ($password_1 == $password_2) ? $password_1 : ''; 
        if (empty($error)) {  
            $sql = 'INSERT INTO site_users 
                    (email, password, name, username, age, phone, address, county) 
                VALUES 
                ("' . mysql_real_escape_string($email, $db) . '", 
                PASSWORD("' . mysql_real_escape_string($password, $db) . '"),  
                "' . mysql_real_escape_string($name, $db) . '", 
                "' . mysql_real_escape_string($username, $db) . '", 
                  "' . mysql_real_escape_string($age, $db) . '", 
                   "' . mysql_real_escape_string($phone, $db) . '" 

             
            mysql_query($sql, $db) or die(mysql_error($db)); 

            session_start(); 
            $_SESSION['user_id'] = mysql_insert_id($db); 
            $_SESSION['access_level'] = 1; 
            $_SESSION['name'] = $name; 
            $_SESSION['username'] = $username; 
         
        }else{ 
        header('Location:register.php?action=create account' . 
              '&error=' . join($error, urlencode('<br/>'))); 
        } 
        redirect('cms_index.php'); 
        break;

The checkuser availability might be in the wrong place and also I think
the last bit after the else statement isn't right. I'm not sure what I need to do at that point in the function.
The Form

<form method="post" action="cms_transact_user.php"> 
<td> 
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> 
  <tr> 
  <td colspan="3"><strong><br/>Sign Up</strong></td> 
  </tr> 
  <tr> 
  <td>&nbsp;</td> 
  </tr> 
  <tr> 
   <td><label for="name">Full&nbsp;Name: </label></td> 
   <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" 
     value="<?php echo htmlspecialchars($name); ?>"/></td> 
  </tr> 
ETC....
<tr> 
   <td> 
    <input type="submit" name="action" value="Create Account"/> 
   </td> </tr> 
  </table> 
  </form>

I would be extremely grateful if someone can help me to get this form to work properly as if I could get the syntax right for one form I can work away with the rest. I've tried tutorials online but they all use different methods to validate and as my forms are already built I need to keep the form structure I have. I'm really stuck on this and
I have to have this working by tomorrow so if anyone can help, you would definately be doing your good deed for the day.

To validate email syntax a good library is:
http://code.google.com/p/php-email-address-validation/

It tries to follow the email address specification as close as possible.

To validate it via SMTP a good library is:
http://code.google.com/p/php-smtp-email-validation/

Note with SMTP you should consider invalid as meaning it could not be validated, and not as the last authority.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.