I'm creating a Wedding Planning Web Application. My Database is connected but no data is being inserted nor am I receiving any error messages when trying to register a user.
I'm being directed straight to the linked Login page. I've tried to match the date formatting (User input as dd/mm/yyyy and being stored as yyyy/mm/dd) from php and MySQL but not sure if it's working/ if it is the issue.
I've been trying to figure out a solution for hours and I'm under pressure to solve it so I can complete my dissertation.
<?php
//Starts the session
session_start();
require_once 'DBConnect.php';
$firstname = "";
$lastname = "";
$email_address = "";
$phone_num = "";
$acc_password = "";
$weddingdate = "";
// REGISTER USER
if (isset($_POST['btn-Register']))
{
// receive all input values from the form
$firstname = mysqli_real_escape_string($DBcon, $_POST['firstname']);
$lastname = mysqli_real_escape_string($DBcon, $_POST['lastname']);
$email_address = mysqli_real_escape_string($DBcon,
$_POST['email_address']);
$phone_num = mysqli_real_escape_string($DBcon, $_POST['phone_num']);
$acc_password = mysqli_real_escape_string($DBcon,
$_POST['acc_password']);
$weddingdate = mysqli_real_escape_string($DBcon,
$_POST['weddingdate']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
// phone_num and weddingdate can be NULL
if (empty($firstname)) { array_push($errors, "First Name is
required"); }
if (empty($lastname)) { array_push($errors, "Last Name is
required"); }
if (empty($email_address)) { array_push($errors, "Email is
required"); }
if (empty($acc_password)) { array_push($errors, "Password is
required"); }
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM customer WHERE email_address =
'$email_address' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
//if user exists
if ($user['email_address'] === $email_address)
{
array_push($errors, "User already exists");
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0)
{
//encrypt the password before saving in the database
$acc_password = md5($acc_password);
$query = "INSERT INTO customer (firstname, lastname,
email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname' '$email_address',
'$phone_num', '$acc_password', '$weddingdate')";
mysqli_query($DBcon, $query);
$_SESSION['email_address'] = $email_address;
$_SESSION['success'] = "You are now Registered";
header('location: Login.php');
}
//This should format the date with phpMyAdmin
$weddingdate = date('Y-m-d H:i', strtotime($_POST["weddingdate"]));
// LOGIN USER
if (isset($_POST['btn-Login']))
{
$email_address = mysqli_real_escape_string($DBcon,
$_POST['email_address']);
$acc_password = mysqli_real_escape_string($DBcon,
$_POST['acc_password']);
if (empty($email_address))
{
array_push($errors, "Email Address is required");
}
if (empty($acc_password))
{
array_push($errors, "Password is required");
}
if (count($errors) == 0)
{
$acc_password = md5($acc_password);
$query = "SELECT * FROM customer WHERE
email_address='$email_address' AND
acc_password='$acc_password'";
$results = mysqli_query($DBcon, $query);
if (mysqli_num_rows($results) == 1)
{
$_SESSION['email_address'] = $email_address;
$_SESSION['success'] = "You are now logged in";
header('location: Main.php');
}else
{
array_push($errors, "Wrong username/password
combination");
}
}
}
}
?>
There is syntax error in insert query line.
$query = "INSERT INTO customer (firstname, lastname, email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname', '$email_address', '$phone_num', '$acc_password', '$weddingdate')";
One Comma , is missing after '$lastname'
The issue is probably that the variables aren't being taken as their values. You need to escape the sequence before you can add the variables. So, instead of having
$query = "INSERT INTO customer (firstname, lastname,
email_address, phone_num, acc_password, weddingdate)
VALUES('$firstname', '$lastname', '$email_address',
'$phone_num', '$acc_password', '$weddingdate')";
You need to do this
$query = "INSERT INTO customer (firstname, lastname, email_address,
phone_num, acc_password, weddingdate) VALUES(
'" . $firstname . "', '" . $lastname . "',
'" . $email_address . "', '" . $phone_num . "',
'" . $acc_password . "', '" . $weddingdate . "')";
This should fix your problem, but as a few of the other commenters have mentioned, this may leave you open to SQL injection. You should be using prepared statements to protect yourself from those vulnerabilities.
Related
<?php
session_start();
$username = "";
$email = "";
$db = mysqli_connect("localhost", "root", "", "authentication");
if (isset($_POST['register_btn'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password2 = mysqli_real_escape_string($db, $_POST['password2']);
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
header("Refresh:0");
echo "usrname exists";
}
if ($user['email'] === $email) {
header("Refresh:0");
echo "error";
}
}
if ($password == $password2) {
$password = md5($password);
$sql = "INSERT INTO users
(username, email, password, name, street,
postcode, age , center)
VALUES('$username', '$email', '$password', '$name', '$street',
'$postcode', '$age', '$center')";
mysqli_query($db, $sql);
$_SESSION['message'] = "Account registered";
$_SESSION['username'] = $username;
header("location: login.php");
}else{
$_ERROR= "Something went wrong :/";
}
}
As shown above is some PHP code, the purpose here is to register a user then redirect them to the login page, however after multiple attempts of trying to use validation to see if an email or username already exists, after clicking the register button it still just records the registered details into the database names authentication (Users). I have put 'header ("Refresh") to test if it even reads through the if statement, It does not seem to.
I know md5 is insecure, and I will replace it.
Any advice on what I may have done wrong.
I have used snippets of code from here however I have attempted a few other solutions with no luck.
I've created a registration form which takes a user's name, username, email and password. I've also created a sql database using XAMPP control panel, named the database 'registration' and created a table called 'users' to store all the inputs.
When the user enters this data, they should be presented with the login page and in the background the data should be store int he database..but when I opened up phpmyadmin to check the table, there is no data saved.
Below is the code I used to sent the inputs from the user to the database which is my 'server.php' file:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', 'root', 'registration');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: https://georginahughes48.wixsite.com/makeupyourmind');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Please let me know if any further code is needed to assist me with this issue..Thanks in advance!
After connection code add this line
if($db->connect_errno)
{
echo "Error: ( " .$db->errorno. " )". $db->error;
die;
}
Just replace this code
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
if( mysqli_query($db, $query))
{
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
else
{
echo mysqli_error($db);
}
}
}
Check if it gives any errors.
Try your code in try catch block. Replace your register part with this:
// Finally, register user if there are no errors in the form
try {
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
This will give you error if anything breaks in between, else your code is seems okay.
Step 1 : change the code like following:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
if (!$db) {
die("Connection failed: " . mysqli_connect_error());
}
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
if( mysqli_query($db, $query))
{
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
else
{
echo mysqli_error($db);
}
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: https://georginahughes48.wixsite.com/makeupyourmind');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Assuming there is no password for mysql.
Step 2:
Recheck mysql connection and table names case and spelling
Step 3:
Check the nullable fields, field types and length in table. If you have primary key check if auto increment is there or not. hope this will help.
So after a lot of testing, I've finally been able to get $_SERVER["REMOTE_ADDR"] to successfully post the IP into my MySQL Database
EXCEPT that it doesn't actually
post the right IP. It is only gathering the first 4 numbers and it's not putting periods after the sets of numbers. (I'm attempting to log IP's when users register accounts )
What could be the problem and how can I solve it?
Here is my Current Code:
<?php
session_start();
// variable declaration
$username = "";
$email = "";
$errors = array();
$_SESSION['success'] = "";
$ip = $_SERVER["REMOTE_ADDR"];
// connect to database
$db = mysqli_connect('host','user','pass','db')
or die('Error connecting to MySQL server.');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$ip = mysqli_real_escape_string($db, $_POST = $_SERVER["REMOTE_ADDR"]);
// form validation: ensure that the form is correctly filled
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password, ip)
VALUES('$username', '$email', '$password', '$ip')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
mysql_error();
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
The code relating to $_SERVER["REMOTE_ADDR"];
$ip = $_SERVER["REMOTE_ADDR"];
$ip = mysqli_real_escape_string($db, $_POST = $_SERVER["REMOTE_ADDR"]);
$query = "INSERT INTO users (username, email, password, ip)
VALUES('$username', '$email', '$password', '$ip')";
You need to make sure that your database table column IP is (var)char of at least 15 characters, for example VARCHAR(15). (Or more than 15 for ipv6)
Also, why do you write $_POST = $_SERVER["REMOTE_ADDR"], and thus try to overwrite $_POST? Change that into just $_SERVER["REMOTE_ADDR"]!
Lastly, lookup parameterized queries.
for school i have to make a portfolio with a working login and registration system, the login part kinda works but by the regestration part i kinda got stuck. so why doesn't want to insert the users data after it checks the database of the username and email already exists? (hope u dont mind, but i am still a student who recently started with coding)
<?php
include_once 'db_connect.php';
include_once 'psl-config.php';
$error_msg = "";
if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error_msg .= '<p class="error">The email address you entered is not valid!</p>';
}
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
$query_username = "SELECT id
FROM members
Where username == '$username'
LIMIT 1";
$available_username = array();
if ($resultUsername = mysqli_query($mysqli, $query_username)) {
if (mysqli_num_rows($resultUsername) > 0) {
$error_msg .= '<p class="error">A user with this username already exists!</p>';
}
}
$query_email = "SELECT id
FROM members
Where email == '$email'
LIMIT 1";
$available_email = array();
if ($resultEmail = mysqli_query($mysqli, $query_email)) {
if (mysqli_num_rows($resultEmail) > 0) {
$error_msg .= '<p class="error">A user with this email adress already exists!</p>';
}
}
if (empty($error_msg)) {
$ipadress = $_SERVER['REMOTE_ADDR'];
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
$password = hash('sha512', $password . $random_salt);
if (!$tableRowEmail = 1) {
$sqlinsert = "INSERT INTO members (username, email, ipadress, password, salt) VALUES ($username, $email, $ipadress, $password, $random_salt)";
if (!mysqli_query($mysqli, $sqlinsert)) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./register_success.php');
}
}
?>
Just a wild guess: You use == in your sql statements. I'm quite sure you should only use =
Field values are missing single quote '
all the fields are varchar datatype.Single quotes should be used for string values.
$sqlinsert = "INSERT INTO members (username, email, ipadress, password, salt) VALUES ('$username', '$email', '$ipadress', '$password', '$random_salt')";
I have a registration form that has some required field. i want to check if those required fields are filled and if they are filled correctly before i insert in my database.
One of the required field is email, i also want to check if the email entered is a valid email.
My code is below.
Thanks in advance for your help, i really appreciate it.
<?php
include 'config.php';
$tbl_name="citizens"; // Table name
// Get values from form and formatting them as SQL strings
$firstname = mysql_real_escape_string($_POST['firstname']);
$middlename = mysql_real_escape_string($_POST['middlename']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$sex = mysql_real_escape_string($_POST['sex']);
$address = mysql_real_escape_string($_POST['address']);
$employer = mysql_real_escape_string($_POST['employer']);
$posincom = mysql_real_escape_string($_POST['posincom']);
$states = mysql_real_escape_string($_POST['states']);
$agerange = mysql_real_escape_string($_POST['agerange']);
$income = mysql_real_escape_string($_POST['income']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
// Insert data into mysql
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "You Have Successful Registered";
}else {
echo "Sorry!!! Could Not Register You. All a* fields must be field.";
}
?>
<?php
include 'config.php';
$tbl_name="citizens"; // Table name
$required = array('email');
$errors = array();
foreach($required as $required_fieldname){
if(!isset($_POST[$required_fieldname]) || empty($_POST[$required_fieldname])){
$errors[] = 'Sorry!!! Could Not Register You. All a* fields must be field.';
break;
}
}
if(isset($_POST['email']) && !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
$errors[] = "That is not a valid email address.";
}
if(count($errors) == 0){
// Get values from form and formatting them as SQL strings
$firstname = mysql_real_escape_string($_POST['firstname']);
$middlename = mysql_real_escape_string($_POST['middlename']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$sex = mysql_real_escape_string($_POST['sex']);
$address = mysql_real_escape_string($_POST['address']);
$employer = mysql_real_escape_string($_POST['employer']);
$posincom = mysql_real_escape_string($_POST['posincom']);
$states = mysql_real_escape_string($_POST['states']);
$agerange = mysql_real_escape_string($_POST['agerange']);
$income = mysql_real_escape_string($_POST['income']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
// Insert data into mysql
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')";
$result= mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "You Have Successfully Registered";
}else {
echo "A technical error has occured.";
}
}
else{
echo '<strong>ERRORS!</strong><br>';
foreach($errors as $error){
echo $error . '<br>';
}
}
?>
you should validate form before submitting at client side using JavaScript, and alert to user if not filled correctly. Once validated allow it to submit .
In other case it is overhead to validate at server and than again send response to user at client end.
<?php
include 'config.php';
$tbl_name="citizens"; // Table name
// Get values from form and formatting them as SQL strings
//your other fields ...
$email = mysql_real_escape_string($_POST['email']);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$errors = 1;
echo "Please enter a correct email address";
}
//similar approach can be used for other fields..
// this is one of the simplest validating approach
if($errors == 0){
// Insert data into mysql
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "You Have Successful Registered";
}else {
echo "Sorry!!! Could Not Register You. All a* fields must be field.";
}
}
?>
For email you can use this (or similar) functions from https://stackoverflow.com/questions/3314493/check-for-valid-email-address to validate email
function isValidEmail($email){
return preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email);
}
Or
function isValidEmail( $email ){
return filter_var( $email, FILTER_VALIDATE_EMAIL );
}
For the rest, you can use the following
<?php
$error = '';
//put chosen function here
function isValidEmail( $email ){
return filter_var( $email, FILTER_VALIDATE_EMAIL );
}
//get values and validate each one as required
$firstname = mysql_real_escape_string($_POST['firstname']);
if(!$firstname){ $error .= "First name is required<br />"; }
//repeat for each field
$email = mysql_real_escape_string($_POST['email']);
if(!isValidEmail($email)){ $error .= "The email entered is invalid<br />"; }
//and so on...
if(!$error){
//add insert into database code here
}
else{
//display $error however you want e.g....
echo "<div class=\"error\">$error</div>";
}
?>
1.) you can use PHP_FILTER for validation.
2.) you can proper check( variable is null or not) before insert the data if variable is null the display error msg otherwish insert..