PHP Form Validation and POST variables - php

I'm new to PHP and I'm trying some form validation. I have the following code:
I submit a form and submit the data to an SQL statement if it passes validation. If the form is valid, it redirects to an external success page.
What I can't do is get the original post variables onto the success page. How could I do this please? My code is below:
PHP:
<body>
<?php
$firstnameErr = $emailErr = $lastnameErr = $gradeErr = $roleErr = "";
$firstname = $email = $lastname = $grade = $role = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["firstname"])) {
$firstnameErr = "First name is required";
} else {
$firstname = user_input($_POST["firstname"]);
}
if (empty($_POST["lastname"])) {
$lastnameErr = "Last mame is required";
} else {
$lastname = user_input($_POST["lastname"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = user_input($_POST["email"]);
}
if (empty($_POST["grade"])) {
$gradeErr = "Grade is required";
} else {
$grade = user_input($_POST["grade"]);
}
if (empty($_POST["role"])) {
$roleErr = "Role is required";
} else {
$role = user_input($_POST["role"]);
}
if($firstnameErr == '' && $emailErr == '' && $lastnameErr == '' && $gradeErr == '' && $roleErr == ''){
$stmt = $conn->prepare("INSERT INTO `Tom`.`staff_details` (`first_name`, `surname`, `role`, `grade`,`email`) VALUES ('$firstname', '$lastname','$role', '$grade','$email');");
$stmt->execute();
header('Location: staff_added.php');
exit();
};
}
function user_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
HTML:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<fieldset>
<p><span class="error">* required field</span></p>
<label>First name:</label><input type="text" name="firstname" />
<span class="error">* <?php echo $firstnameErr;?></span><br>
<label>Last name:</label><input type="text" name="lastname" />
<span class="error">* <?php echo $lastnameErr;?></span><br>
<label>Role:</label><input type="text" name="role" />
<span class="error">* <?php echo $roleErr;?></span><br>
<label>Grade:</label><input type="text" name="grade" />
<span class="error">* <?php echo $gradeErr;?></span><br>
<label>Email:</label><input type="text" name="email" />
<span class="error">* <?php echo $emailErr;?></span><br><br>
<input class="standard_submit" type="submit" value="Save" id="submit_search_button">
</fieldset>
</form>
I would like those variables to move across to the staff_added.php page so that I can print them back to the user. I've done some reading over this but as far, it's not making much sense.
Any help would be appreciated.
Thank you


You can store the variables in a SESSION object and then will be available from everywhere :
<?php
session_start();
//other code...
$_SESSION["role"] = $role;
//other code...
?>


Using prepared statements you should be looking at an approach like this perhaps rather than directly embedding variables in the sql.
<?php
function user_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$firstname = $email = $lastname = $grade = $role = false;
if( $_SERVER["REQUEST_METHOD"] == "POST" ) {
$errors=array();
if( empty($_POST["firstname"])) $errors[] = "First name is required";
else $firstname = user_input( $_POST["firstname"] );
if( empty($_POST["lastname"])) $errors[] = "Last mame is required";
else $lastname = user_input($_POST["lastname"]);
if( empty($_POST["email"])) $errors[] = "Email is required";
else $email = user_input($_POST["email"]);
if( empty($_POST["grade"]) ) $errors[] = "Grade is required";
else $grade = user_input($_POST["grade"]);
if( empty($_POST["role"])) $errors[] = "Role is required";
else $role = user_input( $_POST["role"] );
if( empty( $errors ) ){
$stmt = $conn->prepare("INSERT INTO `Tom`.`staff_details` (`first_name`, `surname`, `role`, `grade`,`email`) VALUES (?,?,?,?,?);");
if( $stmt ){
$stmt->bind_param('sssss',$firstname,$lastname,$role,$grade,$email);
$stmt->execute();
exit( header( 'Location: staff_added.php' ) );
} else { echo 'statement failed'; }
} else {
foreach( $errors as $error )echo $error . '<br />';
}
}
?>

Related

PHP Single Page Form Validation HTML - form not validating

PHP portion, where variables are initialized and set to empty. As well as the post methods and isset functions
The functions seem to be right, no errors when running the code. However, nothing is processed when the user submits everything. This is just a small portion of the code.
<?php
//define variables and set them to empty values
$fname_error= $phone_error= $address1_error= $address2_error= $city_error= $state_error= $zipcode_error= "";
$fname= $phone= $address1= $address2= $city= $state= $zipcode= "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fname_error = "Missing";
}
else {
$fname = test_input($_POST["fname"]);
//now we check to see that the name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$fname_error = "Please use letters and white space only";
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
The Html portion:
<div class="userinput">
<label for="fname"><b>First Name</b></label>
<input type="text" name="fname" value="<?php
echo $fname ?>">
<span class="error">
<?php echo $fname_error;?></span>
</div>

Close the conditional REQUEST_METHOD.
Your code should look like this:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
//define variables and set them to empty values
$fname_error = $phone_error = $address1_error = $address2_error = $city_error = $state_error = $zipcode_error = "";
$fname = $phone = $address1 = $address2 = $city = $state = $zipcode = "";
//flag to validate and allow SQL insert if true
$valid=true;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fname_error = "Missing";
$valid=false;
} else {
$fname = test_input($_POST["fname"]);
//now we check to see that the name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $fname)) {
$valid=false;
$fname_error = "Please use letters and white space only";
}
}
}
//filter your input for security reason
function test_input($data) {
$data1 = trim($data);
$data2 = stripslashes($data1);
$data3 = htmlspecialchars($data2);
return $data3;
}
if($valid){
//Add you insert SQL
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<label for="fname"><b>First Name</b></label>
<input type="text" name="fname" value="<?php echo $fname ?>">
<span class="error">
<?php echo $fname_error; ?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
//For testing porpuses:
echo "<h2>Your Input:</h2>";
echo $fname;
?>
</body>
Reference: https://www.w3schools.com/php/php_form_complete.asp
Form validation

revalidate form and checking each input after editing

I created the fields that has validation process like required fields, numbers only and valid email.
it displays the errors simultaneously after submit but upon changing only one of the fields, it accepts and does not revalidate the other.
example
name = Error : required field
telephone = Error : numbers only
email = Error : not a valid email
after i corrected only the email , it accepts and proceed on submitting without rechecking the others.
please see my code . thanks in advance
<?php
include("conn/db.php");
function renderForm($name ='', $tel = '', $email ='', $error='', $error2='', $error3='')
{
?>
<html >
<head> <title>Form</title></head>
<body>
<?php
if ($error != '') {
echo $error
}
if ($error2 != '') {
echo $error2;
}
if ($error3 != '') {
echo $error3;
}
?>
<form action="" method="post">
Name : <input type = "text" class = "form-control" name = "name_text" value="<?php echo $name; ?>"> <br/>
Tel :<input type = "text" class = "form-control" name = "tel_text" value="<?php echo $tel; ?>"> <br/>
Email :<input type ="text" class = "form-control " name = "email_text" value="<?php echo $email; ?>" > <br/>
<input name= "submit" type="submit" value="Update" class = "btn btn-primary" >
</form>
</body>
</html>
<?php
}
if (isset($_POST['submit'])){
$name = $_POST['name_text'];
$tel = $_POST['tel_text'];
$email = $_POST['email_text'];
if ($name== '' ){
$error = 'ERR: required field';
}
if(!is_numeric($telephone)){
$error2 = 'ERR: numbers only';
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$error3 = 'ERR: Email not valid';
}
else
{
***WILL PROCESS THE SQL QUERY ***
header("Location: main.php");
}
renderForm($name, $tel , $email ,$error, $error2, $error3);
}
else{
renderForm();
}
$con->close();
?>

<?php
include("conn/db.php");
function renderForm($name ='', $tel = '', $email ='', $error='', $error2='', $error3='')
{
?>
<html >
<head> <title>Form</title></head>
<body>
<?php
if ($error != '') {
echo $error
}
if ($error2 != '') {
echo $error2;
}
if ($error3 != '') {
echo $error3;
}
?>
<form action="" method="post">
Name : <input type = "text" class = "form-control" name = "name_text" value="<?php echo $name; ?>"> <br/>
Tel :<input type = "text" class = "form-control" name = "tel_text" value="<?php echo $tel; ?>"> <br/>
Email :<input type ="text" class = "form-control " name = "email_text" value="<?php echo $email; ?>" > <br/>
<input name= "submit" type="submit" value="Update" class = "btn btn-primary" >
</form>
</body>
</html>
<?php
}
if (isset($_POST['submit'])){
$name = $_POST['name_text'];
$tel = $_POST['tel_text'];
$email = $_POST['email_text'];
$is_valid = true;
if ($name== '' ){
$error = 'ERR: required field';
$is_valid = false;
}
if(!is_numeric($telephone)){
$error2 = 'ERR: numbers only';
$is_valid = false;
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$error3 = 'ERR: Email not valid';
$is_valid = false;
}
if($is_valid) {
***WILL PROCESS THE SQL QUERY ***
header("Location: main.php");
}
renderForm($name, $tel , $email ,$error, $error2, $error3);
}
else{
renderForm();
}
$con->close();
?>
Its just a small mistake:
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$error3 = 'ERR: Email not valid';
} else {
***WILL PROCESS THE SQL QUERY ***
header("Location: main.php");
}
You only checked the email and if it is corecct it was proceding. It did not include the other 2 checks for name and number.
I added a small variable to check if all 3 are correct.

php string validation not working

So I have the following code:
<body>
<?php
$firstname = $lastname = $phone = $phone = $email = $date = $code = "";
$firstnameerr = $lastnameerr = $phoneerr = $emailerr = $dateerr = $codeerr = "";
$check = 0;
$str = "abcdefghijklmnopqrstuvwxyz";
$rand1 = $str[rand(0, strlen($str) - 1)];
$rand2 = $str[rand(0, strlen($str) - 1)];
$rand3 = $str[rand(0, strlen($str) - 1)];
$rand4 = $str[rand(0, strlen($str) - 1)];
$rand5 = $str[rand(0, strlen($str) - 1)];
$final = $rand1 . $rand2 . $rand3 . $rand4 . $rand5;
if ($_SERVER["REQUEST_METHOD"] == "POST"){
if (empty($_POST["ffirstname"])){
$firstnameerr = "First Name is empty!";
$check = 1;
} else {
$firstname = testInput($_POST['ffirstname']);
$check = 0;
if (!preg_match("/^[a-zA-Z]*$/",$firstname)){
$firstnameerr = "This is not a valid name!";
$check = 1;
}
}
if (empty($_POST["flastname"])){
$lastnameerr = "Last Name is empty!";
$check = 1;
} else {
$lastname = testInput($_POST['flastname']);
$cheek = 0;
if (!preg_match("/^[a-zA-Z ]*$/",$lastname)){
$lastnameerr = "This is not a valid name";
$check = 1;
}
}
if (empty($_POST["fphone"])){
$phoneerr = "Phone field is empty!";
$check = 1;
}else {
$phone = testInput($_POST['fphone']);
if(!is_numeric($phone)){
$phoneerr = "Phone number is not a number";
$check = 1;
}
}
if (empty($_POST["femail"])){
$emailerr = "E-mail field is empty!";
} else {
$email = testInput($_POST['femail']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailerr = "E-mail is not valid";
$check = 1;
}
}
if (empty($_POST["fdate"])){
$dateerr = "No date selected!";
$check = 1;
} else {
$date = testInput($_POST['fdate']);
}
if (empty($_POST["fcode"])){
$codeerr = "There is no code!";
$check = 1;
} else {
$code = $_POST["fcode"];
if ($code !== $final){
$codeerr = "The code is wrong";
$check = 1;
}
}
if ($check == 0) {
$host = "localhost";
$user = "root";
$pass = "";
$db = "myfirstdb";
$connect = new mysqli($host,$user,$pass,$db);
if ($connect->connect_error){
die("Connection failed: " . $connect->connect_error);
} else {
echo "Connected successfully!";
}
$sql = "INSERT INTO table1 (firstname , lastname , phone , email , date) VALUES ('$firstname', '$lastname', '$phone', '$email', '$date')";
if ($connect->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $connect->error;
}
$connect->close();
}
}
function testInput($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<div id="header">
<img src="http://stupidname.org/files/gfx/design/random%20logos/RandomLogo1.png" alt="logo" height="250px" width="250px">
<div id="top"><h1 id="first">Welcome to my website</h1></div>
</div>
<div id="section">
<div id="nav">
<ul>
<li>Home</li>
<li>About</li>
<li>Project</li>
<li>Contact</li>
</ul>
</div>
<div id="article">
<h3 style="text-align: center"><b>Please confirm the form below:</b></h3>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<p class="namer">First Name</p><br>
<input type="text" name="ffirstname" id="ffirstnameid"><span class="error"><?php echo $firstnameerr; ?></span><br>
<p class="namer">Last Name</p><br>
<input type="text" name="flastname" id="flastnameid"><span class="error"><?php echo $lastnameerr; ?></span><br>
<p class="namer">Phone Number</p><br>
<input type="text" name="fphone" id="fphoneid"><span class="error"><?php echo $phoneerr; ?></span><br>
<p class="namer">E-mail</p><br>
<input type="text" name="femail" id="femailid"><span class="error"><?php echo $emailerr; ?></span><br>
<p class="namer">Date</p><br>
<input type="text" name="fdate" id="fdateid"><span class="error"><?php echo $dateerr; ?></span><br>
<p class="namer">Enter the Captcha code!</p><br>
<h1><?php echo $final?></h1><br>
<input type="text" name="fcode" id="fcodeid"><span class="error"><?php echo $codeerr; ?></span><br>
<input type="submit" name="fsubmit" value="Submit">
</form>
</div>
</div>
My problem is with the code a.k.a in the if that uses $code and $final to check wheather it's a human or not. Now whenever i write the exact same thing as in the $final variable the program thinks it's not the same so i get the $codeerr. Can someone please help me fix it?

Ok, I added little changes to your code, and I think it should work now.
<?php
session_start();
?>
<body>
<?php
function generateCode() {
$str = "abcdefghijklmnopqrstuvwxyz";
$rand1 = $str[rand(0, strlen($str) - 1)];
$rand2 = $str[rand(0, strlen($str) - 1)];
$rand3 = $str[rand(0, strlen($str) - 1)];
$rand4 = $str[rand(0, strlen($str) - 1)];
$rand5 = $str[rand(0, strlen($str) - 1)];
return $rand1 . $rand2 . $rand3 . $rand4 . $rand5;
}
$firstname = $lastname = $phone = $phone = $email = $date = $code = "";
$firstnameerr = $lastnameerr = $phoneerr = $emailerr = $dateerr = $codeerr = "";
$check = 0;
if(!isset($_SESSION['final'])) {
$_SESSION['final'] = generateCode();
}
if ($_SERVER["REQUEST_METHOD"] == "POST"){
if (empty($_POST["ffirstname"])){
$firstnameerr = "First Name is empty!";
$check = 1;
} else {
$firstname = testInput($_POST['ffirstname']);
$check = 0;
if (!preg_match("/^[a-zA-Z]*$/",$firstname)){
$firstnameerr = "This is not a valid name!";
$check = 1;
}
}
if (empty($_POST["flastname"])){
$lastnameerr = "Last Name is empty!";
$check = 1;
} else {
$lastname = testInput($_POST['flastname']);
$cheek = 0;
if (!preg_match("/^[a-zA-Z ]*$/",$lastname)){
$lastnameerr = "This is not a valid name";
$check = 1;
}
}
if (empty($_POST["fphone"])){
$phoneerr = "Phone field is empty!";
$check = 1;
}else {
$phone = testInput($_POST['fphone']);
if(!is_numeric($phone)){
$phoneerr = "Phone number is not a number";
$check = 1;
}
}
if (empty($_POST["femail"])){
$emailerr = "E-mail field is empty!";
} else {
$email = testInput($_POST['femail']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailerr = "E-mail is not valid";
$check = 1;
}
}
if (empty($_POST["fdate"])){
$dateerr = "No date selected!";
$check = 1;
} else {
$date = testInput($_POST['fdate']);
}
if (empty($_POST["fcode"])){
$codeerr = "There is no code!";
$check = 1;
} else {
$code = $_POST["fcode"];
if ($code !== $_SESSION['final']){
$codeerr = "The code is wrong";
$check = 1;
}
}
if ($check == 0) {
$host = "localhost";
$user = "root";
$pass = "";
$db = "myfirstdb";
$connect = new mysqli($host,$user,$pass,$db);
if ($connect->connect_error){
die("Connection failed: " . $connect->connect_error);
} else {
echo "Connected successfully!";
}
$sql = "INSERT INTO table1 (firstname , lastname , phone , email , date) VALUES ('$firstname', '$lastname', '$phone', '$email', '$date')";
if ($connect->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $connect->error;
}
$connect->close();
}
}
if($check == 1) {
$_SESSION['final'] = generateCode();
}
function testInput($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<div id="header">
<img src="http://stupidname.org/files/gfx/design/random%20logos/RandomLogo1.png" alt="logo" height="250px" width="250px">
<div id="top"><h1 id="first">Welcome to my website</h1></div>
</div>
<div id="section">
<div id="nav">
<ul>
<li>Home</li>
<li>About</li>
<li>Project</li>
<li>Contact</li>
</ul>
</div>
<div id="article">
<h3 style="text-align: center"><b>Please confirm the form below:</b></h3>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<p class="namer">First Name</p><br>
<input type="text" name="ffirstname" id="ffirstnameid"><span class="error"><?php echo $firstnameerr; ?></span><br>
<p class="namer">Last Name</p><br>
<input type="text" name="flastname" id="flastnameid"><span class="error"><?php echo $lastnameerr; ?></span><br>
<p class="namer">Phone Number</p><br>
<input type="text" name="fphone" id="fphoneid"><span class="error"><?php echo $phoneerr; ?></span><br>
<p class="namer">E-mail</p><br>
<input type="text" name="femail" id="femailid"><span class="error"><?php echo $emailerr; ?></span><br>
<p class="namer">Date</p><br>
<input type="text" name="fdate" id="fdateid"><span class="error"><?php echo $dateerr; ?></span><br>
<p class="namer">Enter the Captcha code!</p><br>
<h1><?php echo $_SESSION['final']?></h1><br>
<input type="text" name="fcode" id="fcodeid"><span class="error"><?php echo $codeerr; ?></span><br>
<input type="submit" name="fsubmit" value="Submit">
</form>
</div>
</div>
You must save $final code in $_SESSION for example, because after submit of the form the code for generating $final will get executed and $final will get new value different from the rendered code before submit.

Indicating Required Fields in PHP

I'm trying to create a PHP file of a process form that indicates the required fields when processed. The code that I have is:
<html>
<head>
<style type="text/css">
.error{color: #FF0000;}
</style>
</head>
<body>
<?php
if(isset($_POST['fullname']) && $_POST['fullname'] != "") {
$fullname = $_POST['fullname'];
}
if(isset($_POST['email']) && $_POST['email'] != "") {
$email = $_POST['email'];
}
if(isset($_POST['feedback']) && $_POST['feedback'] != "") {
$text= $_POST['feedback'];
}
$nameErr = $emailErr = "";
$name = $email = "";
if ($_SERVER["REQUEST_METHOD"] == POST) {
if (empty($_POST["fullname"])){
$nameErr = "Name is required";
} else {
$name = test_input($_POST["fullname"]);
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
}
}
?>
<h1>Customer Feedback</h1>
<p1>Please tell us what you think</p1><br><br>
<form method='POST' action='<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>' >
<p1>Your name:</p1><br>
<input type="text" name="fullname" value="<?php echo $fullname; ?>"><br><br>
<p1>Your email address:</p1><br>
<input type="text" name="email" value="<?php echo $email; ?>"><br><br>
<p1>Your feedback:</p1><br>
<textarea rows="5" cols="50" name="feedback"><?php echo $text;?></textarea><br><br>
<input type="submit" Value="Send Feedback"><br><br>
<?php
error_reporting(E_ALL);
$name = $_POST['fullname'];
$email = $_POST['email'];
$feed = $_POST['feedback'];
if (empty($name))
{
echo "Please enter your name, email and feedback.";
}
if (empty($email))
{
echo "Please enter your email and feedback.";
}
if (empty($feed))
{
echo "Please enter feedback.";
}
if (!empty($name) && !empty($email) && !empty($feed))
{
echo "You have inserted the correct data";
}
?>
</form>
</body>
</html>
However, when I run it on Chrome, I got a server error 500 saying that
The website encountered and error while retrieving process_4.php. It maybe down for maintenance or configured incorrectly.
The other PHP files that I've made leading up to this point have all worked correctly and I don't know why this one isn't.

Not displaying Error Message

i am a newbie in this php. i am trying to make some validation for my form which will show the error msg if it exploits my validation rules.
my connection file.
<?php
$con = mysql_connect("localhost","root","") or die('could not connect the server: '. mysql_error());
mysql_select_db("interview",$con);
?>
my validate.php file
<?php
require_once('connect.php');
$realnameErr = $nickErr = $passwordErr = $emailErr = "";
$realname = $nick = $password = $email = "";
?>
my form
<form name='v2' id='login' method='post' action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<fieldset>
<legend>Login</legend>
<label for='realname' >Real Name*:</label>
<input type='text' name='realname' id='realname' maxlength="50" value="<?php echo $realname;?>" /></br>
<span class="error"><?php echo $realnameErr;?></span>
<br>
<label for='nick' >Nick*:</label>
<input type='text' name='nick' id='nick' maxlength="50" value="<?php echo $nick;?>" /></br>
<span class="error"><?php echo $nickErr;?></span>
<br>
<label for='password' >Password*:</label>
<input type='password' name='password' id='password' maxlength="50" /></br>
<span class="error"><?php echo $passwordErr;?></span>
<br>
<label for='email' >Email*:</label>
<input type='text' name='email' id='email' maxlength="50" value="<?php echo $email;?>"/></br>
</fieldset>
<input type='submit' name='submit' value='submit' />
</form>
validation begins here
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(isset($_POST['submit'])) {
if (empty($_POST["realname"]))
{
$realnameErr = "Name is required";
}
else
{
$realname=test_input($_POST["realname"]);
if(!preg_match("/^[a-zA-z ]*$/",$realname))
{
$realnameErr = "only letters and white space allowed";
}}
if(empty($_POST["nick"]))
{
$nickErr = "Nick is required";
}
else {
$nick=($_POST["nick"]);
}
if(empty($_POST["password"]))
{
$passwordErr = "password is required";
}
else {
$password=($_POST["password"]);
}
if(empty($_POST["email"]))
{
$emailErr = "email is required";
}
else {
$email=test_input($_POST["email"]);
if(!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email))
{
$emailErr = "Invalid email format";
}}
checking then inserting
if((!$realnameErr) && (!$nickErr) && (!$passwordErr) && (!$emailErr)) {
$query="INSERT INTO `main`"."(realname,nick,password,email)". "VALUES". "('$realname','$nick',SHA('$password'),'$email')";
$res=mysql_query($query);
echo '<p>Your account has been Successfully created,You are now ready to login. </p>';
}
}}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>

You need to have your working Script before you display your form. Because at the moment, the time you output <span class="error"><?php echo $nickErr;?></span> the variable $nickErr is still empty and therefore does not display anything.

Try this:
// Init
$errors = array();
// Validate Post Data
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST['submit'])) {
if (empty($_POST["realname"])) {
$errors[] = "Name is required";
} else {
$realname = test_input($_POST["realname"]);
if (!preg_match("/^[a-zA-z ]*$/", $realname)) {
$errors[] = "only letters and white space allowed";
}
}
if (empty($_POST["nick"])) {
$errors[] = "Nick is required";
} else {
$nick = ($_POST["nick"]);
}
if (empty($_POST["password"])) {
$errors[] = "password is required";
} else {
$password = ($_POST["password"]);
}
if (empty($_POST["email"])) {
$errors[] = "email is required";
} else {
$email = test_input($_POST["email"]);
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email)) {
$errors[] = "Invalid email format";
}
}
}
}
// If there is any error
if (sizeof($errors))
{
// display it
echo '<div>Following error(s) occured:<br /><br />'. implode('<br />', $errors) .'</div>';
}
else
{
// proceed with db insert here
}

Categories