In my site's registration, the insert is only working for certain data, not sure why
heres the code (I know, no salt, I will fix that next)
if ($id == "0" || $id == null)
{ echo '<title>Start</title>';
$content .= '
<body><center>
<h1>TitleBar</h1>
<img src="logo.png" alt="Smiley face" height="400" width="400">
<form action="?id=loginF" method="POST">
<fieldset>
<legend>LOGIN </legend>
<p><label for="username">Username</label> <input type="text" name="username" required="required" autofocus="autofocus"/></p>
<p><label for="password">Password</label> <input type="password" name="password" required="required"/></p>
<p class="submit"><input type="submit" value="Login"/></p>
</fieldset>
</form>
</center>
';
echo $content;
}
This next section is for after the form is submitted:
if ($id == "loginF")
{
echo '<title>Login</title>';
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['username'];
$snapchat = new Snapchat($username,$password);
echo $username;
$_SESSION['name'] = $username;
$_SESSION['pass'] = $password;
$ulz="INSERT INTO user_attribs(username,email,salted)VALUES('$username'
,'$email','$password')";
mysql_query($ulz);
$content .= '
<ul>
<li>Get Snaplist</li>
<li>Get Friendlist</li>
<li>Send pics</li>
<li>Logout</li>
</ul>
';
echo $content;
}
for example:
top#kek.com with any password will insert as a username
however, any username with, for example, an #hotmail.com address will not insert
what could be the cause of that?
I tried to google it, I honestly have no idea.
EDIT::
I want to be more specific in the error. I did some testing. The following CAN insert: hotmail.com, .hotmail.com, a#hotmail.com, art#hotmail.com, however, a.rt#hotmail.com cannot be inserted. it must be the front period.
After looking at the table description, username was VARCHAR(15)
This was what caused the problem. By extending the column length, I was able to get the data inserted.
Related
I thought the solution would be easy to find, but I cannot find it. I want my registration form to submit to the database and send the form data to the user's email, as a confirmation email, at the same time and using the same submit button. It seems logical that the form would have two actions, but I'm finding no example of such a thing. Perhaps some PHP code on the registration page that will recognize the successful submission and send the data to a php file that will process an email at the same time the data is being inserted into the database table??
register.php, the PHP above the HTML
<?php
session_start();
if (!isset($_SESSION['usr_id']) && empty($_SESSION['usr_id']) ) {
} else {
header('Location: mustlogout.php'); #redirect URL
}
?>
<?php
include_once 'db.php';
//set validation error flag as false
$error = false;
//check if form is submitted
if (isset($_POST['signup'])) {
$name = mysqli_real_escape_string($con, $_POST['name']);
$user_name = mysqli_real_escape_string($con, $_POST['user_name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$cpassword = mysqli_real_escape_string($con, $_POST['cpassword']);
$name = stripslashes($name);
$user_name = stripslashes($user_name);
$email = stripslashes($email);
$password = stripslashes($password);
$cpassword = stripslashes($cpassword);
if (!preg_match("/^[a-zA-Z ]+$/",$name)) { /* name can contain only alpha characters and space */
$error = true;
$name_error = "Name must contain only letters";
}
if (!preg_match("/^[a-zA-Z-0-9 ]+$/",$user_name)) { /* letters and numbers */
$error = true;
$user_name_error = "User name can contain only letters and numbers";
}
if(!filter_var($email,FILTER_VALIDATE_EMAIL)) { /* will accept only email addresses */
$error = true;
$email_error = "Please Enter Valid Email ID";
}
if(strlen($password) <6 ) { /* must be 6 or more characters */
$error = true;
$password_error = "Password must be minimum of 6 characters";
}
if($password != $cpassword) { /* must match the first password entry */
$error = true;
$cpassword_error = "Password and Confirm Password doesn't match";
}
if (!$error) {
if(mysqli_query($con, "INSERT INTO forumusers(name,user_name,email,password) VALUES('" . $name . "', '" . $user_name . "', '" . $email . "', '" . md5($password) . "')")) {
$successmsg = "Successfully Registered! <a href='login.php'>Click here to Login</a>"; /* if register is successful */
} else {
$errormsg = "Error in registering...Please try again later!"; /* if register is not successful */
}
}
}
?>
<!doctype html>
<html><!-- InstanceBegin template="/Templates/index.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
register.php, the form in the HTML
<!-- InstanceBeginEditable name="EditRegion3" -->
<div class="title-bar"><n6>Forum Registration</n6></div>
<div class="main-content">
<div class="form-reg" style="margin-bottom: 4em;"><!-- Begin div to contain form -->
<table width="50%" style="padding-left: 20px;">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="signupform">
<fieldset>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name" class="formfield-names">Name</label>
<input type="text" name="name" placeholder="Enter Your Full Name" required value="<?php if($error) echo $name; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($name_error)) echo $name_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 0px; margin-bottom: 5px;">
<label for="name" class="formfield-names">User Name</label>
<input type="text" name="user_name" minlength="5" maxlength="15" placeholder="5 to 15 Letters/Numbers" required value="<?php if($error) echo $user_name; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($user_name_error)) echo $user_name_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name" class="formfield-names">Email</label>
<input type="text" name="email" placeholder="Enter a Valid Email" required value="<?php if($error) echo $email; ?>" class="form-control" />
<span class="text-danger"><?php if (isset($email_error)) echo $email_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name" class="formfield-names">Password</label>
<input type="password" name="password" minlength="6" maxlength="16" placeholder="6 to 16 Chracters" required class="form-control" />
<span class="text-danger"><?php if (isset($password_error)) echo $password_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<label for="name" class="formfield-names">Confirm Password</label>
<input type="password" name="cpassword" placeholder="Confirm Password" required class="form-control" />
<span class="text-danger"><?php if (isset($cpassword_error)) echo $cpassword_error; ?></span>
</div>
</td>
</tr>
<tr>
<td>
<div style="margin-top: 10px; margin-bottom: 5px;">
<input type="submit" name="signup" value="Register" class="button" />
</div>
</fieldset>
</form>
</td>
</tr>
<tr><td><div style="margin-top: 10px; margin-bottom: 5px;" class="formfield-names">Already Registered? Login Here</div></td></tr>
</table>
<span class="formfield-names"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
<span class="formfield-names"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>
</div><!-- End div to contain form -->
</div>
<!-- InstanceEndEditable -->
I found alot of "form with two buttons" and various "how to submit a form to a database" and "how to send email with a form" and displaying various confirmation messages and the one I found with the 2 actions appears to be incomplete. Help would be greatly appreciated.
It is quite a simple question, you should try thinking out the process before coding it.
some code ....
if(mysqli_query($con, "INSERT INTO forumusers(name,user_name,email,password) VALUES('" . $name . "', '" . $user_name . "', '" . $email . "', '" . md5($password) . "')")) {
$successmsg = "Successfully Registered! <a href='login.php'>Click here to Login</a>"; /* if register is successful */
// add email here.
}
some code ....
It seems logical that the form would have two actions
No. The action attribute determines the URL to which the data will be sent. HTML is not designed to send data to multiple places (because it is geared up to display one page at a time).
If you want to do more than one thing with the data, you just need to make the program at that URL do more than one thing.
Your existing PHP already does two things:
Inserts data into a database
Outputs an HTML page back to the browser
You just need to insert the code to send the email into the same program.
Perhaps some PHP code on the registration page that will recognize the successful submission and send the data to a php file that will process an email at the same time the data is being inserted into the database table
If you want to divide your code up into smaller, logically grouped, chunks: You can use includes, functions and classes.
I'm using kespersy antivirus.I want to store the details in database.but password and confirm password value is not printed while testing.
all the field values are echoed except password and confirm password.$pass is password variable and $c_pass is confirm password variable.
<form name="profile" method="post">
<p style="margin-left:1cm">Name<a style="margin-left:45px"></a> : <input type="text" name="p_name" size=18 maxlength=50></p>
<p style="margin-left:1cm">Email<a style="margin-left:45px"></a> : <input type="text" name="email" size=18 maxlength=50></p>
<p style="margin-left:1cm">Password<a style="margin-left:25px"></a> : <input type="password" name="pass" size=18 maxlength=50></p>
<p style="margin-left:1cm">Confirm<a style="margin-left:30px"></a> : <input type="password" name="c_pass" size=18 maxlength=50></p>
<p style="margin-left:1cm">Phone<a style="margin-left:45px"></a> : <input type="text" name="phone" size=18 maxlength=50></p>
<p style="margin-left:1cm">Address<a style="margin-left:30px"></a> : <textarea name="address" max=200></textarea></p>
<p style="margin-left:1cm">EIN<a style="margin-left:50px"></a>   : <textarea name="ein" max=200></textarea></p>
<center><input type="submit" name="edit" value="Edit" /> </center>
</form>
<?php
include "config.php";
if(isset($_REQUEST['edit']))
{
echo "hai";
echo $pass=$_REQUEST['Pass'];
echo $c_pass=$REQUEST['c_pass'];
echo $address=$_REQUEST['address'];
echo $p_name=$_REQUEST['p_name'];
echo $phone=$_REQUEST['phone'];
echo $email=$_REQUEST['email'];
echo $ein=$_REQUEST['ein'];
echo $datz=date('m-d-yy h:i:s');
if($pass==$c_pass)
{
echo $c_pass;
echo $pass;
if($p_name!='' && $address!='' && $p_name!='' && $phone!='' && $email!='' && $ein!='' && $pass!='')
{
echo $sql="insert into register(name,address,contact_name,phone,email,password,ein,c_date) values ('$name','$address','$p_name','$phone','$email','$pass','$ein','$datz')";
if(mysql_query($sql))
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('registered successfully');
</SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.alert('try again');
</SCRIPT>");
}
}
}
}
?>
First of all why do you use the $_REQUEST variable?
It would be much safer if you use $_POST instead.
Can you update your question with your HTML form so we can see what you did there?
Another suggestions is to use mysqli functions or even prepared statements.
With prepared statements you are better protected against SQL injections like Jack mentioned.
If you dont use prepared statements it is really important that you escape the user input before you save it in your Database:
$name = mysqli_real_escape_string($dblink, $name);
And you should not save the passwords in plaintext, at least use MD5.
$pass = md5($pass);
Better use SHA1 as mentioned by BlackPearl:
$pass = sha1($pass);
UPDATE:
I see a typo in your HTML:
<input type="password" name="pass" size=18 maxlength=50></p>
But in your PHP Code you use:
$_REQUEST['Pass']
which is wrong.
you have to use the same name it is case sensitive.
I have created a PHP form to take 4 text fields name, email, username and password and have set validation for these. I have my code currently validating correctly and displaying messages if the code validates or not.
However, I would like for it to keep the correctly validated fields filled when submitted and those that failed validation to be empty with an error message detailing why.
So far I have the following code, the main form.php:
<?php
$self = htmlentities($_SERVER['PHP_SELF']);
?>
<form action="<?php echo $self; ?>" method="post">
<fieldset>
<p>You must fill in every field</p>
<legend>Personal details</legend>
<?php
include 'personaldetails.php';
include 'logindetails.php';
?>
<div>
<input type="submit" name="" value="Register" />
</div>
</fieldset>
</form>
<?php
$firstname = validate_fname();
$emailad = validate_email();
$username = validate_username();
$pword = validate_pw();
?>
My functions.php code is as follows:
<?php
function validate_fname() {
if (!empty($_POST['fname'])) {
$form_is_submitted = true;
$trimmed = trim($_POST['fname']);
if (strlen($trimmed)<=150 && preg_match('/\\s/', $trimmed)) {
$fname = htmlentities($_POST['fname']);
echo "<p>You entered full name: $fname</p>";
} else {
echo "<p>Full name must be no more than 150 characters and must contain one space.</p>";
} }
}
function validate_email() {
if (!empty($_POST['email'])) {
$form_is_submitted = true;
$trimmed = trim($_POST['email']);
if (filter_var($trimmed, FILTER_VALIDATE_EMAIL)) {
$clean['email'] = $_POST['email'];
$email = htmlentities($_POST['email']);
echo "<p>You entered email: $email</p>";
} else {
echo "<p>Incorrect email entered!</p>";
} }
}
function validate_username() {
if (!empty($_POST['uname'])) {
$form_is_submitted = true;
$trimmed = trim($_POST['uname']);
if (strlen($trimmed)>=5 && strlen($trimmed) <=10) {
$uname = htmlentities($_POST['uname']);
echo "<p>You entered username: $uname</p>";
} else {
echo "<p>Username must be of length 5-10 characters!</p>";
} }
}
function validate_pw() {
if (!empty($_POST['pw'])) {
$form_is_submitted = true;
$trimmed = trim($_POST['pw']);
if (strlen($trimmed)>=8 && strlen($trimmed) <=10) {
$pword = htmlentities($_POST['pw']);
echo "<p>You entered password: $pword</p>";
} else {
echo "<p>Password must be of length 8-10 characters!</p>";
} }
}
?>
How can I ensure that when submit is pressed that it will retain valid inputs and empty invalid ones returning error messages.
Preferably I would also like there to be an alternate else condition for initial if(!empty). I had this initially but found it would start the form with an error message.
Lastly, how could I record the valid information into an external file to use for checking login details after signing up via this form?
Any help is greatly appreciated.
Try using a separate variable for errors, and not output error messages to the input field.
You could use global variables for this, but I'm not fond of them.
login.php
<?php
$firstname = '';
$password = '';
$username = '';
$emailadd = '';
$response = '';
include_once('loginprocess.php');
include_once('includes/header.php);
//Header stuff
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8");?>" method="post">
<fieldset>
<p>Please enter your username and password</p>
<legend>Login</legend>
<div>
<label for="fullname">Full Name</label>
<input type="text" name="fname" id="fullname" value="<?php echo $firstname ?>" />
</div>
<div>
<label for="emailad">Email address</label>
<input type="text" name="email" id="emailad" value="<?php echo $emailadd; ?>"/>
</div>
<div>
<label for="username">Username (between 5-10 characters)</label>
<input type="text" name="uname" id="username" value='<?php echo $username; ?>' />
</div>
<div>
<label for="password">Password (between 8-10 characters)</label>
<input type="text" name="pw" id="password" value="<?php echo $password; ?>" />
</div>
<div>
<input type="submit" name="" value="Submit" />
</div>
</fieldset>
</form>
<?php
//Output the $reponse variable, if your validation functions run, then it
// will contain a string, if not, then it will be empty.
if($response != ''){
print $response;
}
?>
//Footer stuff
loginprocess.php
//No need for header stuff, because it's loaded with login.php
if($_SERVER['REQUEST_METHOD'] == 'POST'){//Will only run if a post request was made.
//Here we concatenate the return values of your validation functions.
$response .= validate_fname();
$response .= validate_email();
$response .= validate_username();
$response .= validate_pw();
}
//...or footer stuff.
functions.php
function validate_fname() {
//Note the use of global...
global $firstname;
if (!empty($_POST['fname'])) {
$form_is_submitted = true;
$trimmed = trim($_POST['fname']);
if(strlen($trimmed)<=150 && preg_match('/\\s/', $trimmed)){
$fname = htmlentities($_POST['fname']);
//..and the setting of the global.
$firstname = $fname;
//Change all your 'echo' to 'return' in other functions.
return"<p>You entered full name: $fname</p>";
} else {
return "<p>Full name must be no more than 150 characters and must contain one space.</p>";
}
}
}
I wouldn't suggest using includes for small things like forms, I find it tends to make a mess of things quite quickly. Keep all your 'display' code in one file, and use includes for functions (like you have) and split files only when the scope has changed. i.e your functions.php file deals with validation at the moment, but you might want to make a new include later that deals with the actual login or registration process.
Look at http://www.php.net/manual/en/language.operators.string.php to find out about concatenating.
I'm beating my head against the wall right now. I've been fiddling with this for hours, and I can't seem to figure it out.
My sessions data isn't saving when I navigate from one page to another. I've set this up in WAMP, BTW.
The cookies are being saved, and the sessions data only works when I reset it at the beginning of EVERY script. I'm not quite sure what to do here. It's probably something ridiculously stupid, but any input is greatly appreciated.
my login script:
<?php
include('../partials/_header.php');
include('includes/connectvars.php');
if(!isset($_SESSION['id'])) { //logged in?
if(isset($_POST['submit'])) { // form submitted?
if(!empty($_POST['email']) && !empty($_POST['password'])) { /* Check to make sure post isn't empty in case of JS override/disable */
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$password = sha1(mysqli_real_escape_string($dbc, trim($_POST['password'])));
/* query DB */
$query = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$result = mysqli_query($dbc, $query) or die ("There was an error with your mySQL query:" . mysqli_error($dbc));
if(mysqli_num_rows($result)==1) { /* Check that matching row exists in users for login */
$row = mysqli_fetch_array($result);
$_SESSION['id'] = $row['id']; // set the session info
$_SESSION['type'] = $row['type'];
$_SESSION['name'] = $row['f_name'];
setcookie('id', $row['id'], time()+ (60*60*24*30));
setcookie('type', $row['type'], time()+ (60*60*24*30));
setcookie('name', $row['f_name'], time()+ (60*60*24*30));
$home_url = '/'; //redirect not working with $_SERVER variable in WAMP. keep an eye for the future
header('Location: '.$home_url);
mysqli_close($dbc);
} else { /* if no match in database ask to resubmit login info or register */?>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#login_form").validate();
});
</script>
<div class="span-24 colborder">
<form id="login_form" action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<label class="error">Your email and/or password are incorrect. </label><br />
<label class="error">If you haven't already signed up, feel free to <a href="user_registration.php" > register</a> </label><br />
<input type="text" name="email" id="email" value="" class="email required" placeholder="example#example.com"/> <br />
<input type="password" name="password" id="password" class="required" value="" /> <br />
<input type="submit" name="submit" value="Login" />
</form>
</div>
<?php
}/* end conditional to check $rows array for username pw match */
} /* end conditional to check that form isn't blank */
else { /* If form is blank ask to resubmit or register */?>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#login_form").validate();
});
</script>
<div class="span-24 colborder">
<form id="login_form" action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<label class="error">You must enter your email and password if you wish to continue.</label><br />
<input type="text" name="email" id="email" value="" class="email required" placeholder="example#example.com"/> <br />
<input type="password" name="password" id="password" class="required" value="" /> <br />
<input type="submit" name="submit" value="Login" />
</form>
</div>
<?php
} // end else to resubmit in case of blank form
} /* end check if form has been submitted */ else{ /* prompt for login if page visited but login form not submitted */ ?>
<script type="text/javascript" src="../js/jquery.validate.js"></script>
<script>
$(document).ready(function(){
$("#login_form").validate();
});
</script>
<div class="span-24 colborder">
<form id="login_form" action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<label class="error">You must be logged in to do that!.</label><br />
<input type="text" name="email" id="email" value="" class="email required" placeholder="example#example.com"/> <br />
<input type="password" name="password" id="password" class="required" value="" /> <br />
<input type="submit" name="submit" value="Login" />
</form>
</div>
<?php
}
} /* end check if cookie isset */ else { //redirect if cookies & session is already set
$home_url = '/';
header('Location: '.$home_url);
}
?>
<?php include('partials/_footer.php'); ?>
this is my header (which includes the set session variable if cookie isset)
<?php //set session if isset cookie but not session
session_start();
if(!isset($_SESSION['id'])) {
if(isset($_COOKIE['id']) && isset($_COOKIE['name']) && isset($_COOKIE['type'])) {
$_SESSION['id'] = $_COOKIE['id'];
$_SESSION['name'] = $_COOKIE['name'];
$_SESSION['type'] = $_COOKIE['type'];
}
} //end if !isset session verify
?>
and an example of the menu output depending on their session id:
<?php
if(isset($_SESSION['type']) && $_SESSION['type'] == "rnr") { //start special runner menu options
?>
<ul class="main_menu">
<li id="how_it_works" class="main_menu"><a class="main_menu" href="/user/bid_task.php">Bid on a task</a></li>
<li id="our_runners" class="main_menu"><a class="main_menu" href="/our_runners.php">Our Runners</a></li>
<li id="login" class="main_menu"><a class="main_menu" href="/user/my_account.php">My account</a></li>
<li id="register" class="main_menu"><a class="main_menu" href="/user/logout.php">Logout</a></li>
</ul>
<?php } /* end runner menu */ ?>
Thanks in advance.
The header file is included before the setcookie function is called in your login script. Based on what I see, the cookie is not set at the time you do this condition check:
if(isset($_COOKIE['id']) && isset($_COOKIE['name']) && isset($_COOKIE['type']))
And because of that it never get inside the condition statement and following lines do not get executed in the header file:
$_SESSION['id'] = $_COOKIE['id'];
$_SESSION['name'] = $_COOKIE['name'];
$_SESSION['type'] = $_COOKIE['type'];
I have the following error:
Notice: Undefined index: submit in C:\wamp\www\registration\register.php on line 6
Can't seem to work out whats wrong??? Here's the code::
<?php
//Create registration form (register.php)
include "../includes/db_connect.php";
if(!$_POST['submit']) ///Line 6
{
?>
<html>
<head><link rel="stylesheet" href="style.css"></head>
<div class="divider">
<strong>Register</strong><br/><br/>
<form method="post" action="register.php">
<div class="formElm">
<label for="first">First Name</label>
<input id="first" type="text" name="first">
</div>
<div class="formElm">
<label for="last">Last Name</label>
<input id="last" type="text" name="last">
</div>
<div class="formElm">
<label for="username">Desired Username</label>
<input id="username" type="text" name="username">
</div>
<div class="formElm">
<label for="password">Password</label>
<input id="password" type="password" name="password">
</div>
<div class="formElm">
<label for="pass_conf">Confirm Password</label>
<input id="pass_conf" type="password" name="pass_conf">
</div>
<div class="formElm">
<label for="email">Email</label>
<input id="email" type="text" name="email">
</div>
<div class="formElm">
<label for="about">About</label>
<textarea id="about" cols="30" rows="5" name="about">Tell us about yourself</textarea>
</div>
<input type="submit" name="submit" value="Register">
</form>
or Login
</div>
</html>
<?php
}
else
{
$first = protect($_POST['first']);
$last = protect($_POST['last']);
$username = protect($_POST['username']);
$password = protect($_POST['password']);
$pass_conf = protect($_POST['pass_conf']);
$email = protect($_POST['email']);
$about = protect($_POST['about']);
$errors = array();
$regex = "/^[a-z0-9]+([_\.-][a-z0-9]+)*#([a-z0-9]+([.-][a-z0-9]+)*)+\.[a-z]{2,}$/i";
if(!preg_match($regex, $email))
{
$errors[] = "E-mail is not in name#domain format!";
}
if(!$first || !$last || !$username || !$password || !$pass_conf || !$email || !$about)
{
$errors[] = "You did not fill out the required fields";
}
$sql = "SELECT * FROM `users` WHERE `username`='{$username}'";
$query = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($query) == 1)
{
$errors[] = "Username already taken, please try another";
}
if(count($errors) > 0)
{
echo "The following errors occured with your registration";
echo "<font color=\"red\">";
foreach($errors AS $error)
{
echo "<p>" . $error . "\n";
}
echo "</font>";
echo "Try again";
//we use javascript to go back rather than reloading the page
// so the user doesn't have to type in all that info again.
}
else
{
$sql = "INSERT into `users`(`first`,`last`,`username`,`password`,`email`,`about`)
VALUES ('$first','$last','$username','".md5($password)."','$email','$about');";
$query = mysql_query($sql) or die(mysql_error());
echo "Thank You for registering {$first}! Your username is {$username}";
echo " Click here to Login";
}
}
?>
If there is no POST parameter at all or if there is no parameter named submit then you're trying to access an array index that does not exists, hence the warning. You can simply test if there is such an index/element in the _POST array.
if( isset($_POST['submit']) )
It doesn't check the value (like you original script, which tests if the value of _POST['submit'] equals false, see type juggling), but the mere existence of the index/element should suffice in this case.
see http://docs.php.net/isset
To get rid of this error, it should be:
if(!isset($_POST['submit']))
However, your code is already OK.
What you are getting is not an error, it is a warning, which is caused by having strict warnings enabld. PHP is a dynamic language which does not usually require to define variables and array keys, and most documentation and code will skip this part. So you should consider turning this feature off, as it clutters code and has few additional benefits. Or, switch to a statically compiled language (say asp.net) which will really benefit from defined variables and static typing.
Your $_POST does not exist when you first load your page. Change your check to something like:
if(!isset($_POST["submit"]))
Because you did not post anything yet, there will be no "submit" key in your $_POST array. That's what causes the warning.
For those posting use if(isset($_POST['submit'])), you clearly did not read his code. He has put is there is not a submit write the HTML form else use the fields (backwards righting to me!)
If he wants to keep the structure as is, it should be
if(empty($_POST['submit']))