1

I am new to php validation. I'm working on registration form, which will go through php script for database checking two unqiue variables ac_title and email then after checking errors. It will insert the given values in databases. The file name is formvu.php then it'll move to activate.php. I'm getting the problem that if I use 

<form name="fone" method="post" onsubmit="return validateform(fone)" action="activate.php">

form will ignore the php script and it will move to next page. Buh when I'll use this:

<form name="fone" method="post" onsubmit="return validateform(fone)" action="<?php $_SERVER['PHP_SELF']?> ">

now page it will run whole the php errors and commands.

Here is my whole php code:

<?php
    if($_SERVER["REQUEST_METHOD"] == "POST")
    {
        $nun=$_POST['account'];
        $em=$_POST['email'];
        $register="SELECT ac_title,email FROM register";
        $query=mysql_query($register);
        while ($row= mysql_fetch_array($query))
        {   
            if ($nun == $row['ac_title'])
            {
                print "<span class=\"phclass\"><br/><b>
                    Your Account Title :</b></span>"." '"."<span class=\"ahclass\"><b>$nun</b></span>"."'".
                    " <span class=\"phclass\"><b>already exsist, please choose different.</b></span><br/>";
            }

            if($em == $row['email'])
            {
                print "<span class=\"phclass\"><b><br/>Your Email:</b>
                    </span>"." "."<span class=\"phclass\"><b> $em</b></span>"."<span class=\"phclass\">
                    <b> already exsist, please visit <a href=\"resetpassword.html\">
                    Forget password</a></b></span><br/>";
            }
            if ($nun != $row['ac_title'] && $em != $row['email'])
            {
                $ac_title=$_POST['account'];
                $email=$_POST['email'];
                $pass=$_POST['pwd'];
                $fn=$_POST['fname'];
                $gd=$_POST['gender'];
                $city=$_POST['city'];
                $VID=$_POST['vuid'];
                $course=$_POST['courseid'];
                $camp=$_POST['campus'];
                $hash=md5(rand(0,1000));

                $sql="INSERT INTO register (ac_title, email, pass,fn, sex, city,
                    VID, CRS, campus, hash,activate) VALUES('$ac_title', '$email',
                    '$pass','$fn', '$gd',' $city','$VID','$course',
                    '$camp','$hash','0')";

                $inst=mysql_query($sql,$connection);

                if (!$inst)
                {   
                    print "";
                }
                else 
                {
                    echo "Succesful ";
                }
            }// if
        } // while
    } // if
?>

If the action is default page it will run whole script. I want to run whole script and move to Next page (activate.php).

Improve this question
4
  • 2
    check the header function for relocating your script (please note that NOTHING can be outputted - i.e. no HTML must be written previous to your redirect) Commented Oct 8, 2013 at 14:45
  • i checked header() it is given me error that i posted down ...means i need to post that php script before my html coding Commented Oct 8, 2013 at 14:56
  • 1
    Exactly why I put the word "NOTHING" in capitals - you're outputting HTML before calling header() somewhere on your page. Don't do it, move your PHP processing part ABOVE your first <html> tag and use Patrick's code to redirect Commented Oct 8, 2013 at 14:58
  • THanks Patrick and Zathrus i got it :) Commented Oct 11, 2013 at 16:31

3 Answers 3

Reset to default
1

Do you want a redirect when it was successful? If so add this code where you echo 'successful' is:

header("Location: activate.php");
die();

See here for more information on redirects.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

hello thankx for answering i did that header function too but browser is givin me this error "Warning: Cannot modify header information - headers already sent by (output started at F:\xampp\htdocs\ourwork\proper pages\formvu.php:7) in F:\xampp\htdocs\ourwork\proper pages\formvu.php on line 88"
That means you have output somewhere before the header call. It can be something as simple as a space. Make sure you check that there are no spaces before your <?php tags in all included files and don't use the closing tag ?>.
error Cannot modify header information - headers already sent by (output started at F:\xampp\htdocs\ourwork\proper pages\databaseregistration.php:9) in F:\xampp\htdocs\ourwork\proper pages\formvu.php on line 52 databaseregisration.php is just mysql commands for connecting to database
Double check everything, there is an output of something somewhere. Even just a HTML tag or space will break the header() function.
1

Validation is a complex issue but there are also lots of resources online to help you. This is an early hit in Google for me: http://www.sitepoint.com/form-validation-with-php/

Whilst you can add form validation using JS (which you seem to be doing), if you want it to be more secure I would recommend validating the data server-side too (PHP) and the link provided should help you here.

I realise this answer doesn't directly answer your question but if you become more familiar with simple validation techniques you probably won't have the issue in the first place.

Improve this answer

2 Comments

yes all fields are using javascript FOr basic requirement like empty or email or password validation what i need to to CHECK THE DATABASE FOR ACOUNT TITLE AND EMAIL THEN MOVE TO INSERT THEN GOIN TO NEXT PAGE FOR ACTIVATION.(caps was for mention it properly nothing else....i ll check the link for sure)
Javascript can be bypassed easily whereas server-side validation cannot. Client side validation does have it's advantages but security isn't one of them.
1

You should use Array by checking you email and username

use this code of my

<?php
//Start session
session_start();

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($firstname == '') {
    $errmsg_arr[] = 'First name missing';
    $errflag = true;
}
if($lastname == '') {
    $errmsg_arr[] = 'Last name missing';
    $errflag = true;
}
if($email == '') {
    $errmsg_arr[] = 'Email missing';
    $errflag = true;
}
if($username == '') {
    $errmsg_arr[] = 'Username ID missing';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}
if($cpassword == '') {
    $errmsg_arr[] = 'Confirm password missing';
    $errflag = true;
}
if( strcmp($password, $cpassword) != 0 ) {
    $errmsg_arr[] = 'Passwords do not match';
    $errflag = true;
}

//Check for duplicate email
if($email != '') {
    $qry = "SELECT * FROM ".$table." WHERE email='$email'";
    $result = mysql_query($qry);
    if($result) {
        if(mysql_num_rows($result) > 0) {
            $errmsg_arr[] = 'Email have already in Using!';
            $errflag = true;
        }
        @mysql_free_result($result);
    }
    else {
        die("Query failed");
    }
}

//Check for duplicate login ID
if($login != '') {
    $qry = "SELECT * FROM ".$table." WHERE login='$login'";
    $result = mysql_query($qry);
    if($result) {
        if(mysql_num_rows($result) > 0) {
            $errmsg_arr[] = 'User-Name already in Using!';
            $errflag = true;
        }
        @mysql_free_result($result);
    }
    else {
        die("Query failed");
    }
}

//If there are input validations, redirect back to the registration form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: register-form.php");
    exit();
}

//Create INSERT query
$qry = "INSERT INTO members(firstname, lastname, email, username, password) VALUES('$firstname','$lastname','$email','$username','$password')";
$result = @mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    header("location: register-success.php");
    exit();
}else {
    die("Query failed");
}
  ?>

And also use this code at you registration from page

<?php
//Start Session
session_start();
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
    echo '<ul class="err">';
    foreach($_SESSION['ERRMSG_ARR'] as $msg) {
        echo '<li>',$msg,'</li>'; 
    }
    echo '</ul>';
    unset($_SESSION['ERRMSG_ARR']);
}
?>
Improve this answer

1 Comment

Your script is good, but your codes is not comparable of this Questions codes? I hope you get the answer!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.