0

I'm trying to fill in a default 'value' field for a text box in an html registration form based on session data.

If a user makes any errors on my registration form it sends them back, and I want as much of their data filled in as possible as opposed to them being sent back to a plain form to start again.

Here's my handleer script check:

// Let's get the text from the form,.

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password_check = mysql_real_escape_string($_POST['pwcheck']);
$email = mysql_real_escape_string($_POST['email']);
$spam_check = mysql_real_escape_string($_POST['checkit']); // spam check
$IP = $_SERVER['REMOTE_ADDR']; // log their ip

// set up some session data for mnistakes or spam or errors
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;

// check for empty info

if ($username == NULL || $username == '') { // no username set
    header ("Location: register.php?p=un"); die;
}
if ($password == NULL || $password == '') { // no password set
    header ("Location: register.php?p=pw"); die;
}
if ($password_check == NULL || $password_check == '') { // no password check set
    header ("Location: register.php?p=pwchk"); die;
}
if ($email == NULL || $email == '') { // no email set
    header ("Location: register.php?p=em"); die;
}

// have we had Spam?

if (strlen($spam_check) > 0) { // spam bot alert
    header ("Location: http://www.google.co.uk");
    die ('You\'re naughty.');
}

// does password and check match?

if ($password != $password_check) { // no match
    $_SESSION['username'] = $username;
    $_SESSION['email'] = $email;
    header ("Location: register.php?p=pwnpc&email=".$email.""); die;
}

And on my form page I'm doing:

// check for empty fields and session data

if (isset($_SESSION['email'])) { // email session data set
$email_value = 'value = "'.$_SESSION['email'].'"';
} else { $email_value = 'placeholder="Email"'; }

$errors = mysql_real_escape_string($_GET['p']);

switch ($errors) { // something is empty
case "un": // no username set
    $pen_name = 'Pen Name missing!';
break;
case "pw": // no username set
    $password = 'Password missing!';
break;
case "pwchk": // no password check set
    $pw_check = 'Your passwords don\'t match!';
break;
case "em": // no username set
    $email = 'Email missing!';
break;
case "pwnpc": // passwords don't match
    $pw_mismatch = 'Passwords don\'t match!';
break;
}

and the form its self

<form action="register_handle.php" method="post">

<label>Choose a Pen Name</label><br /><?php echo $pen_name ?>
<p><input type="text" name="username" placeholder="Pen Name" autofocus required> </p>

<label>Choose a Password</label><br />
<p><input type="password" name="password" placeholder="Password" required> ---> <input type="password" name="pwcheck" placeholder="Password Confirm" required> <?php echo $password.$pw_check.$pw_mismatch ?></p>

<label>Email</label><br />

 <?php echo $email ?>

<p><input type="email" name="email" <?php echo $email_value ?> required></p>

<input id="checkit" type="text" name="checkit" maxlength="50" size="30">

<input type="submit" value=" Sign Me Up " name="submit" class="submit">

</form>

but I just can't seem to get the values back. I'm sure it's gotta be simple but can you see a problem here? As you can see I've only tried it on trhe email box so far but to no avail.

Improve this question

1 Answer 1

Reset to default
7

You're missing the value attribute in your <input> field:

<p><input type="email" name="email" value="<?php echo htmlentities($email_value) ?>" placeholder="Email" required></p>

This will break the placeholder you wanted to use but that should always be there anyway since it will not show if you provide a value.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Dont forget about XSS protection. +1 also he sets the value attribute when defining the $email_value :s
It looks like it comes from a session and is not user provided. But you're right, I should demonstrate that for completeness.
Semi-colons are only required if there isn't anything being echo'ed after the last line. @M.chaudhry
@johnConde i guess i am using php previous version thats y it doesnt work like that in my case :) +1
Ahhh tnaks, I was trying to set the value attribute in my variable as I thought it may override the placeholder if both were present, but I guess if it's blank then it won't.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.