1

I have a form in a file register.php, and it posts to registerPost.php. Inside registerPost.php, I check against a few validation rules, then if any of them are flagged, I return to the first page and print the errors. In theory, that should work. But the validation goes through with no problems, even when I leave everything blank.

Here's the code in question:

        $_SESSION["a"] = "";
        $_SESSION["b"] = "";
        $_SESSION["c"] = "";
        $_SESSION["d"] = "";
        $_SESSION["e"] = "";
        $_SESSION["f"] = "";
        $_SESSION["g"] = "";
        if(empty($userEmail))
            {
                $_SESSION["a"] = "You must enter your email.";
            }
        if(!validEmail($userEmail))
            {
                $_SESSION["a"] = "Improper Email Format";
            }
        if(empty($password))
            {
                $_SESSION["b"] = "You must enter a password.";
            }
        if(strlen($password) < 5 || strlen($password) > 0)
            {
                $_SESSION["b"] = "Password must be at least 5 characters.";
            }
        if($password != $confPassword)
            {
                $_SESSION["c"] = "Passwords do not match";
            }
        if(empty($firstName))
            {
                $_SESSION["d"] = "First Name Required";
            }
        if(empty($lastName))
            {
                $_SESSION["e"] = "Last Name Required";
            }
        if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE email = '$email'")) > 0)
            {
                $_SESSION["f"] = "This email address already exists in our database.";
            }

        if(!empty($_SESSION["a"]) || !empty($_SESSION["b"]) || !empty($_SESSION["c"]) || !empty($_SESSION["d"]) || !empty($_SESSION["e"]) || !empty($_SESSION["f"]))
            {
                header('Location: register.php');
            }

Perhaps there is a more straightforward way to do this?

Improve this question
2
  • What populates $userEmail and the other variables you use above? How do the session variables get sent back to the client for display? BTW, you should use elseif for some of those tests or better yet, move the tests for empty() inside the validation functions which should return the validation error message. If the email address is empty, there's no point in validating it. Commented Feb 20, 2011 at 22:19
  • Those variables are all populated by $_POST statements. As for the session variables being sent back: Their output is always displayed next to the register form. Typically they are empty. If an error has been detected, then the error is displayed in a session variable, which is displayed next to the register form when I change pages back. Commented Feb 20, 2011 at 22:26

2 Answers 2

Reset to default
4

I like this way of registering all errors:

$errors = array();

if (empty($foo1))
  $errors[] = "foo1 can't be left blank!";
else if (!preg_match(' ... ', $foo1))
  $errors[] = "foo1 was not filled out correctly!";

if (empty($foo2))
  $errors[] = "foo2 can't be left blank!";

// ...

if (empty($errors)) {
  // do what you need
} else {
  // notify the user of the problems detected
}

Do you really need to change the page by header?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That's just how I always change pages - unless there is another way?
But does it get triggered in this case? I mean - is the problem in the testing or in the redirect?
1

I tried your code and it works for me. Guessing from $username,$email and so on, I think you're doing some sanitizing on the $_POST data. If so, you should dump the $username, etc. to see, if that procedure is putting something in these variables.

Anyway, I like this way of validation better:

$errors = array();
if(empty($username))
{
    $errors['username'] = 'Username cannot be empty!';
}
...
$_SESSION['errors'] = $errors;
if(count($errors) > 0) //Redirect...
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.