Search code examples
phpregistration

registration form in php

 $error1=''; 
 $error2=''; 
$error3=''; 
$error4=''; 
$error5=''; 
$error6='';

$yourname='';
$email='';
$email2='';
$password='';
$password2='';
$country='';

     if (isset($_POST['Registerme']))
       { 

$_POST['yourname']=$yourname;
$_POST['email']=$email;
$_POST['email2']=$email2;
$_POST['password']=$password;
$_POST['password2']=$password2;
$_POST['country']=$country;

if($yourname==''){

    $error1='name required';

    } 


if($email==''){

    $error2='email required';

    } 
if($email2==''){

    $error3='required field';

    } 


if($password==''){

    $error4='password required';

    } 


    if($password2==''){

    $error5='required field';

    } 


if($country==''){

    $error6='country required';

    } 



       if(empty($error1) && empty($error2) && empty($error3) && empty($error4) &&     empty($error5) && empty($error6))

      {echo 'mysql query goes here and add the user to database';}

       }///main one

      else {$error1=''; 
     $error2=''; 
         $error3=''; 
         $error4=''; 
          $error5=''; 
            $error6='';}

this is a registration validation script. in my registration form there are two email and password filelds.second fields are for confirmation.i want to check weather user typed same information in that both field.if i want to do that in this script should i use another if statement? or i should use else if? i am confused about that step...

Solution

  • Some comments:

    • You MUST sanitize input! Take a look at best method for sanitizing user input with php.
    • Your assignments: Instead of "$_POST['yourname']=$yourname;" it should be "$yourname=$_POST['yourname'];".
    • You're using a lot of variables for error control, and after that if all went well you simply forget the error messages in the last else block. Use some kind of array for error strings, and use it!
    • Are you sure you aren't validating usernames/passwords to not contain spaces or weird characters, or emails to be valid?

    Some sample code...:

    // Simple sanitize function, complete it
function sanitize_input ($inputstr) {
    return trim(mysql_real_escape_string($inputstr));
}

if (isset ($_POST['Registerme']) {
    // array of error messages to report
    $error_messages = array();
    $isvalid = true;

    // Assignment 
    $yourname = sanitize_input ($_POST['yourname']);
    $email = sanitize_input ($_POST['email']);
    $email2 = sanitize_input ($_POST['email2']);
    $password = sanitize_input ($_POST['password']);
    $password2 = sanitize_input ($_POST['password2']);
    $country = sanitize_input ($_POST['country']);

    // Validation
    if (empty ($yourname)) {
        $error_messages[] = "You must provide an username";
    } 

    if (empty ($password)) {
        $error_messages[] = "You must provide a password.";
    }
    elseif ($password !== $password2) {
        $error_messages[] = "Passwords do not match.";
    }

    // Same for email, you caught the idea

    // Finally, execute mysql code if all ok
    if (empty($error_messages)) {
       // Execute mysql code
       isvalid = true;
    }
}

// After form processing, use isvalid which is false if there are errors
// and the error_messages array to report errors