|
|
Posted by Gleep on 07/06/07 17:43
On Fri, 6 Jul 2007 01:01:33 -0700, "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote:
>I have a set of function that work beautifully the first time that the form
>is processed, but the second time that I hit the submit button if any field
>contains data the form by passes all of my carefully planned validation and
>dumps the data into the DB.
>
>Have to tell you this is very disconcerting. I Have Been working with this
>for a couple of days now. And...
>
>Can you take a look at my logic and tell me if I over looked anything
>obvious?
>I should clue you in to what I am attempting to do.
>
>Nothing complicated, I just make several function calls and if their is
>output from the calls then I have an error somewhere.
>
>It should call my JS window.location function to redirect to the same page
>so that they can make corrections.
>
>However, for some reason the validation functions do exactly what they are
>supposed to do the first time around, but like I said above, the second time
>if any fields are loaded with data it completely by passes my validation
>proceedures. :-(
>
>code:
>--------------------------------------
> // looking at some function calls here, nothing special...
>
> if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){
> $_SESSION['SES_userNameErr'] = $userNameErr;
> }
>
> if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']),
>trimWhiteSpace($_POST['pass2']))){
> $_SESSION['SES_userPassErr'] = $userPassErr;
> }
>
> if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']),
>trimWhiteSpace($_POST['lName']))){
> $_SESSION['SES_nameErr'] = $nameErr;
> }
>
> if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){
> $_SESSION['SES_passHintErr'] = $passHintErr;
> }
>
> if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){
> $_SESSION['SES_emailErr'] = $emailErr;
> }
>
>// my err check statement that only works on the first pass
>
> if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
> ?>
> <script language="javascript">
> window.location = "register.php";
> </script>
> <?php
> }else{
>//
>****************************************************************************
>**************
>//
>// here we encrypt the password and add slashes if needed
>//
>//
>****************************************************************************
>**************
>
>
>$_POST['pass'] = md5($_POST['pass']);
>
> if (!get_magic_quotes_gpc()) {
> $_POST['pass'] = addslashes($_POST['pass']);
> $_POST['username'] = addslashes($_POST['username']);
> $_POST['fName'] = addslashes($_POST['fName']);
> $_POST['lName'] = addslashes($_POST['lName']);
> $_POST['passHint'] = addslashes($_POST['passHint']);
> $_POST['email'] = addslashes($_POST['email']);
> }
> //
>****************************************************************************
>**************
> //
> //if there are no errors in data validation load the data into the database
> // now we insert it into the database
> //
> //
>****************************************************************************
>**************
> $insert = "INSERT INTO user (username, password, fName, lName, passHint,
>email, bMonth)
> VALUES ('".$_POST['username']."',
>'".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST['
>passHint']."','".$_POST['email']."','".$_POST['bMonth']."')";
> $add_member = mysql_query($insert);
>
>
>
>?>
>
><p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName'];
>print "$fName $lName" ?> you have registered - you may now <a
>href="login.php">login</a>.</p>
><?php
> }// end if error
>
>insight would be greatly appreciated
>thank you
>Kevin
>
Well first off , in my opnion the validation logic seems a little convoluted, but the thing i
noticed first is if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr) {...
the ors should be || or OR not |
your saving session data if there is an error, why there is no need to save that data.
here is the logic pattern I'd use
the user fills out the form and submits..
(there might be errors i'm just gonna whip it out)....
if(isset($_POST['Submit'] AND $_POST['Submit']=='Submit' ) {
// collect form vars
if (!get_magic_quotes_gpc()) {
$pass = addslashes($_POST['pass']);
$username = addslashes($_POST['username']);
$fName = addslashes($_POST['fName']);
$lName = addslashes($_POST['lName']);
$passHint = addslashes($_POST['passHint']);
$email = addslashes($_POST['email']);
$bMonth = addslashes($_POST['bMonth']);
} else {
$pass = $_POST['pass'];
$username = $_POST['username'];
$fName = $_POST['fName'];
$lName = $_POST['lName'];
$passHint = $_POST['passHint'];
$email = $_POST['email'];
$bMonth = $_POST['bMonth'];
}
// validate vars
$error = false;
if(!$pass) $error .= "password is required<br />";
if(!$username) $error .= "username is required<br />";
if(!$fName) $error .= "first name is required<br />";
if(!$lName) $error .= "last name is required<br />";
if(!$passHint) $error .= "password hint is required<br />";
if(!$enail) $error .= "email hint is required<br />";
if(userNameCheck(trimWhiteSpace($username))) $error .= "username failed<br />";
if(userPassCheck(trimWhiteSpace($pass))) $error .= "password failed<br />";
if(nameCheck(trimWhiteSpace($fName))) $error .= "first name failed<br />";
if(passHintCheck(trimWhiteSpace($passHint))) $error .= "pass hint failed<br />";
if(emailCheck(trimWhiteSpace($email))) $error .= "email failed<br />";
if(!$error) {
mysql_query("INSERT INTO user (username, password, fName, lName, passHint, email, bMonth) VALUES
('$username','$pass', '$fName', '$lName', '$passHint', '$email', '$bMonth')") or die(mysql_error());
// if everything is cool go to thank you page else return to same page
header("location: thank_you.php");
exit;
}
}
<form name="form1" method="post" action="<?=$_SERVER['PHP_SELF']?>" >
<lable>Username</lable> <input type="text" name="username" value="<?=$username?>"><br />
//repeat for all fields
<input type="submit" name="Submit" value="Submit">
<? if($error) echo "<p>$error</p>";?>
</form>
i think the logic here is easier to follow and tweakable if needed
Navigation:
[Reply to this message]
|