I have a form that loads another php script (upload.processor.php) once the form is submitted. The "upload.processor.php" checks the forms validation and upload validation. However i want to separate the form validation from the upload validation. If there is something wrong with the form (such as a blank field) i want this to be picked up and the error displayed above the form..... Then if the forms validation is passed, then it loads "upload.processor.php" to check the upload validation.

Does anyone know how i could separate my code to function as described above? (and if possible, why the email validation is not really working)

Here is the code i have for the join.form.php (i'l post the upload.processor.php on a reply to this thread as i am over the limit)

join.form.php

<?php

<?php

if($_POST)
{

// Make a MySQL Connection
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("whoishot") or die(mysql_error());

//////////////////////START OF FORM VALIDATION//////////////////////////////////////////////////////////////////////////

// checks whether fields are blank
if (!$_POST['firstname'] || !$_POST['lastname'] || !$_POST['username'] || !$_POST['password'] || !$_POST['email'] ) {
UploadForm('Error: You did not complete all of the required fields!');
}

// checks whether username is already in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM accounts WHERE username = '$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
(mysql_num_rows($check) !== 0) or UploadForm('Sorry, the username '.$_POST['username'].' is already in use.');

// set variables

// make a note of the current working directory, relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

// make a note of the directory that will recieve the uploaded files
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/';

// make a note of the location of the success page
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.success.php';

// name of the fieldname used for the file in the HTML form
$fieldname = 'file';

// Now let's deal with the upload

// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
2 => 'html form max file size exceeded',
3 => 'file upload was only partial',
4 => 'no file was attached');

// check for standard uploading errors
($_FILES[$fieldname]['error'] == 0)
or UploadForm('Error: '.$errors[$_FILES[$fieldname]['error']], $uploadForm);

// check that the file we are working on really was an HTTP upload
@is_uploaded_file($_FILES[$fieldname]['tmp_name'])
or UploadForm('Error: that file is not an HTTP upload');

// validation... since this is an image upload script we
// should run a check to make sure the upload is an image
@getimagesize($_FILES[$fieldname]['tmp_name'])
or UploadForm('Error: only image uploads are allowed');

// make a unique filename for the uploaded file and check it is
// not taken... if it is keep trying until we find a vacant one
$now = time(); //current time stamp
$path_parts = pathinfo($_FILES[$fieldname]['name']);
while( file_exists($uploadFilename = $uploadsDirectory . $now++ . "." . $path_parts["extension"]) );

// now let's move the file to its final and allocate it with the new filename
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
or UploadForm('Server error: receiving directory insuffiecient permission');

// send form to the database

//retrieve form data in a variable
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$file = $_POST['file'];

// Insert a row of information into the table
mysql_query("INSERT INTO accounts (firstname, lastname, username, password, email, file) VALUES( '$firstname' , '$lastname' , '$username', '$email', '$uploadFilename') ");

// If you got this far, everything has worked and the file has been successfully saved.
// We are now going to redirect the client to the success page.
header('Location: ' . $uploadSuccess);
}
else
{
UploadForm();
}

function sticky($in)
{
if(isset($_POST[$in]))
{
return (get_magic_quotes_gpc()?stripslashes($_POST[$in]):$_POST[$in]);
}
return '';
}

function UploadForm($message = '', $max_file_size = 500000)
{

?><!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 3.2 Final//EN'>
<html>
<head>
<title>template</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<link rel=stylesheet href=stylesheet.css type=text/css>
<style type="text/css">
#error_message{color:red;font-weight:bold;}
</style>
</head>

<body>

<table width=759 border=0 cellspacing=0 cellpadding=0>

<tr>
<td width="759"><img src="Images/headers/join.jpg" width="189" height="90"></td>
</tr>

<tr>
<td><form id="Upload" action="" enctype="multipart/form-data" method="post">
<table width="77%" border="0" cellspacing="1" cellpadding="2">
<tr>
<td>&nbsp;</td>
<td><span id="error_message"><?php echo $message ?></span></td>
</tr>
<tr bgcolor="#efefef">
<td width="28%" class="form">First Name:</td>
<td width="72%"><input type="text" name="firstname" value="<?php echo sticky('firstname') ?>" size="35"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Last Name:</td>
<td><input type="text" name="lastname" value="<?php echo sticky('lastname') ?>" size="35"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Username:</td>
<td><input type="text" name="username" value="<?php echo sticky('username') ?>" size="30"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Password:</td>
<td><input type="password" name="password" value="<?php echo sticky('password') ?>" size="30"></td>
</tr>

<tr bgcolor="#efefef">
<td class="form">Email:</td>
<td><input type="text" name="email" value="<?php echo sticky('email') ?>" size="35"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Submit Your Photo:</td>
<td><input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>" /> <input id="file" type="file" name="file" size="40"/>
</td>
</tr>
<tr>
<td height="82"><div align="center"><img src="Images/warning.jpg" width="80" height="67"></div></td>
<td colspan="2" class="form_right">
<?php echo file_get_contents('upload_warning.txt') ?>
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td height="35" colspan="2" class="text">By joining you accept the
whoishot.ie <a class="linksHeader" href="termsofservice.html" target="_blank">Terms
of Service</a></td>
</tr>
<tr>
<td height="35">&nbsp;</td>
<td> <input name="submit" type="submit" id="submit" value="Create my Account">
<input type="reset" name="Reset" value="Reset"></td>
</tr>
</table>
</form>
<br></td>
</tr>
</table>
</body>
</html><?php

die();

}

?>

Please see above code

$file = 'C:\wamp\www\site\upload_warning.txt';What is that?

Sorry, it should have just been

$file = 'upload_warning.txt'; // its a file that stores a paragraph of text about terms and conditions, so i can just change the text file instead of the page

can you figure out, how i can sort my mess out, i have tried so many different things but still can't manage to get it working...

Can anyone help me with this please? I have spent a day and a half trying to separate them!

Try to be pacient. This is simple a matter of using the form instead of the error handler. I'll have a look later today.

Sorry, thanks a million, thanks for your help bokeh

I haven't tried this but it should work. It replaces all of the above code:<?php

if($_POST)
{

// Make a MySQL Connection
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

//////////////////////START OF FORM VALIDATION//////////////////////////////////////////////////////////////////////////

// checks whether fields are blank
if (!$_POST['firstname'] || !$_POST['lastname'] || !$_POST['username'] || !$_POST['password'] || !$_POST['email'] || !$_POST['DOBdd'] || !$_POST['DOBdd'] || !$_POST['DOBmm'] || !$_POST['DOByyyy'] || !$_POST['gender'] ) {
UploadForm('Error: You did not complete all of the required fields!');
}

// checks whether username is already in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM accounts WHERE username = '$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
(mysql_num_rows($check) !== 0) or UploadForm('Sorry, the username '.$_POST['username'].' is already in use.');

/////////////////////////////// THIS EMAIL VALIDATION IS NOT REALLY WORKING //////////////////////////////////////////

function check_email_address($email)
{
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
{
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i]))
{
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
{ // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}

check_email_address($email) or UploadForm('Error: The email address entered appears to be invalid!');

/////////////////////////////// END OF EMAIL VALIDATION //////////////////////////////////////////


///////////////////////////////////////// END OF FORM VALIDATION & START OF UPLOAD VALIDATION ////////////////////////////////////////////////
// set variables

// make a note of the current working directory, relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

// make a note of the directory that will recieve the uploaded files
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/';

// make a note of the location of the success page
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.success.php';

// name of the fieldname used for the file in the HTML form
$fieldname = 'file';

// Now let's deal with the upload

// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
2 => 'html form max file size exceeded',
3 => 'file upload was only partial',
4 => 'no file was attached');

// check for standard uploading errors
($_FILES[$fieldname]['error'] == 0)
or UploadForm('Error: '.$errors[$_FILES[$fieldname]['error']], $uploadForm);

// check that the file we are working on really was an HTTP upload
@is_uploaded_file($_FILES[$fieldname]['tmp_name'])
or UploadForm('Error: that file is not an HTTP upload');

// validation... since this is an image upload script we
// should run a check to make sure the upload is an image
@getimagesize($_FILES[$fieldname]['tmp_name'])
or UploadForm('Error: only image uploads are allowed');

// make a unique filename for the uploaded file and check it is
// not taken... if it is keep trying until we find a vacant one
$now = time(); //current time stamp
$path_parts = pathinfo($_FILES[$fieldname]['name']);
while( file_exists($uploadFilename = $uploadsDirectory . $now++ . "." . $path_parts["extension"]) );

// now let's move the file to its final and allocate it with the new filename
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
or UploadForm('Server error: receiving directory insuffiecient permission');

// send form to the database

//retrieve form data in a variable
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];
$DOB = date("Y-m-d", mktime(0,0,0,$_POST['DOBmm'],$_POST['DOBdd'],$_POST['DOByyyy']));
$gender = $_POST['gender'];
$email = $_POST['email'];
$file = $_POST['file'];

// Insert a row of information into the table
mysql_query("INSERT INTO accounts (firstname, lastname, username, password, dob, gender, email, file) VALUES( '$firstname' , '$lastname' , '$username', '$password', '$DOB', '$gender', '$email', '$uploadFilename') ");

// If you got this far, everything has worked and the file has been successfully saved.
// We are now going to redirect the client to the success page.
header('Location: ' . $uploadSuccess);
}
else
{
UploadForm();
}

function sticky($in)
{
if(isset($_POST[$in]))
{
return (get_magic_quotes_gpc()?stripslashes($_POST[$in]):$_POST[$in]);
}
return '';
}

function UploadForm($message = '', $max_file_size = 500000)
{

?><!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 3.2 Final//EN'>
<html>
<head>
<title>template</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<link rel=stylesheet href=stylesheet.css type=text/css>
<style type="text/css">
#error_message{color:red;font-weight:bold;}
</style>
</head>

<body>

<table width=759 border=0 cellspacing=0 cellpadding=0>

<tr>
<td width="759"><img src="Images/headers/join.jpg" width="189" height="90"></td>
</tr>

<tr>
<td><form id="Upload" action="" enctype="multipart/form-data" method="post">
<table width="77%" border="0" cellspacing="1" cellpadding="2">
<tr>
<td>&nbsp;</td>
<td><span id="error_message"><?php echo $message ?></span></td>
</tr>
<tr bgcolor="#efefef">
<td width="28%" class="form">First Name:</td>
<td width="72%"><input type="text" name="firstname" value="<?php echo sticky('firstname') ?>" size="35"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Last Name:</td>
<td><input type="text" name="lastname" value="<?php echo sticky('lastname') ?>" size="35"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Username:</td>
<td><input type="text" name="username" value="<?php echo sticky('username') ?>" size="30"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Password:</td>
<td><input type="password" name="password" value="<?php echo sticky('password') ?>" size="30"></td>
</tr>

<tr bgcolor="#efefef">
<td class="form">Email:</td>
<td><input type="text" name="email" value="<?php echo sticky('email') ?>" size="35"></td>
</tr>
<tr bgcolor="#efefef">
<td class="form">Submit Your Photo:</td>
<td><input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>" /> <input id="file" type="file" name="file" size="40"/>
</td>
</tr>
<tr>
<td height="82"><div align="center"><img src="Images/warning.jpg" width="80" height="67"></div></td>
<td colspan="2" class="form_right">
<?php echo file_get_contents('C:/wamp/www/site/upload_warning.txt') ?>
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td height="35" colspan="2" class="text">By joining you accept the
whoishot.ie <a class="linksHeader" href="termsofservice.html" target="_blank">Terms
of Service</a></td>
</tr>
<tr>
<td height="35">&nbsp;</td>
<td> <input name="submit" type="submit" id="submit" value="Create my Account">
<input type="reset" name="Reset" value="Reset"></td>
</tr>
</table>
</form>
<br></td>
</tr>
</table>
</body>
</html><?php

die();

}

?>I haven't touched your validation section but it needs attention.

Thanks, but it keep saying "Error: You did not complete all of the required fields!" even though they are all filled in and a photo has been selected, but it's exactly the way i want it (where the error is coming up). Have you any idea why it would be throwing that error out even though all fields are filled in. Also if i try and put in a user name that has already being used it does not recognize it, thanks

if (!$_POST['firstname'] || !$_POST['lastname'] || !$_POST['username'] || !$_POST['password'] || !$_POST['email'] || !$_POST['DOBdd'] || !$_POST['DOBdd'] || !$_POST['DOBmm'] || !$_POST['DOByyyy'] || !$_POST['gender'] ) {That is because the fields marked in red don't exist in you form. If you are going to add them to the form I would use dropdowns for the date of birth and radio buttons for the gender. Otherwise just remove the code marked in red.

Sorry bokeh, i shortend the code to fit in here, that's why i forgot to take somethings out. The code you amended for me still does not work properely, it seems to always throw up some error so I am going to edit my first two posts in this thread with the exact code i have, maybe then it would be easier for you to help me, thanks so much for your help, i have spend two days trying to get this working now, please have a look at the new code and see if you could maybe make some sense of it, thanks again

$file = $_POST['file'];Remove that! What is the error?

Removed that but still no difference, if i don't fill in all fields it displays the error message "Please fill in all fields" and if i fill in all fields (inc selecting an image) i get the error "The username (what ever text i have in the username field) is already in use" Any ideas what it could be

First delete this line:$check2 = mysql_num_rows($check);If it still does it check what is in the DB table

No good...(mysql_num_rows($check) !== 0)Only use the triple form for a REAL true or false condition. Change this to:(mysql_num_rows($check) != 0)

No good...(mysql_num_rows($check) !== 0)Only use the triple form for a REAL true or false condition. Change this to:(mysql_num_rows($check) != 0)Or this: (mysql_num_rows($check) > 0)Or this:(mysql_num_rows($check) !== '0')Or this:(mysql_num_rows($check))

Actually, the whole block is a little suspect...This:$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM accounts WHERE username = '$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
(mysql_num_rows($check) !== 0) or UploadForm('Sorry, the username '.$_POST['username'].' is already in use.');should be really be:[php]$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM accounts WHERE username = '$usercheck' LIMIT 1") or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
(mysql_num_rows($check) == 1) or UploadForm('Sorry, the username '.$_POST['username'].' is already in use.');You should LIMIT the query to just one record. It makes the subsequent question easier to define.

If that column were UNIQUE (as it should be) doing that wouldn't be necessary.

I think that even without being UNIQUE in the MySQL sense, in real terms, it would have to be unique all the same. What's the point of a user database if I'm not going to check first if the user name isn't already used. Imagine two Bokeh's in this forum... Or worse, two Nightshift's... sounds more like a Nightmare...

LIMIT 1 doesn't really address that. It's meant to stop MySQL from scanning the rest of the records once it has one valid match - so you save a little bit of time.

But the point I wanted/tried to make, is that by using LIMIT 1, I'm always reminded as to what the positive outcome of the query should be. Then, I don't check for negative conditions (<> 0) but positive ones (== 1) instead - where applicable, of course - tantamount to asking "Did I find one?" instead of "Did I not find none?"

It's more semantic than technical, I agree, but when re-visiting the code, weeks or months later, I find that "straight" questions/conditions are easier to decrypt than those that bend over backwards.

LIMIT 1 doesn't really address that. It's meant to stop MySQL from scanning the rest of the records once it has one valid match - so you save a little bit of time.I can't see how that could be true although it possibly could be so with a basic query. It certainly couldn't be true with ORDER BY and GROUP BY clauses as these need the whole table content to be scanned in order to do their job. In the cases where the username is not already taken the whole table will need to be scanned anyway.

I can't see how that could be true although ...Taken out of context, you are right. Within the context of this particular query, you are not.

The LIMIT clause has its own set of intricacies and in fact, sometimes, because it can - and at times, will - stop scanning a table too soon, you get strange and unexpected results. This is true of of GROUP BY, for example. There are documented workarounds so it's only half as bad as it sounds. If you should run into that problem, use SQL_CALC_FOUND_ROWS to force a table scan.

ORDER BY is not exempt, either.If you use LIMIT row_count with ORDER BY, MySQL ends the sorting as soon as it has found the first row_count rows of the sorted result...Depending on the query, this could lead to problems.

But... that wasn't my point. I was trying to say that, in a query such as this one, the result is obviously limited to 1. By including the clause "LIMIT 1", it it a visual reminder as to what it is that you are really checking for. It makes no sense to me to set off a query that must return 1 row if successful and then test against a condition of "<> 0".

Why do it backwards?

I want to add that, in the context of this query, even if we did not LIMIT to 1, the correct test for the condition remains == 1 and not <> 0.

Imagine the table with two users with the same name. By allowing for <> 0, you would let both of them in... To me, that's an error condition: neither user should be let in. By testing agains t == 1, you essentially prevent that.

The likelihood of that happening is slim but since this particular script only checks user names and not passwords, the risk increases.

NightShift, this discussion has made me look back at the last login system I did to see how I handled this issue. In my code I didn't use a SELECT query at all; I just made the column UNIQUE. Here is the code:function updateDB(&$error)
{
connect();
$query = "UPDATE `suscriptores` ".
"SET `usuario` = '".clean($_POST['usuario'])."', ".
" `clave` = MD5('".clean($_POST['clave'])."'), ".
" `email` = '".clean($_POST['email'])."' ".
"WHERE `id` = {$_SESSION['id']}";
if(!mysql_query($query))
{
$mysql_error = mysql_error();
if(false !== strpos($mysql_error, 'key 3'))
{
$error = 'Error: Ya existe una cuenta registrada con el mismo nombre de usuario.';
}
elseif(false !== strpos($mysql_error, 'key 4'))
{
$error = 'Error: Ya existe una cuenta registrada con la misma direcci&oacute;n de correo electrc&oacute;nico.';
}
return false;
}
return true;
}This is slightly different from the OP code because the people signing up are already real customers of the firm in question and they are just choosing a username and password to access their personal pages. But the idea would be the same for an INSERT query as in the following code:function updateDB(&$error)
{
connect();
$query = "INSERT INTO `suscriptores` ".
"SET `usuario` = '".clean($_POST['usuario'])."', ".
" `clave` = MD5('".clean($_POST['clave'])."'), ".
" `email` = '".clean($_POST['email'])."' ";
if(!mysql_query($query))
{
$mysql_error = mysql_error();
if(false !== strpos($mysql_error, 'key 3'))
{
$error = 'Error: Ya existe una cuenta registrada con el mismo nombre de usuario.';
}
elseif(false !== strpos($mysql_error, 'key 4'))
{
$error = 'Error: Ya existe una cuenta registrada con la misma direcci&oacute;n de correo electrc&oacute;nico.';
}
return false;
}
return true;
}

function updateDB(&$error)
{
connect();
$query = "UPDATE `suscriptores` ".
"SET `usuario` = '".clean($_POST['usuario'])."', ".
" `clave` = MD5('".clean($_POST['clave'])."'), ".
" `email` = '".clean($_POST['email'])."' ".
"WHERE `id` = {$_SESSION['id']}" .

"LIMIT 1"; ////////////////////////

if(!mysql_query($query))
{
$mysql_error = mysql_error();
if(false !== strpos($mysql_error, 'key 3'))
{
$error = 'Error: Ya existe una cuenta registrada con el mismo nombre de usuario.';
}
elseif(false !== strpos($mysql_error, 'key 4'))
{
$error = 'Error: Ya existe una cuenta registrada con la misma direcci&oacute;n de correo electrc&oacute;nico.';
}
return false;
}
return true;
}... and it would have been even more brilliant...:)

I agree that you don't need to SELECT first if you ultimately want to INSERT or UPDATE. But even then, in the case of UPDATE, where's the harm of LIMITing? It doesn't detract from your objective ...

But again... that wasn't my point...

where's the harm of LIMITing?I didn't realise that option existed but after checking: "The LIMIT clause places a limit on the number of rows that can be updated". I agree that anything that causes the early abort of a sub-routine that has already been successful can only be a good thing.