www.webdeveloper.com
Results 1 to 2 of 2

Thread: Need help! Form submission

  1. #1
    Join Date
    Apr 2014
    Posts
    38

    Need help! Form submission

    Hey guys,

    So as you will tell by my code, I'm dazed and confused on what to do now.

    I'm trying to establish a user register form that takes the user data, sanitizes the email address, encrypts the password, and takes the logged in user to index.html. -OR- takes the user back to signUp.html with the error "Passwords must match/username must be longer than 4 characters".

    Here is the code I have, any advice at all would be APPRECIATED. I've been struggling with this all day.

    Code:
    <?php 
    
    	error_reporting(E_ALL); ini_set('display_errors', 1); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
    	
    	$dbhost = 'localhost';
    	$dbuser = 'root';
    	$dbpass = '';
    	$mysql_database = "21st";
    	
    	$conn = mysqli_connect($dbhost, $dbuser, $dbpass) or die("Could not connect database");
    			mysqli_select_db($conn, $mysql_database) or die("Could not select database");
    			
    			
    	$username = $_POST['username'];
    	$email = $_POST['email'];
    	$password = $_POST['password'];
    	$password2 = $_POST['password2'];
    
    	if ($password != $password2)	{
    			header('Location: signUp.html');
    	} else	{
    		
    	if (strlen($username) < 4) 	   {
    			header('Location: signUp.html');
    	} else	{
    		
    			$password = md5($password);
    			$password2 = md5($password2);
    			$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
    			
    			$sql = "INSERT INTO members (username, email, password) VALUES ('$username','$email','$password')";	
    			mysqli_query($conn, $sql);
    			
    			header('Location: index.html');
    			exit();
    		}
    	}
    
    ?>
    

  2. #2
    Join Date
    Apr 2008
    Location
    Earth
    Posts
    31
    You should be sanitizing the input from your POST data. since you are using mysqli you should use mysqli_real_escape_string() as a minimum. That will at least protect against mysql attacks.

    I also notice you are using HTML pages... You should just use all PHP pages...

    If signup.php is your signup form. Then POST the form to that page as well. Have your code at the top of the page to detect any form data. Then process the data. If you decide that the supplied information is sufficient, then redirect to another page. Otherwise, continue with loading the rest of the page and reshow the form with the error messages.

    I like to do form posts on the same page as the form because it makes it cleaner (personal opinion). You can chose to POST to a different page, but it makes it messy having to redirect back to a previous page.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles