password match php and validating username and password
Question
I am trying to create a register page and on this i have several tasks which i would like to complete.
1)The username to only accept a-z A-Z 0-10 characters
2)The passwords being entered at the stage of registration are checked to
see if they match, if not get the user to try again
3)Set the passwords to only accept A-Z a-z 0-10 ! characters
I am working on task 2 , the code i have works but although it shows the error it is still entering the data in the database. not sure where i am going.
if(isset($_POST['submit'])){
$username = mysql_real_escape_string($_POST['username']);
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$email = mysql_real_escape_string($_POST['email']);
$selected = mysql_select_db("register", $dbhandle);
$query = "SELECT * FROM users WHERE email='".$email."'
OR username= '".$username."'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0){
echo "A record already exists.";
exit;
}
else{
$insert = mysql_query("INSERT into users (username, password1, password2, email) VALUES
('".$username."','".$password1."','".$password2."','".$email."')");
}
if($insert){
echo "Success";
}
else{
echo "There was an error " . mysql_error();
}
mysql_close();
if ($_POST['password1']!= $_POST['password2'])
{
echo("Oops! Password did not match! Try again. ");
}
}
?>
4 answers
solution1
0 ACCPTED 2015-01-15 11:37:16
You need to check if there are any errors during the registration and if not then insert the data in database. Check below code;
$err = "";
//your extra code and validations
if ($_POST['password1']!= $_POST['password2'])
$err .= "Oops! Password did not match! Try again."; //append to $err
if ($err=="")
{
//insert here
}
//display $err somewhere below
Or you need to modify your code like this
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$email = mysql_real_escape_string($_POST['email']);
$selected = mysql_select_db("register", $dbhandle);
$query = "SELECT * FROM users WHERE email='".$email."' OR username= '".$username."'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
{
echo "A record already exists.";
exit;
}
else
{
if ($_POST['password1']!= $_POST['password2'])
echo("Oops! Password did not match! Try again. ");
else
{
$insert = mysql_query("INSERT into users (username, password1, password2, email) VALUES ('".$username."','".$password1."','".$password2."','".$email."')");
if($insert)
echo "Success";
else
echo "There was an error " . mysql_error();
}
}
mysql_close();
}
The username to only accept az AZ 0-10 characters
Use the following code for username validation
if (preg_match('/^[a-zA-Z0-9]+$/', $username))
echo "valid username";
else
echo "invalid username";
Set the passwords to only accept AZ az 0-10 ! characters
Use the following code for password validation
if (preg_match('/^[a-zA-Z0-9!]+$/', $password1))
echo "valid password";
else
echo "invalid password";
Full Code
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$password1 = mysql_real_escape_string($_POST['password1']);
$password2 = mysql_real_escape_string($_POST['password2']);
$email = mysql_real_escape_string($_POST['email']);
$selected = mysql_select_db("register", $dbhandle);
$query = "SELECT * FROM users WHERE email='".$email."' OR username= '".$username."'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
{
echo "A record already exists.";
exit;
}
else
{
if ($_POST['password1']!= $_POST['password2'])
echo("Oops! Password did not match! Try again. ");
else
{
//too many if/else blocks but don't want to change the structure of your code
if (!preg_match('/^[a-zA-Z0-9]+$/', $username))
echo "invalid username";
else
{
if (!preg_match('/^[a-zA-Z0-9!]+$/', $password1))
echo "invalid password";
else
{
$insert = mysql_query("INSERT into users (username, password1, password2, email) VALUES ('".$username."','".$password1."','".$password2."','".$email."')");
if($insert)
echo "Success";
else
echo "There was an error " . mysql_error();
}
}
}
}
mysql_close();
}
solution2
0 2015-01-15 11:37:37
The echo does not abort execution. Your code probably looks like this:
if ($_POST['password1']!= $_POST['password2'])
{
echo("Oops! Password did not match! Try again. ");
}
saveToDb();
So read as in "if password1 and password2 do not match, echo an error message. In any case saveToDB."
If you want to abort execution, use exit rather then echo or make sure that saveToDb is only executed when your form is valid eg like this:
$valid = true;
if ($_POST['password1']!= $_POST['password2'])
{
echo "No Match";
$valid = false;
}
if (...)
{
echo "...";
$valid = false;
}
...
if ($valid)
{
saveToDb();
}
solution3
0 2015-01-15 11:38:53
Where you have:
echo("Oops! Password did not match! Try again. ");
You need to "$failflag = 1", then where you have your DBQuery that inputs the data simply add an if clause;
if($failflag==1)
//Dont do db stuff
else
//Do do db stuff
EDIT:
Try to stay away from the deprecated mysql_query functions, if you are a little lost for where on how to use OOP, I suggest using this class, its good for beginners:
solution4
0 2015-01-15 11:40:27
HI For 1st and 3th tasks you can use Regular expressions
http://php.net/manual/en/function.preg-match.php http://www.regular-expressions.info/
for 2nd task you need exit script after
echo("Oops! Password did not match! Try again. ");
or you need write like below
if(//username is not OK){
//echo error
}
else if(//password is not OK){
//echo error
}
else if ($_POST['password1']!= $_POST['password2'])
{
echo("Oops! Password did not match! Try again. ");
}
else{
//insert in database
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.