User registration form error php

Question

Hi am trying to write code that validates in the backend. The code should stop as soon as there is an error. In my case, even if the conditions are satisfied the code stops in the first name validation block itself. Also I wish to have only backend validation.

Here is the php code clientRegister.php

<?php

  require_once("connection.php");
  session_start();
// define variables and set to empty values

$clientFirstName = $clientLastName =$clientEmail = $clientPassword = 
$clientCPassword = $clientContact = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {


    // First Name Validation
  if (empty($_POST["clientFirstName"])) {

    die("error: empty field");
  } else {
    $clientFirstName = test_input($_POST["clientFirstName"]);
    // check if name only contains letters and whitespace
    if (!preg_match("[a-zA-Z ]",$clientFirstName)) {

      die("Error: Only letters and white space allowed");

    }
  }

  // Last Name Validation

    if (empty($_POST["clientLastName"])) {


  die("error: empty field");

   } else {

  $clientLastName = test_input($_POST["clientLastName"]);

  // check if name only contains letters and whitespace

  if (!preg_match("[a-zA-Z ]",$clientLastName)) {


  die("Error: Only letters and white space allowed");
}

    }



    // Email Validation

   if (empty($_POST["clientEmail"])) {



   die("error: empty field");

   } else {

   $clientEmail = test_input($_POST["clientEmail"]);

  // check if e-mail address is well-formed

  if (!filter_var($clientEmail, FILTER_VALIDATE_EMAIL)) {


  die("Error: Invalid email format");

  }

  }


  // Password Validation

  if (empty($_POST["clientPassword"])) {


  die("error: empty field");

  } 


  // Confirm Password Validation

  if (empty($_POST["clientCPassword"])) {


  die("error: empty field");

  } 


  if ($clientPassword != $clientCPassword) {

  die("error: passwords mismatch");


  }else{


  $hashedClientPassword = password_hash($clientPassword, PASSWORD_DEFAULT); 


  }


  if (empty($_POST["clientContact"])) {


  die("error: empty field");

  } else {

  $clientContact = test_input($_POST["clientContact"]);

  // check if number is correct

  if (!preg_match("[0-9]",$clientContact)) {

  die("error: Only 0-9 allowed");
  }

  }


  $check_email = $conn->query("SELECT clientEmail FROM tbl_clients WHERE 
  clientEmail='$clientEmail'");

  $emailCount=$check_email->num_rows;


  if ($emailCount==0) {


  $newClient = "INSERT INTO tbl_clients(clientFirstName, clientLastName, 
  clientEmail, clientPassword, clientContact) VALUES('$clientFirstName','$clientLastName','$clientEmail','$hashedClientPassword','$clientContact')";

if ($newClient === false){

    $result = array();
    $result[] = array("status" => "Error");
  }else{
     echo "Your have been signed up - please now Log In";


     $result = array();
     $result[] = array("First Name" => $clientFirstName, "Last Name" => $clientLastName, "Email" => $clientEmail, "Password" => $hashedClientPassword, "Contact" => $clientContact, "status" => "success");

  } 


  }else {

echo "Already Exists";
   $result = array();
    $result[] = array("status" => "Error");


    }


  echo json_encode($result);


  }


  function test_input($data) {

   $data = trim($data);

   $data = stripslashes($data);

    $data = htmlspecialchars($data);

    return $data;

  }


  ?>

 <!DOCTYPE HTML> <html> <head> </head> <body> <h2>Reg User</h2> <form method="post" action="clientRegister.php"> <label> First Name:<input type="text" name="clientFirstName"><br/> Last Name:<input type="text" name="clientLastName"><br/> Email:<input type="text" name="clientEmail"><br/> Password:<input type="password" name="clientPassword"><br/> Confirm Password:<input type="password" name="clientCPassword"><br/> Contact:<input type="text" name="clientContact"><br/> <input type="submit" value="Register" name="submit"> </label> </form> </body> </html> 

Answer 1

You have missing pattern delimiters for your preg_match()

Replace your patterns with following sample:

if (!preg_match("[a-zA-Z ]",$clientFirstName)) {

    die("Error: Only letters and white space allowed");

}

With:

if (!preg_match("/[a-zA-Z ]/",$clientFirstName)) {

    die("Error: Only letters and white space allowed");

}

Also your

($clientPassword != $clientCPassword)

will always return false because you have not assigned new $_POST values to them. And since you have initialized both variables as empty. So (empty != empty) always return false.

So you should compare like this:

($_POST["clientPassword"] != $_POST["clientCPassword"])

Regarding your query, it was not executed

$newClient = "INSERT INTO tbl_clients(clientFirstName, clientLastName, clientEmail, clientPassword, clientContact) VALUES('$clientFirstName','$clientLastName','$clientEmail','$hashedClientPassword','$clientContact')";

Which I think you meant:

$newClient = $conn->query("INSERT INTO tbl_clients(clientFirstName, clientLastName, clientEmail, clientPassword, clientContact) VALUES('$clientFirstName','$clientLastName','$clientEmail','$hashedClientPassword','$clientContact')");

Note : Your queries are vulnerable to sql injection and you should use prepare statement

DEMO:

http://sandbox.onlinephpfunctions.com/code/d435ae025dc9e22b677823ff37712bb712b71e1b

You can test this file:

https://pastebin.com/AgfquEMC