registration form in php

Question

 $error1=''; 
 $error2=''; 
$error3=''; 
$error4=''; 
$error5=''; 
$error6='';

$yourname='';
$email='';
$email2='';
$password='';
$password2='';
$country='';

     if (isset($_POST['Registerme']))
       { 

$_POST['yourname']=$yourname;
$_POST['email']=$email;
$_POST['email2']=$email2;
$_POST['password']=$password;
$_POST['password2']=$password2;
$_POST['country']=$country;

if($yourname==''){

    $error1='name required';

    } 


if($email==''){

    $error2='email required';

    } 
if($email2==''){

    $error3='required field';

    } 


if($password==''){

    $error4='password required';

    } 


    if($password2==''){

    $error5='required field';

    } 


if($country==''){

    $error6='country required';

    } 



       if(empty($error1) && empty($error2) && empty($error3) && empty($error4) &&     empty($error5) && empty($error6))

      {echo 'mysql query goes here and add the user to database';}

       }///main one

      else {$error1=''; 
     $error2=''; 
         $error3=''; 
         $error4=''; 
          $error5=''; 
            $error6='';}

this is a registration validation script. in my registration form there are two email and password filelds.second fields are for confirmation.i want to check weather user typed same information in that both field.if i want to do that in this script should i use another if statement? or i should use else if? i am confused about that step...

Answer 1

add additional conditions to your second if statement. eg

if($email=='' || $email != $email2){
...

Answer 2

Just add simple checks. I wouldn't combine the check with the general password check - as I can imagine you would like to tell the user what went wrong exactly .

if ($password1 !== $password2) {
    // Add an specific error saying the passwords do not match.
}

I would replace the user of loose errors to an array like:

$aErrors = array();

if ($password1 !== $password2) {
    $aErrors[] = 'Another specific error!';
}

if (empty($password1) || empty($password2)) {
    $aErrors[] = 'Another specific error';
}

if (empty($aErrors)) {
    // Process the form!
}

Answer 3

There are lots of issues with your code.

1. You are assinging $_POST['key'] = $somevalue, while I think you mean $somevar = $_POST['key']
2. Use an array for all error messages as it'll make your life a bit easier ..
3. To compare password use something like
if ($password1 !== $password2) {
}

so.....

$errors = array();

so you'd check something like..

if ($password1 !== $password2) {
  $errors[] = 'Password dont match';
}

if(count($errors) > 0) { //if there are errors
foreach($errors as $err) {
  echo $err.' <br />';
}
} else {
// whatever you want to do if no error
}

I'll also suggest to sanitise the $_POST values before you use them in your queries. I hope it helps.

Answer 4

I think you mean to do this:

$yourname = $_POST['yourname'];
$email = $_POST['email'];
$email2 = $_POST['email2'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$country = $_POST['country'];

Second this make use of an errors array:

$errors = array();

Third use nested ifs(just a suggestion)

     if (!empty($_POST['password1'])) {
          if ($_POST['password1'] != $_POST['password2']) {
              $errors[] = '<font color="red">The 2 passwords you have entered do not match.</font>';
          } else {
              $password = $_POST['password1'];
          }
      } else {
          $errors[] = '<font color="red">Please provide a password.</font>';
      }

Answer 5

Some comments:

• You MUST sanitize input! Take a look at best method for sanitizing user input with php .
• Your assignments: Instead of "$_POST['yourname']=$yourname;" it should be "$yourname=$_POST['yourname'];".
• You're using a lot of variables for error control, and after that if all went well you simply forget the error messages in the last else block. Use some kind of array for error strings, and use it!
• Are you sure you aren't validating usernames/passwords to not contain spaces or weird characters, or emails to be valid?

Some sample code...:

// Simple sanitize function, complete it
function sanitize_input ($inputstr) {
    return trim(mysql_real_escape_string($inputstr));
}

if (isset ($_POST['Registerme']) {
    // array of error messages to report
    $error_messages = array();
    $isvalid = true;

    // Assignment 
    $yourname = sanitize_input ($_POST['yourname']);
    $email = sanitize_input ($_POST['email']);
    $email2 = sanitize_input ($_POST['email2']);
    $password = sanitize_input ($_POST['password']);
    $password2 = sanitize_input ($_POST['password2']);
    $country = sanitize_input ($_POST['country']);

    // Validation
    if (empty ($yourname)) {
        $error_messages[] = "You must provide an username";
    } 

    if (empty ($password)) {
        $error_messages[] = "You must provide a password.";
    }
    elseif ($password !== $password2) {
        $error_messages[] = "Passwords do not match.";
    }

    // Same for email, you caught the idea

    // Finally, execute mysql code if all ok
    if (empty($error_messages)) {
       // Execute mysql code
       isvalid = true;
    }
}

// After form processing, use isvalid which is false if there are errors
// and the error_messages array to report errors