Mysql database and php - Page 3

**Redcore** · 11-12-2009, 02:45 PM

No idea, I'm not a JS guy :)

**ahmorrow** · 11-12-2009, 10:08 PM

Here ya go.

HTML Code:

function FrontPage_Form1_Validator(theForm)
{

///////////////////////////////CHANGES BEGIN HERE///////////////////////////////

/* This passes the variables in the form to the function checkForApost and
   removes the apostrophes in all variables listed below                      */
checkForApost(theForm.student_fname.value);
checkForApost(theForm.student_lname.value);
checkForApost(theForm.student_address_no.value);
checkForApost(theForm.student_student_phone.value);
checkForApost(theForm.student_street_name.value);
checkForApost(theForm.student_username.value);
checkForApost(theForm.student_password.value);
checkForApost(theForm.student_email.value);

// This is the function mentioned above.
function checkForApost(temp)
if(temp.match("'"))
{
var apost=tmp.replace("'","");
theForm.student_username.value=ne;
}

function echeck(str) {


/* DHTML email validation script. Courtesy of SmartWebby.com (http://www.smartwebby.com/dhtml/)
Frm:  ahmorrow@TSF
I know this next part isn't exactly written by me, but it works.  This "SHOULDN'T" need any changes.
*/

var at="@"
var dot="."
var lat=str.indexOf(at)
var lstr=str.length
var ldot=str.indexOf(dot)
if (str.indexOf(at)==-1){
   alert("Invalid E-mail ID")
   return false
}

if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr){
   alert("Invalid E-mail ID")
   return false
}

if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr){
    alert("Invalid E-mail ID")
    return false
}

 if (str.indexOf(at,(lat+1))!=-1){
    alert("Invalid E-mail ID")
    return false
 }

 if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot){
    alert("Invalid E-mail ID")
    return false
 }

 if (str.indexOf(dot,(lat+2))==-1){
    alert("Invalid E-mail ID")
    return false
 }
	
 if (str.indexOf(" ")!=-1){
    alert("Invalid E-mail ID")
    return false
 }

 return true					
}

function ValidateForm(){
var emailID=theForm.student_email.value;
	
if ((emailID.value==null)||(emailID.value=="")){
alert("Please Enter your Email ID")
emailID.focus()
return false
}
if (echeck(emailID.value)==false){
emailID.value=""
emailID.focus()
return false
}
return true
}

/////////////////////////////////END OF CHANGES/////////////////////////////////

if (theForm.student_fname.value == "")
{
alert("Please enter your \"First Name\" .");
theForm.student_fname.focus();
return (false);
}

if (theForm.student_fname.value.length < 3)
{
alert("Please enter at least 3 characters in the \"First Name\" field.");
theForm.student_fname.focus();
return (false);
}

if (theForm.student_fname.value.length > 20)
{
alert("Please enter at most 20 characters in the \"First Name\" field.");
theForm.student_fname.focus();
return (false);
}

if (theForm.student_lname.value == "")
{
alert("Please enter your \"Last Name\" .");
theForm.student_lname.focus();
return (false);
}

if (theForm.student_lname.value.length < 3)
{
alert("Please enter at least 3 characters in the \"Last Name\" field.");
theForm.student_lname.focus();
return (false);
}

if (theForm.student_lname.value.length > 20)
{
alert("Please enter at most 20 characters in the \"Last Name\" field.");
theForm.student_lname.focus();
return (false);
}

if (theForm.student_address_no.value == "")
{
alert("Please enter your contact \"Address\".");
theForm.student_address_no.focus();
return (false);
}

if (theForm.student_phone.value == "")
{
alert("Please enter your contact \"Phone\" number.");
theForm.student_phone.focus();
return (false);
}

if (theForm.student_street_name.value == "")
{
alert("Please enter your contact \"Phone\" number.");
theForm.student_street_name.focus();
return (false);
}

if (theForm.student_phone.value == "")
{
alert("Please enter your contact \"Phone\" number.");
theForm.student_phone.focus();
return (false);
}


if (theForm.student_phone.value.length < 7)
{
alert("Please enter at least 7 characters in the \"Phone\" field.");
theForm.student_phone.focus();
return (false);
}

if (theForm.student_phone.value.length > 10)
{
alert("Please enter at most 10 characters in the \"Phone\" field.");
theForm.student_phone.focus();
return (false);
}

if (theForm.student_email.value == "")
{
alert("Please enter your contact \"Email\" address.");
theForm.student_email.focus();
return (false);
}

if (theForm.student_username.value == "")
{
alert("Please enter your contact \"Email\" address.");
theForm.student_username.focus();
return (false);
}

if (theForm.student_password.value == "")
{
alert("Please enter your contact \"Email\" address.");
theForm.student_password.focus();
return (false);
}

if (theForm.student_password.value !== theForm.student_password2.value)
{
alert("Your password does not match");
theForm.student_password.focus();
return (false);
}

return (true);
}

randyrr · 11-13-2009, 05:10 PM

ohhhkk, i'm so sorry..

here's my register.html form with i used to the js code u supplied so i didn't post it again...

HTML Code:

<form method="post" action="php/checkuser.php" onsubmit="return FrontPage_Form1_Validator(this)">   

			 <h2 style="color:#FFFFFF">Register</h2>
			  
			  <div class="reg" style="margin-top:20px; margin-bottom: 0">
			  <ol>
				<li>
				  <label for="student_fname"> First Name<em>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</em></label>
				  <input name="student_fname" id=""/>
				</li>
				<li>
				  <label for="student_lname"> Last Name<em>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</em></label>
				  <input name="student_lname" id=""/>
				</li>
				<li>
				  <label for="student_address_no">Address No<em>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</em></label>
				  <input name="student_address_no" id=""/>
				</li>
				<li>
				  <label for="student_street_name">Street Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</label>
				  <input name="student_street_name" id=""/>
				</li>
				<li>
				  <label for="student_phone">Phone<em>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</em></label>
				  <input name="student_phone" id=""/>
				</li>
				  <li>
				  <label for="student_email">Email<em>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</em></label>
				  <input name="student_email" id=""/>
				  </li>
				  <li>
				  <label for="student_username">Username<em>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</em></label>
				  <input name="student_username" id=""/>
				  </li>
				  <li>
				  <label for="student_password">Password<em>*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</em></label>
				  <input name="student_password" type="password" id=""/>
				  </li>
				  <li>
				  <label for="student_password2">Confirm Password<em>*</em></label>
				  <input name="student_password2" type="password" id=""/>
				  </li>	
			 </ol>
					<input type="submit" value="Register" style="margin-top:30px; margin-bottom:0px;margin-left:150px;"/>
					<input type="reset" value="Reset" style="margin-top:30px; margin-bottom:0px;margin-left:0px;"/>
					</form>

and this is my checkuser.php code, which appears to be ok

PHP Code:


			


<?php





// Connect to the server            

        $db = mysql_connect("localhost", "root", "test") 

        or die("testing connection");

        echo ("connected");        



// connect to the db

        mysql_select_db("educational", $db) or

        die("cannot connect to the database");

        echo(" <br />Connection  successful<br/>");



    $formstudent_fname = $_POST['student_fname'];

    echo "</br>"; 

    $formstudent_lname = $_POST['student_lname'];

    echo "</br>"; 

    $formstudent_address_no = $_POST['student_address_no'];

    echo "</br>"; 

    $formstudent_street_name = $_POST['student_street_name'];

    echo "</br>"; 

    $formstudent_phone = $_POST['student_phone'];

    echo "</br>"; 

    $formstudent_email = $_POST['student_email'];

    echo "</br>"; 

    $formstudent_username = $_POST['student_username'];

    echo "</br>"; 

    $formstudent_password = md5($_POST['student_password']);

    echo "</br>"; 

    $formstudent_password2 = md5($_POST['student_password2']);

    echo "</br>";

    $random_key = uniqid(); //uniqid() generates a random string



//check to see if the name exists in the current event table

//$query = "SELECT student_username FROM student WHERE student_username = '$formstudent_username' // ";

$query = "SELECT student_username FROM student WHERE student_username = '" 

    . mysql_escape_string($formstudent_username). "'";



$results = mysql_query($query);

    if (!$results) die('query failed');





// this makes sure both passwords entered match

//if ($_POST['student_password'] != $_POST['student_password2']); {

//die('Your passwords did not match. ');

//}



// here we encrypt the password and add slashes if needed

$_POST['password'] = (md5($_POST['password']));

if (!get_magic_quotes_gpc()) {

$_POST['password'] = addslashes($_POST['password']);

$_POST['username'] = addslashes($_POST['username']);

}    





if (!mysql_num_rows($results) == 0) {     //exists within the table

echo "We're sorry, but this username is already taken, please try another username <a href=../register.html> Click this link to register again</a>";

//*** output the list of names within the database

mysql_close();



//possible return FALSE?



} else { //does not exist within this table, continue & add to table

$results = "INSERT INTO student (student_fname,student_lname,student_address_no,student_street_name,student_phone,student_email,student_username,student_password,student_password2,active,activekey) VALUES ('$formstudent_fname','$formstudent_lname','$formstudent_address_no','$formstudent_street_name','$formstudent_phone','$formstudent_email','$formstudent_username','$formstudent_password','$formstudent_password2',0,'$random_key')";





echo "<p>Thank you, $formstudent_fname, for registering with us, you may <a href=../login.html>login</a> now.<br /></p>";





if (!mysql_query($results)) {

echo "<p>We were unable to insert this record.<br />The error was: </p>" .



mysql_error();

mysql_close();

}

}

?>

So unfortunately, it did not check for apostrophes or correct email format :(

thanks again.....randyrr

**ahmorrow** · 11-13-2009, 05:34 PM

Thanks Randy, I'll take a look at it and see what I can do. May be a few hours, definitely by tomorrow.
[[--merged from double-post —dm01 --]]
Alright, try replacing the html file you're currently using with this. EVERYTHING. Don't try to change anything just yet. We'll work on posting it to the php file soon, but now we need to test and be sure the validation is working correctly.

HTML Code:

<html>
<head>
<script type="text/javascript">
function validateFormOnSubmit(theForm) {
var reason = "";

  reason += validateUsername(theForm.student_username);
  reason += validatePassword(theForm.student_password,theForm.student_password2);
  reason += validateEmail(theForm.student_email);
  reason += validatePhone(theForm.student_phone);
  reason += validateStNo(theForm.student_address_no);
  reason += validateStName(theForm.student_street_name);
      
  if (reason != "") {
    alert("Some fields need correction:\n" + reason);
    return false;
  }

  alert("All fields are filled correctly");
  return false;
}
function validateStNo(fld) {
    var error = "";
 
    if (fld.value.length == 0) {
        fld.style.background = 'Yellow'; 
        error = "You didn't enter a street number.\n";
    } else if (isNaN(fld.value)=true && fld.value<=1) {
        fld.style.background = 'Yellow';
        error = "Your street number is not a valid number."
    } else {
        fld.style.background = 'White';
    }
    return error;  
}
function validateStName(fld) {
    var error = "";

    if (fld.value.length == 0) {
        fld.style.background = 'Yellow';
        error = "You didn't enter a street name.\n";
    } else if (isNaN(fld.value)=false) {
        fld.style.background = 'Yellow';
        error = "Your street name should not contain numbers.";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validateUsername(fld) {
    var error = "";
    var illegalChars = /\W/; // allow letters, numbers, and underscores
 
    if (fld.value == "") {
        fld.style.background = 'Yellow'; 
        error = "You didn't enter a username.\n";
    } else if ((fld.value.length < 5) || (fld.value.length > 20)) {
        fld.style.background = 'Yellow'; 
        error = "The username needs to be between 5-20 characters.\n";
    } else if (illegalChars.test(fld.value)) {
        fld.style.background = 'Yellow'; 
        error = "The username contains illegal characters.\n";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validatePassword(fld,fld2) {
    var error = "";
    var illegalChars = /[\W_]/; // allow only letters and numbers 
 
    if (fld.value == "") {
        fld.style.background = 'Yellow';
        error = "You didn't enter a password.\n";
    } else if ((fld.value.length < 6) || (fld.value.length > 20)) {
        error = "The password must be between 6-20 characters.\n";
        fld.style.background = 'Yellow';
    } else if (illegalChars.test(fld.value)) {
        error = "The password must only contain letters and numbers.\n";
        fld.style.background = 'Yellow';
    } else if (!((fld.value.search(/(a-z)+/)) && (fld.value.search(/(0-9)+/)))) {
        error = "The password must contain at least one numeral.\n";
        fld.style.background = 'Yellow';
    } else if (fld.value !== fld2.value) {
        error = "Passwords do not match.\n";
        fld.style.background = 'Yellow';
        fld2.style.background = 'Yellow';
    } else {
        fld.style.background = 'White';
    }
   return error;
}  
function trim(s)
{
  return s.replace(/^\s+|\s+$ '');
}
function validateEmail(fld) {
    var error="";
    var tfld = trim(fld.value);                        // value of field with whitespace trimmed off
    var emailFilter = /^[^@]+@[^@.]+\.[^@]*\w\w$/ ;
    var illegalChars= /[\(\)\<\>\,\;\:\\\"\[\]]/ ;
   
    if (fld.value == "") {
        fld.style.background = 'Yellow';
        error = "You didn't enter an email address.\n";
    } else if (!emailFilter.test(tfld)) {              //test email for illegal characters
        fld.style.background = 'Yellow';
        error = "Please enter a valid email address.\n";
    } else if (fld.value.match(illegalChars)) {
        fld.style.background = 'Yellow';
        error = "The email address contains illegal characters.\n";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validatePhone(fld) {
    var error = "";
    var stripped = fld.value.replace(/[\(\)\.\-\ ]/g, '');    

   if (fld.value == "") {
        error = "You didn't enter a phone number.\n";
        fld.style.background = 'Yellow';
    } else if (isNaN(parseInt(stripped))) {
        error = "The phone number contains illegal characters.\n";
        fld.style.background = 'Yellow';
    } else if (!(stripped.length == 10)) {
        error = "The phone number is the wrong length. Make sure you included an area code.\n";
        fld.style.background = 'Yellow';
    }
    return error;
}
</script>
</head>
<body> 
<form name="myForm" onsubmit="return validateFormOnSubmit(this)" action="">
<table>
  <tbody>
  <tr>
    <td><label for="student_username">Your user name:</label></td>
    <td><input name="student_username" size="20" maxlength="20" type="text"></td>
  </tr>   
  <tr>
    <td><label for="student_password">Your password:</label></td>
    <td><input name="student_password" size="20" maxlength="20" type="password"></td>
  </tr>
  <tr>
    <td><label for="student_password2">Confirm Password:</label></td>
    <td><input name="student_password2" size="20" maxlength="20" type="password"></td>
  </tr>   
  <tr>
    <td><label for="student_email">Your email:</label></td>
    <td><input name="student_email" size="20" maxlength="20" type="text"></td>
  </tr>  
  <tr>
    <td><label for="student_phone">Your 10-digit telephone number:</label></td>
    <td><input name="student_phone" size="20" maxlength="10" type="text"></td>
  </tr>   
  <tr>
    <td><label for="student_address_no">Street Number:</label></td>
    <td><input name="student_address_no" size="20" maxlength="5" type="text"></td>
  </tr>    
  <tr>
    <td><label for="student_street_name">Street Name:</label></td>
    <td><input name="student_street_name" size="20" maxlength="20" type="text"></td>
  </tr>   
  <tr>
    <td> </td>
    <td><input name="Submit" value="Send" type="submit" ></td>
    <td> </td>
  </tr>
  </tbody>
</table>
</form> 
</body>
</html>

[[Moderator's Note: Please do not double post. Ask a member of staff to either edit your original post or to merge consecutive posts. We don't get annoyed if you ask. —dm01]]

randyrr · 11-13-2009, 08:01 PM

hey ahmorrow,

I've just tried it AS IS, but no change.... it doesn't detect nulls either, i've used FF and IE :(

thanks still though....randyrr

**ahmorrow** · 11-13-2009, 08:11 PM

It's working fine in FF3.5

randyrr · 11-18-2009, 11:27 AM

kk....

ahmorrow, i'm still checking the js, i will provide some feedback tonight...however,
Redcore,

I want to update my database by loading the values that the user entered when

registering, how can i get that to work.

randyrr

**ahmorrow** · 11-19-2009, 04:24 AM

I have no experience in PHP, but the logical thing to do would be to check if they're logged in and if they're not redirect them to that page. One page you might want to keep the redirect off of--and what might be causing the redirect error is the login page.

If you go to the login page and it checks to see if you're logged in and redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then...

You get the idea :-)

**Redcore** · 11-19-2009, 06:00 PM

^ LOL

I believe a $_SESSION variable is all you need when they login.

randyrr · 11-20-2009, 04:43 AM

a session variable to return registration form, with database values??

How do i use the session username (whether it was reg'd or not) to find the correct row in the database e.g. SEL * from users where (session_id) = $_session....o something like that

randyrr · 11-20-2009, 09:41 AM

If i Uploaded an image to a particular directory, how do i display it then, a variable, therefore if another user uploads a photo, then only his/her photo will be shown as a profile pic?

**ahmorrow** · 11-20-2009, 11:46 AM

It looks a little like this....

HTML Code:

[php]php here![/php]

randyrr · 11-20-2009, 12:21 PM

Hey ahmorrow,

i've just checked the js and it's not working....

HTML Code:

?student_username=ewqfrewfewf'&student_password=dqdf'&student_password2='''''&student_email=%3Bqfdef'&student_phone=deqdd'&student_address_no=wfefw&student_street_name=fewfewf'&Submit=Send#

as u can see everything (invalid entries) goes into the browser url...

**ahmorrow** · 11-20-2009, 12:29 PM

Sorry about that, try this one.
[quote=ahmorrow;2441961]

HTML Code:

<html>
<head>
<script type="text/javascript">
function validateFormOnSubmit(theForm) {
var reason = "";

  reason += validateUsername(theForm.student_username);
  reason += validatePassword(theForm.student_password,theForm.student_password2);
  reason += validateEmail(theForm.student_email);
  reason += validatePhone(theForm.student_phone);
  reason += validateStNo(theForm.student_address_no);
  reason += validateStName(theForm.student_street_name);
      
  if (reason != "") {
    alert("Some fields need correction:\n" + reason);
    return false;
  }

  alert("All fields are filled correctly");
  return false;
}
function validateStNo(fld) {
    var error = "";
 
    if (fld.value.length == 0) {
        fld.style.background = 'Yellow'; 
        error = "You didn't enter a street number.\n";
    } else if (isNaN(fld.value)=true && fld.value<=1) {
        fld.style.background = 'Yellow';
        error = "Your street number is not a valid number."
    } else {
        fld.style.background = 'White';
    }
    return error;  
}
function validateStName(fld) {
    var error = "";

    if (fld.value.length == 0) {
        fld.style.background = 'Yellow';
        error = "You didn't enter a street name.\n";
    } else if (isNaN(fld.value)=false) {
        fld.style.background = 'Yellow';
        error = "Your street name should not contain numbers.";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validateUsername(fld) {
    var error = "";
    var illegalChars = /\W/; // allow letters, numbers, and underscores
 
    if (fld.value == "") {
        fld.style.background = 'Yellow'; 
        error = "You didn't enter a username.\n";
    } else if ((fld.value.length < 5) || (fld.value.length > 20)) {
        fld.style.background = 'Yellow'; 
        error = "The username needs to be between 5-20 characters.\n";
    } else if (illegalChars.test(fld.value)) {
        fld.style.background = 'Yellow'; 
        error = "The username contains illegal characters.\n";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validatePassword(fld,fld2) {
    var error = "";
    var illegalChars = /[\W_]/; // allow only letters and numbers 
 
    if (fld.value == "") {
        fld.style.background = 'Yellow';
        error = "You didn't enter a password.\n";
    } else if ((fld.value.length < 6) || (fld.value.length > 20)) {
        error = "The password must be between 6-20 characters.\n";
        fld.style.background = 'Yellow';
    } else if (illegalChars.test(fld.value)) {
        error = "The password must only contain letters and numbers.\n";
        fld.style.background = 'Yellow';
    } else if (!((fld.value.search(/(a-z)+/)) && (fld.value.search(/(0-9)+/)))) {
        error = "The password must contain at least one numeral.\n";
        fld.style.background = 'Yellow';
    } else if (fld.value !== fld2.value) {
        error = "Passwords do not match.\n";
        fld.style.background = 'Yellow';
        fld2.style.background = 'Yellow';
    } else {
        fld.style.background = 'White';
    }
   return error;
}  
function trim(s)
{
  return s.replace(/^\s+|\s+$ '');
}
function validateEmail(fld) {
    var error="";
    var tfld = trim(fld.value);                        // value of field with whitespace trimmed off
    var emailFilter = /^[^@]+@[^@.]+\.[^@]*\w\w$/ ;
    var illegalChars= /[\(\)\<\>\,\;\:\\\"\[\]]/ ;
   
    if (fld.value == "") {
        fld.style.background = 'Yellow';
        error = "You didn't enter an email address.\n";
    } else if (!emailFilter.test(tfld)) {              //test email for illegal characters
        fld.style.background = 'Yellow';
        error = "Please enter a valid email address.\n";
    } else if (fld.value.match(illegalChars)) {
        fld.style.background = 'Yellow';
        error = "The email address contains illegal characters.\n";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validatePhone(fld) {
    var error = "";
    var stripped = fld.value.replace(/[\(\)\.\-\ ]/g, '');    

   if (fld.value == "") {
        error = "You didn't enter a phone number.\n";
        fld.style.background = 'Yellow';
    } else if (isNaN(parseInt(stripped))) {
        error = "The phone number contains illegal characters.\n";
        fld.style.background = 'Yellow';
    } else if (!(stripped.length == 10)) {
        error = "The phone number is the wrong length. Make sure you included an area code.\n";
        fld.style.background = 'Yellow';
    }
    return error;
}
</script>
</head>
<body>
<form method="post" action="php/checkuser.php" onsubmit="return validateFormOnSubmit(this)">   

<table>
  <tbody>
  <tr>
    <td><label for="student_username">Your user name:</label></td>
    <td><input name="student_username" size="20" maxlength="20" type="text"></td>
  </tr>   
  <tr>
    <td><label for="student_password">Your password:</label></td>
    <td><input name="student_password" size="20" maxlength="20" type="password"></td>
  </tr>
  <tr>
    <td><label for="student_password2">Confirm Password:</label></td>
    <td><input name="student_password2" size="20" maxlength="20" type="password"></td>
  </tr>   
  <tr>
    <td><label for="student_email">Your email:</label></td>
    <td><input name="student_email" size="20" maxlength="20" type="text"></td>
  </tr>  
  <tr>
    <td><label for="student_phone">Your 10-digit telephone number:</label></td>
    <td><input name="student_phone" size="20" maxlength="10" type="text"></td>
  </tr>   
  <tr>
    <td><label for="student_address_no">Street Number:</label></td>
    <td><input name="student_address_no" size="20" maxlength="5" type="text"></td>
  </tr>    
  <tr>
    <td><label for="student_street_name">Street Name:</label></td>
    <td><input name="student_street_name" size="20" maxlength="20" type="text"></td>
  </tr>   
  <tr>
    <td> </td>
    <td><input name="Submit" value="Send" type="submit" ></td>
    <td> </td>
  </tr>
  </tbody>
</table>
</form> 
</body>
</html>

**Redcore** · 11-20-2009, 04:27 PM

Quote:

Originally Posted by randyrr

How do i use the session username (whether it was reg'd or not) to find the correct row in the database e.g. SEL * from users where (session_id) = $_session....o something like that

Is this for PHP or JS? I meant for PHP.

You'd register a session variable like this (real simple):

PHP Code:


			
$_SESSION['session_id'] = $session;

Then you'd call it like this:

PHP Code:


			
mysql_query("SEL * from users where (session_id) = ".$_SESSION['session_id']."");

randyrr · 11-20-2009, 05:06 PM

[quote=ahmorrow;2452896]Sorry about that, try this one.

Quote:

Originally Posted by ahmorrow

HTML Code:

<html>
<head>
<script type="text/javascript">
function validateFormOnSubmit(theForm) {
var reason = "";

  reason += validateUsername(theForm.student_username);
  reason += validatePassword(theForm.student_password,theForm.student_password2);
  reason += validateEmail(theForm.student_email);
  reason += validatePhone(theForm.student_phone);
  reason += validateStNo(theForm.student_address_no);
  reason += validateStName(theForm.student_street_name);
      
  if (reason != "") {
    alert("Some fields need correction:\n" + reason);
    return false;
  }

  alert("All fields are filled correctly");
  return false;
}
function validateStNo(fld) {
    var error = "";
 
    if (fld.value.length == 0) {
        fld.style.background = 'Yellow'; 
        error = "You didn't enter a street number.\n";
    } else if (isNaN(fld.value)=true && fld.value<=1) {
        fld.style.background = 'Yellow';
        error = "Your street number is not a valid number."
    } else {
        fld.style.background = 'White';
    }
    return error;  
}
function validateStName(fld) {
    var error = "";

    if (fld.value.length == 0) {
        fld.style.background = 'Yellow';
        error = "You didn't enter a street name.\n";
    } else if (isNaN(fld.value)=false) {
        fld.style.background = 'Yellow';
        error = "Your street name should not contain numbers.";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validateUsername(fld) {
    var error = "";
    var illegalChars = /\W/; // allow letters, numbers, and underscores
 
    if (fld.value == "") {
        fld.style.background = 'Yellow'; 
        error = "You didn't enter a username.\n";
    } else if ((fld.value.length < 5) || (fld.value.length > 20)) {
        fld.style.background = 'Yellow'; 
        error = "The username needs to be between 5-20 characters.\n";
    } else if (illegalChars.test(fld.value)) {
        fld.style.background = 'Yellow'; 
        error = "The username contains illegal characters.\n";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validatePassword(fld,fld2) {
    var error = "";
    var illegalChars = /[\W_]/; // allow only letters and numbers 
 
    if (fld.value == "") {
        fld.style.background = 'Yellow';
        error = "You didn't enter a password.\n";
    } else if ((fld.value.length < 6) || (fld.value.length > 20)) {
        error = "The password must be between 6-20 characters.\n";
        fld.style.background = 'Yellow';
    } else if (illegalChars.test(fld.value)) {
        error = "The password must only contain letters and numbers.\n";
        fld.style.background = 'Yellow';
    } else if (!((fld.value.search(/(a-z)+/)) && (fld.value.search(/(0-9)+/)))) {
        error = "The password must contain at least one numeral.\n";
        fld.style.background = 'Yellow';
    } else if (fld.value !== fld2.value) {
        error = "Passwords do not match.\n";
        fld.style.background = 'Yellow';
        fld2.style.background = 'Yellow';
    } else {
        fld.style.background = 'White';
    }
   return error;
}  
function trim(s)
{
  return s.replace(/^\s+|\s+$ '');
}
function validateEmail(fld) {
    var error="";
    var tfld = trim(fld.value);                        // value of field with whitespace trimmed off
    var emailFilter = /^[^@]+@[^@.]+\.[^@]*\w\w$/ ;
    var illegalChars= /[\(\)\<\>\,\;\:\\\"\[\]]/ ;
   
    if (fld.value == "") {
        fld.style.background = 'Yellow';
        error = "You didn't enter an email address.\n";
    } else if (!emailFilter.test(tfld)) {              //test email for illegal characters
        fld.style.background = 'Yellow';
        error = "Please enter a valid email address.\n";
    } else if (fld.value.match(illegalChars)) {
        fld.style.background = 'Yellow';
        error = "The email address contains illegal characters.\n";
    } else {
        fld.style.background = 'White';
    }
    return error;
}
function validatePhone(fld) {
    var error = "";
    var stripped = fld.value.replace(/[\(\)\.\-\ ]/g, '');    

   if (fld.value == "") {
        error = "You didn't enter a phone number.\n";
        fld.style.background = 'Yellow';
    } else if (isNaN(parseInt(stripped))) {
        error = "The phone number contains illegal characters.\n";
        fld.style.background = 'Yellow';
    } else if (!(stripped.length == 10)) {
        error = "The phone number is the wrong length. Make sure you included an area code.\n";
        fld.style.background = 'Yellow';
    }
    return error;
}
</script>
</head>
<body>
<form method="post" action="php/checkuser.php" onsubmit="return validateFormOnSubmit(this)">   

<table>
  <tbody>
  <tr>
    <td><label for="student_username">Your user name:</label></td>
    <td><input name="student_username" size="20" maxlength="20" type="text"></td>
  </tr>   
  <tr>
    <td><label for="student_password">Your password:</label></td>
    <td><input name="student_password" size="20" maxlength="20" type="password"></td>
  </tr>
  <tr>
    <td><label for="student_password2">Confirm Password:</label></td>
    <td><input name="student_password2" size="20" maxlength="20" type="password"></td>
  </tr>   
  <tr>
    <td><label for="student_email">Your email:</label></td>
    <td><input name="student_email" size="20" maxlength="20" type="text"></td>
  </tr>  
  <tr>
    <td><label for="student_phone">Your 10-digit telephone number:</label></td>
    <td><input name="student_phone" size="20" maxlength="10" type="text"></td>
  </tr>   
  <tr>
    <td><label for="student_address_no">Street Number:</label></td>
    <td><input name="student_address_no" size="20" maxlength="5" type="text"></td>
  </tr>    
  <tr>
    <td><label for="student_street_name">Street Name:</label></td>
    <td><input name="student_street_name" size="20" maxlength="20" type="text"></td>
  </tr>   
  <tr>
    <td> </td>
    <td><input name="Submit" value="Send" type="submit" ></td>
    <td> </td>
  </tr>
  </tbody>
</table>
</form> 
</body>
</html>

This one has a post method....so i can't check the url, but nothing happens though :( ...
When I use a get method, it's still parsing nulls, apostrophes etc.

11-12-2009, 02:45 PM	#41 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 717 OS: Linux Mint 7 My System	Re: Mysql database and php No idea, I'm not a JS guy :) __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

11-13-2009, 05:10 PM	#43 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php ohhhkk, i'm so sorry.. here's my register.html form with i used to the js code u supplied so i didn't post it again... HTML Code: <form method="post" action="php/checkuser.php" onsubmit="return FrontPage_Form1_Validator(this)"> <h2 style="color:#FFFFFF">Register</h2> <div class="reg" style="margin-top:20px; margin-bottom: 0"> <ol> <li> <label for="student_fname"> First Name<em>**         </em></label> <input name="student_fname" id=""/> </li> <li> <label for="student_lname"> Last Name<em>*          *</em></label> <input name="student_lname" id=""/> </li> <li> <label for="student_address_no">Address No<em>        *</em></label> <input name="student_address_no" id=""/> </li> <li> <label for="student_street_name">Street Name *      </label> <input name="student_street_name" id=""/> </li> <li> <label for="student_phone">Phone<em>*               </em></label> <input name="student_phone" id=""/> </li> <li> <label for="student_email">Email<em>*                 </em></label> <input name="student_email" id=""/> </li> <li> <label for="student_username">Username<em>*          *</em></label> <input name="student_username" id=""/> </li> <li> <label for="student_password">Password<em>           </em></label> <input name="student_password" type="password" id=""/> </li> <li> <label for="student_password2">Confirm Password<em></em></label> <input name="student_password2" type="password" id=""/> </li> </ol> <input type="submit" value="Register" style="margin-top:30px; margin-bottom:0px;margin-left:150px;"/> <input type="reset" value="Reset" style="margin-top:30px; margin-bottom:0px;margin-left:0px;"/> </form> and this is my checkuser.php code, which appears to be ok PHP Code: <?php // Connect to the server $db = mysql_connect("localhost", "root", "test") or die("testing connection"); echo ("connected"); // connect to the db mysql_select_db("educational", $db) or die("cannot connect to the database"); echo(" <br />Connection successful<br/>"); $formstudent_fname = $_POST['student_fname']; echo "</br>"; $formstudent_lname = $_POST['student_lname']; echo "</br>"; $formstudent_address_no = $_POST['student_address_no']; echo "</br>"; $formstudent_street_name = $_POST['student_street_name']; echo "</br>"; $formstudent_phone = $_POST['student_phone']; echo "</br>"; $formstudent_email = $_POST['student_email']; echo "</br>"; $formstudent_username = $_POST['student_username']; echo "</br>"; $formstudent_password = md5($_POST['student_password']); echo "</br>"; $formstudent_password2 = md5($_POST['student_password2']); echo "</br>"; $random_key = uniqid(); //uniqid() generates a random string //check to see if the name exists in the current event table //$query = "SELECT student_username FROM student WHERE student_username = '$formstudent_username' // "; $query = "SELECT student_username FROM student WHERE student_username = '" . mysql_escape_string($formstudent_username). "'"; $results = mysql_query($query); if (!$results) die('query failed'); // this makes sure both passwords entered match //if ($_POST['student_password'] != $_POST['student_password2']); { //die('Your passwords did not match. '); //} // here we encrypt the password and add slashes if needed $_POST['password'] = (md5($_POST['password'])); if (!get_magic_quotes_gpc()) { $_POST['password'] = addslashes($_POST['password']); $_POST['username'] = addslashes($_POST['username']); } if (!mysql_num_rows($results) == 0) { //exists within the table echo "We're sorry, but this username is already taken, please try another username <a href=../register.html> Click this link to register again</a>"; //*** output the list of names within the database mysql_close(); //possible return FALSE? } else { //does not exist within this table, continue & add to table $results = "INSERT INTO student (student_fname,student_lname,student_address_no,student_street_name,student_phone,student_email,student_username,student_password,student_password2,active,activekey) VALUES ('$formstudent_fname','$formstudent_lname','$formstudent_address_no','$formstudent_street_name','$formstudent_phone','$formstudent_email','$formstudent_username','$formstudent_password','$formstudent_password2',0,'$random_key')"; echo "<p>Thank you, $formstudent_fname, for registering with us, you may <a href=../login.html>login</a> now.<br /></p>"; if (!mysql_query($results)) { echo "<p>We were unable to insert this record.<br />The error was: </p>" . mysql_error(); mysql_close(); } } ?> So unfortunately, it did not check for apostrophes or correct email format :( thanks again.....randyrr

11-13-2009, 08:01 PM	#45 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php hey ahmorrow, I've just tried it AS IS, but no change.... it doesn't detect nulls either, i've used FF and IE :( thanks still though....randyrr

11-13-2009, 08:11 PM	#46 (permalink)
ahmorrow God (TSF Enthusiast) Join Date: May 2009 Location: Jeffersonville, IN Posts: 893 OS: Ubuntu 9.10 [Karmic Koala] My System	Re: Mysql database and php It's working fine in FF3.5 __________________ If I have not responded to a post in 24 hours or more, PM me with a link to the thread and I'll get back to you. I do not help via PM/IM/Email.

11-18-2009, 11:27 AM	#47 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php kk.... ahmorrow, i'm still checking the js, i will provide some feedback tonight...however, Redcore, I want to update my database by loading the values that the user entered when registering, how can i get that to work. randyrr

11-19-2009, 04:24 AM	#48 (permalink)
ahmorrow God (TSF Enthusiast) Join Date: May 2009 Location: Jeffersonville, IN Posts: 893 OS: Ubuntu 9.10 [Karmic Koala] My System	Re: Mysql database and php I have no experience in PHP, but the logical thing to do would be to check if they're logged in and if they're not redirect them to that page. One page you might want to keep the redirect off of--and what might be causing the redirect error is the login page. If you go to the login page and it checks to see if you're logged in and redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then redirects you the login page and then checks to see if you're logged in and then... You get the idea :-) __________________ If I have not responded to a post in 24 hours or more, PM me with a link to the thread and I'll get back to you. I do not help via PM/IM/Email.

11-19-2009, 06:00 PM	#49 (permalink)
Redcore Design Team Member Join Date: Aug 2007 Location: Jamestown, CA Posts: 717 OS: Linux Mint 7 My System	Re: Mysql database and php ^ LOL I believe a $_SESSION variable is all you need when they login. __________________ Free Resources PC Protection - Comodo Firewall \| AVG Anti-Virus \| WinPatrol \| Ad-Aware \| Spybot S&D \| SpywareBlaster \| Web Design/Programming - KompoZer (Editor) \| Paint.NET (Graphic) \| GIMP+GIMPShop (Graphic) \| FileZilla (FTP Client) \| Free Hosting \|

11-20-2009, 04:43 AM	#50 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php a session variable to return registration form, with database values?? How do i use the session username (whether it was reg'd or not) to find the correct row in the database e.g. SEL * from users where (session_id) = $_session....o something like that

11-20-2009, 09:41 AM	#51 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php If i Uploaded an image to a particular directory, how do i display it then, a variable, therefore if another user uploads a photo, then only his/her photo will be shown as a profile pic?

11-20-2009, 11:46 AM	#52 (permalink)
ahmorrow God (TSF Enthusiast) Join Date: May 2009 Location: Jeffersonville, IN Posts: 893 OS: Ubuntu 9.10 [Karmic Koala] My System	Re: Mysql database and php It looks a little like this.... HTML Code: [php]php here![/php] __________________ If I have not responded to a post in 24 hours or more, PM me with a link to the thread and I'll get back to you. I do not help via PM/IM/Email.

11-20-2009, 12:21 PM	#53 (permalink)
randyrr Registered User Join Date: May 2009 Posts: 30 OS: xp sp3	Re: Mysql database and php Hey ahmorrow, i've just checked the js and it's not working.... HTML Code: ?student_username=ewqfrewfewf'&student_password=dqdf'&student_password2='''''&student_email=%3Bqfdef'&student_phone=deqdd'&student_address_no=wfefw&student_street_name=fewfewf'&Submit=Send# as u can see everything (invalid entries) goes into the browser url...