Php registration form

Beginners - Learning PHP
#1

Hello all I have been everywhere and cannot get any help I have created a registration for and its functioning and sending data to the database… however I am having issues

when I run the script it gives this error on all 5 fields
Notice: Undefined variable: confirmemailErr in C:\Program Files (x86)\Zend\Apache2\htdocs\DC\create.php on line 121

all 5 fields have same notice but if I click submit with fields empty the error clears and displays properly

this statement in my html is causing this error <?php echo $confirmemailErr;?>

now on top of that I have a query to tell me if the username is taken same for the email field it works but then stops ive been on this for about 4 days and just running in circles

[php]<?php

include_once (‘includes/db_config.php’);
include “includes/header.php”;
include “includes/footer.php”;

if (isset($_POST[‘submit’])) {

$email = $_POST['email'];
$email_confirmation = $_POST['email_confirmation'];
$soldier_name = $_POST['soldier_name'];
$birthdate = $_POST['birthdate'];
$country = $_POST['country'];
$date = date("Y-m-d H:i:s");

$emailErr = $confirmemailErr = $soldierErr = $birthdateErr = $countryErr = "";

function check_input($data, $problem = '')
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0) {
        die($problem);
    }
    return $data;
}

if (empty($_POST["email"])) {
    $emailErr = "Email is required";
} else {
    $email = check_input($_POST["email"]);
     if (! filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $emailErr = "Invalid email format";
    }
}

if (empty($_POST["email_confirmation"])) {
    $confirmemailErr = "email confirmation is required";
    
    if (isset($email, $email_confirmation) && $email != $email_confirmation)
        $confirmemailErr = "email confirmation dont match";
} else {
    $email_confirmation = check_input($_POST["email_confirmation"]);
}

if (empty($_POST["soldier_name"])) {
    $soldierErr = "Soldier Name is required";
} else {
    $soldier_name = check_input($_POST["soldier_name"]);
}

if (empty($_POST["birthdate"])) {
    $birthdateErr = "birthdate is required";
} else {
    $birthdate = check_input($_POST["birthdate"]);
}
if (empty($_POST["country"])) {
    $countryErr = "country is required";
} else {
    $country = check_input($_POST["country"]);
}

$email = mysqli_real_escape_string($connection, $email);
$soldier_name = mysqli_real_escape_string($connection, $soldier_name);
$birthdate = mysqli_real_escape_string($connection, $birthdate);
$country = mysqli_real_escape_string($connection, $country);


$query = mysqli_query($connection, "SELECT * FROM soldiers WHERE soldier_email='" . $email . "'");
if (mysqli_num_rows($query) > 0) {
    $emailErr = "email is in use";
    
    $query = mysqli_query($connection, "SELECT * FROM soldiers WHERE soldier='" . $soldier_name . "'");
    if (mysqli_num_rows($query) > 0) {
        $soldierErr = "soldier name is taken";
    }
}

$query = "INSERT INTO soldiers (soldier_email, soldier, soldier_birthdate, soldier_country, soldier_regdate)";
$query .= "VALUES('{$email}','{$soldier_name}', '{$birthdate}', '{$country}', '{$date}')";

}

?>

Register Your Soldier Name

Email address 
      <input class="form-control" type="text" id="email" name="email" value="<?php echo $email;?>"><span class="error" ><?php echo $emailErr;?></span>
    </div>
    <div class="form-group">
      <label>Confirm Email</label>
      <input class="form-control" type="text" id="email_confirmation" name="email_confirmation"><span class="error" ><?php echo $confirmemailErr;?></span>
    </div>
    <div class="form-group"><span class="status"></span>
      <label>Soldier Name</label><span id="soldier_status"></span>
      <input class="form-control" type="text" id="soldier_name" name="soldier_name" value="<?php echo $soldier_name;?>"><span class="error"><?php echo $soldierErr;?></span>
    </div>
    <div class="form-group">
      <label>Birthdate</label>
      <input class="form-control" type="text" id="birthdate" name="birthdate"><span class="error"><?php echo $birthdateErr;?></span>
    </div>
    <div class="form-group">
      <label>Country</label>       
        <select class="form-control" id="country" name="country">
        <option selected value="">Please select your country</option>
        <option value="1">Afghanistan</option>
        <option value="2">Albania</option>
        <option value="3">Algeria</option>
        <option value="4">American Samoa</option>
        <option value="5">Andorra</option>
        <option value="6">Antarctica</option>
        <option value="7">Argentina</option>
        <option value="8">Armenia</option>
        <option value="9">Aruba</option>
        <option value="10">Australia</option>
        <option value="11">Austria</option>
        <option value="12">Bahamas</option>
        <option value="13">Barbados</option>
        <option value="14">Belgium</option>
        <option value="15">Bermuda</option>
        <option value="16">Bolivia</option>
        <option value="17">Bosnia</option>
        <option value="18">Brazil</option>
        <option value="20">Cambodia</option>
        <option value="21">Canada</option>
        <option value="22">Cayman Islands</option>
        <option value="23">Chile</option>
        <option value="24">China</option>
        <option value="25">Colombia</option>
        <option value="26">Costa Rica</option>
        <option value="27">Cuba</option>
        <option value="28">Czech Republic</option>
        <option value="29">Denmark</option>
        <option value="30">Dominica</option>
        <option value="31">Dominican Republic</option>
        <option value="32">Ecuador</option>
        <option value="33">Egypt</option>
        <option value="34">El Salvador</option>
        <option value="35">England</option>
        <option value="36">Europe</option>
        <option value="37">Finland</option>
        <option value="38">France</option>
        <option value="39">Georgia</option>
        <option value="40">Germany</option>
        <option value="41">Gibraltar</option>
        <option value="42">Greece</option>
        <option value="43">Greenland</option>
        <option value="44">Hong Kong</option>
        <option value="45">Hungary</option>
        <option value="46">Iceland</option>
        <option value="47">India</option>
        <option value="48">Iran</option>
        <option value="49">Iraq</option>
        <option value="50">Ireland</option>
        <option value="51">Israel</option>
        <option value="52">Italy</option>
        <option value="53">Jamaica</option>
        <option value="54">Japan</option>
        <option value="55">Jordan</option>
        <option value="56">Kenya</option>
        <option value="57">Kuwait</option>
        <option value="58">Lebanon</option>
        <option value="59">Liberia</option>
        <option value="60">Libya</option>
        <option value="61">Malaysia</option>
        <option value="62">Mexico</option>
        <option value="63">Morocco</option>
        <option value="64">Netherlands</option>
        <option value="65">New Zealand</option>
        <option value="66">Nigeria</option>
        <option value="67">Norway</option>
        <option value="68">Pakistan</option>
        <option value="69">Palestine</option>
        <option value="70">Panama</option>
        <option value="71">Peru</option>
        <option value="72">Poland</option>
        <option value="73">Portugal</option>
        <option value="74">Puerto Rico</option>
        <option value="75">Qatar</option>
        <option value="76">Romania</option>
        <option value="77">Russia</option>
        <option value="78">Saudi arabia</option>
        <option value="79">Scotland</option>
        <option value="80">Slovakia</option>
        <option value="81">Slovenia</option>
        <option value="82">Somalia</option>
        <option value="83">South Africa</option>
        <option value="84">South Georgia</option>
        <option value="85">Spain</option>
        <option value="86">Sudan</option>
        <option value="87">Swaziland</option>
        <option value="88">Sweden</option>
        <option value="89">Switzerland</option>
        <option value="90">Syria</option>
        <option value="91">Taiwan</option>
        <option value="92">Thailand</option>
        <option value="93">Trinidad</option>
        <option value="94">Turkey</option>
        <option value="95">Ukraine</option>
        <option value="96">United Arab Emirates</option>
        <option value="97">United Kingdom</option>
        <option value="98">United States</option>
        <option value="99">Virgin Islands (British)</option>
        <option value="100">Virgin Islands (U.S.)</option>
      </select><span class="error"><?php echo $countryErr;?></span>
    </div>
    <input type="submit" name="submit" id="btn-login" class="btn btn-custom btn-lg btn-block" value="submit">
  </form>
</div>
[/php]
#2

First, use the code tags for the forum so we can read your code.

You are missing a closing curly brace.
Dont use if (isset($_POST[‘submit’])) {. There are issues with it in IE. You can look up on your onw what they are.

You have a nested if that may be a problem.

You dont use code to check if an email is in use. Set a unique constraint on the DB column and capture the error if there is one. What your doing creates a race condition where concurrent requests will say a particular email is available. The first one to insert wins while the other one either enters a duplicate or fails. Same thing with soldier name. You only need one query to check email and soldier name use.

You need to be using prepared statements.

Your function shouldnt be nested in an if. Put it outside the if ($_POST) code.

#3

I have updated it

#4

I’m new so I am not following you :frowning:

#5

I didn’t know this, what is the problem with using that function? I just hit F12 in Internet Explorer and tested on:

Microsoft Edge
Internet Explorer 10
Internet Explorer 9
Internet Explorer 8
Internet Explorer 7
Internet Explorer 5

Everything seemed fine to me…

I had a Google and they both seem to be completely different functions.

This checks if the value ‘submit’ was passed.
[PHP]
if(isset($_POST[‘submit’])) { // This way form and form logic can be adjacent to each other
// Logic
}
[/PHP]

This simply checks that something… Anything was posted.
[PHP]
if($_SERVER[‘REQUEST_METHOD’] == ‘POST’){
//Logic
}
[/PHP]

According to this anyway.

Please correct me if I’m wrong.

#6
[php]if (isset($_POST['submit'])) {[/php]

News to me as well. Does IE not post the submit value or something? Otherwise, IE would not see the code.

#7

Using the label of some submit button to determine the request method is just silly.

First off: Why on earth would you assign a name to a submit button and expect to get a value? The sole purpose of a button is that people click on it. While it’s funny that browsers will send the label (or coordinates) of the submit button along with the form data, this doesn’t make a lot of sense from a semantical standpoint.

Secondly, this approach is extremely error-prone. If somebody just renames the button, the entire form processing code suddenly breaks. WTF? The name of some stupid button should have no significance whatsoever. Actually: if a user decides to submit the data directly rather than using your form, they’ll probably exclude the submit button altogether, which again breaks the whole application. Even worse, the server will display nonsense errors (like “no data submitted”) or no errors at all, because it’s unable to distinguish between a form submission with missing data and no form submission. Good luck debugging this.

Third, this violates the principle of least surprise. What does a form submission actually mean? It means that the client has used a particular method (e. g. POST) and has sent certain data. So the straightforward solution is to simply check the method and the data.

I understand that checking submit buttons is one of those weird PHP traditions which just won’t die. But this doesn’t mean it’s valid. The PHP universe is full of bad practices and nonsense patterns which get copied and pasted around.

#8

2Tone, your thread was hijacked! LOL

So, you have a variable naming error. Most likely you spelled it wrong.
Which line is #121 that you get the error on? Post that line so we can see what is wrong with it.

I use the isset function with submit buttons all the time and never have a problem in any browser.

Pretty, often, you need many buttons on the page and many different values for them. It is not error
prone and is common practice. You don’t want a user to submit their data directly. That does not protect
your site from hackers. You always want to make sure the info came from the logged in user from your
form.

#9

In IE, run this code. Click in the input box and then hit ENTER on your keyboard. Script fails.

[php]

The if(isset($_POST['submit'])) bug demo. <?php if (isset($_POST['submit'])) { print 'Your data was processed!

This is your $_POST submission:
'; print_r($_POST); } else { print 'No data processed.

This is your $_POST submission:
'; print_r($_POST); } ?> 
  <br><br>
  <form action="<? print $_SERVER['PHP_SELF']; ?>" method="post">
     Put the cursor in this box and press the enter key:<br>
     <input type="text" name="sample" value="Some sample text.">
     <input type="submit" name="submit" value="Then the next time, click this">
  </form>
[/php]
#10

Well, I ran that page as-is and it works every time. On IE, Firefox, did not try others…

Perhaps your system needs it’s cookies or cache cleared?

#11

Are you talking about the code test I posted? It only fails in IE. Works in other browsers.

  1. Click in text box
  2. Hit enter key on keyboard.
  3. Text will still say “No data processed”

you might be confused because it has print_r($_POST); in the IF and the else. You are looking for the text either ‘Your data was processed’ or ‘No data processed’

#12

'Your data was processed in the two browser’s I tested. One was IE… Sorry could not get it to fail!

#13

A simple and elegant solution in my opinion would to use a hidden input field

for example

[php][/php]

then you could simply do this

[php]if ( isset($_POST[‘action’]) && $_POST[‘action’] === ‘entered’ ) {
/* Process form submission */
}[/php]

Of course you still need a submit button and you would had to sanitize you input, but doing this way you could have submit button be practically anything. HTH John

#14

[member=43746]ErnieAlex[/member],

What version of IE did you try? I dont think the problem is in later versions. I tested in IE8

  • Edit: Just tested in IE 10, no problem. Issue with older versions of IE.
#15

LOL, okay, IE8 is so old and doesn’t even work at most banks. Yes, it may not work in IE8.

I tried it in IE11. When the “improved” version of IE version 8 came out everyone slammed IE6… Ha!

Well, I got rid of my XP machines and IE8 a long time ago. I should have mention to you that it was tested
on IE11…

Anyway, I hope that 2Tone posts his line #121 so we can fix it for him… LOL

#16

While we are on this…
I have been a fan of if ($_POST)

But this will fail in ALL browsers under certain conditions. Run the following code as is and submit the form without checking the check box. Then un-comment the commented line and submit again without the checkbox checked

[php]<?php

var_dump($_POST);

if ($_POST)
{
echo ‘The check says: POST request’;
}
else
{
echo ‘The check says: no POST request’;
}

if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’){
//echo “
Posted!”;
}
?>

[/php]
  • The “solution” provided by Strider64 assumes a user is always going to use YOUR form to post data. In the case a user were to use cURL, his solution would also fail.

After much testing, the ONLY solution that will NEVER fail under ANY circumstances is:

if ($_SERVER[‘REQUEST_METHOD’] == ‘POST’)

I still use if ($_POST) but I use it understanding the issues mentioned and know when to not use it.

#17

The label doesn’t determine the request method, the form does that.

I’ll agree with that.

This makes no sense. Yes, I expect someone changing the name of a control to break things. Just like I expect the same thing to happen in Java, C#, or any other language.

Depends what the page is for. If there is a form, I expect it to be used. If data can be transmitted directly, what is the purpose of the form in the first place when an API would be used?

No it doesn’t. The user interacts with a button, just as they would expect to do. The user doesn’t not care about how the data is sent, just that it does something they expect it to.

Doesn’t mean that it isn’t valid either. This isn’t like .NET where you use a callback. So, if you are not using an Ajax call, you likely need to know the information.

Which is one reason PHP is looked down on.

#18

In older IE, exactly.

#19

Coding to IE standards has always possed a problem.

#20
IE standards

LOL! That is the problem, IE just never wants to be standards compliant.

echo str_rot13(“Shpx Zvpebfbsg!”);

Sponsor our Newsletter | Privacy Policy | Terms of Service