6 Replies Latest reply on Aug 1, 2007 3:51 PM by AngryCloud

    Problem with external PHP function

    AngryCloud Level 1
      I am working on a registration page. This is the list of statements I have that must be true for the registration to succeed:

      if(isset($_POST['register']))
      {
      if($_POST['username'] != ''
      &&(strlen($_POST['username']) >= 4)
      &&(strlen($_POST['username']) <= 20)
      && alpha_numeric($_POST['username']) == TRUE
      && $_POST['password'] != ''
      &&(strlen($_POST['password']) >= 4)
      &&(strlen($_POST['password']) <= 20)
      && alpha_numeric($_POST['password']) == TRUE
      && $_POST['password2'] == $_POST['password']
      && $_POST['email'] != ''
      && valid_email($_POST['email']) == TRUE
      && $_POST['email2'] == $_POST['email']
      && $_POST['agree'] == TRUE
      && checkUnique('user_data', 'username', $_POST['username']) == TRUE
      && checkUnique('user_data', 'email', $_POST['email']) == TRUE)

      The external 'checkUnique' functions at the bottom simply don't seem to work. I am easily able to sign up with a username or email that already exists in the database.

      This is the code for the external function:

      function checkUnique($table, $field, $compared)
      {
      $query = mysql_query('SELECT '.mysql_real_escape_string($field).' FROM '.mysql_real_escape_string($table).' WHERE "'.mysql_real_escape_string($field).'" = "'.mysql_real_escape_string($compared).'"');

      if(mysql_num_rows($query)==0)
      {
      return TRUE;
      }
      else
      {
      return FALSE;
      }
      }
        • 1. Re: Problem with external PHP function
          Level 7
          AngryCloud wrote:
          > The external 'checkUnique' functions at the bottom simply don't seem to work.
          > I am easily able to sign up with a username or email that already exists in the
          > database.

          No, it won't work: you're surrounding the name of the field in quotes.
          You also need to remove magic quotes if they're enabled. Change the
          function to this:

          function checkUnique($table, $field, $compared){
          if (magic_quotes_gpc()) {
          $table = stripslashes($table);
          $field = stripslashes($field);
          $compared = stripslashes($compared);
          }
          $table = mysql_real_escape_string($table);
          $field = mysql_real_escape_string($field);
          $compared = mysql_real_escape_string($compared);

          $result = mysql_query("SELECT $field FROM $table
          WHERE $field = '$compared'");
          if(mysql_num_rows($result)==0) {
          return TRUE;
          }
          else {
          return FALSE;
          }
          }

          Of course, you also need to establish a connection to MySQL and select
          the database before you call the function.

          --
          David Powers, Adobe Community Expert
          Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
          Author, "PHP Solutions" (friends of ED)
          http://foundationphp.com/
          • 2. Problem with external PHP function
            AngryCloud Level 1
            Ok, thanks, that seemed to work. I don't completely understand all of it; I'm not that advanced in PHP yet, but I took your word for it. I just had to add 'get_' in front of 'magic_quotes_gpc'.


            One other question:

            I have a variable, '$error', that will display the error to the user if something goes wrong. For example, if the email addresses do not match, right now it will basically tell the user there is something wrong with the data they entered. I would like it to be more specific though. Is there a way to find out which of the statements (from my first post) came out false and set the $error variable accordingly, without having to make a separate if statement for each one?
            • 3. Re: Problem with external PHP function
              Level 7
              AngryCloud wrote:
              > I just had to add
              > 'get_' in front of 'magic_quotes_gpc'.

              Oops, sorry about that.

              > Is there a way to find out
              > which of the statements (from my first post) came out false and set the $error
              > variable accordingly, without having to make a separate if statement for each
              > one?

              No.

              > Also, so more than one error can be displayed at once, is it possible to add
              > text to a variable? For example, if the username was invalid, $error =
              > 'Username is invalid'. But if the email addresses also did not match, could
              > '<br />Emails do not match' be added to the variable?

              Yes. There are two ways of doing it. One is to use the combined
              concatenation operator (.=) to add something to the end of an existing
              string. You use it like this:

              $error = '';
              if ($_POST['username'] == '') {
              $error .= 'You must supply a username<br />';
              }
              if (strlen($_POST['username']) < 4 || strlen($_POST['username']) > 20 ||
              !alpha_numeric($_POST['username'])) {
              $error .= 'Username must be 4-20 characters and contain only
              letters or numbers<br />';
              }

              A more elegant way of doing it is to create an array like this:

              $error = array();
              if ($_POST['username'] == '') {
              $error[] = 'You must supply a username';
              }
              if (strlen($_POST['username']) < 4 || strlen($_POST['username']) > 20 ||
              !alpha_numeric($_POST['username'])) {
              $error[] = 'Username must be 4-20 characters and contain only
              letters or numbers';
              }

              To display the array, use this:

              if (isset($error) && !empty($error)) {
              echo '<ul>';
              foreach ($error as $item) {
              echo "<li>$item</li>";
              }
              echo '</ul>';
              }

              This displays the array as a bulleted list.

              Whichever method you use, you can test whether to insert the details in
              the database with this simple test:

              if (!$error) {
              // insert details in DB
              }

              PHP treats an empty string or empty array as false, so !$error equates
              to TRUE if no errors have been triggered.

              --
              David Powers, Adobe Community Expert
              Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
              Author, "PHP Solutions" (friends of ED)
              http://foundationphp.com/
              • 4. Re: Problem with external PHP function
                AngryCloud Level 1
                Alright, I think I registration form is just about complete now. I did find one small problem though. The form allows me to register usernames and emails that are identical to ones that are already in the database, with the exception of casing. How can I change my 'checkUnique' function to be case-insensitive?
                • 5. Re: Problem with external PHP function
                  Level 7
                  AngryCloud wrote:
                  > How can I change my 'checkUnique' function to be case-insensitive?

                  String comparisons in MySQL are case-insensitive by default. You can
                  change the function to make case-sensitive comparisons, but it's
                  case-insensitive as it stands.

                  --
                  David Powers, Adobe Community Expert
                  Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
                  Author, "PHP Solutions" (friends of ED)
                  http://foundationphp.com/
                  • 6. Re: Problem with external PHP function
                    AngryCloud Level 1
                    Oh, right... sorry about that. Apparently I made a mistake in my typing when I was putting in data. Anyway, thanks again.