ok so i have this script that validates my form, but when i enter any password (even if it is the correct # of characters) it says my password is wrong error and then exits (its only supposed to do that if the feild is less than 4 characters. then its supposed to validate the dname, and then the email but it doesent work.

heres the part of the script that validates:


/////////////////////////////////////////////////////////////////////////
// make sure passes are between 4 characters

if(strlen($password) > 3)
{
echo "";
}
else
{
echo "password is below 4 characters! please go back and try again";
exit();
}

/////////////////////////////////////////////////////////////////////////
// make sure display name is at least 1 character

if(strlen($dname) < 1)
{
echo "display name is below 1 character! please go back and try again";
exit();
}
else
{
echo "";
}

/////////////////////////////////////////////////////////////////////////
// validate date

if ($mm = 0)
{
echo "month not valid! please go back and try again";
die ();
}

if ($dd = 0)
{
echo "day not valid! please go back and try again";
die ();
}

if ($yy = 0)
{
echo "year not valid! please go back and try again";
die ();
}

/////////////////////////////////////////////////////////////////////////
// validate email

$email = $_POST['email'];
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,})$",$email)) //if email entered, verify format
{
echo "Email not valid.";
exit();
}

/////////////////////////////////////////////////////////////////////////
// make sure email hasnt already been registered


$query= "SELECT email FROM users WHERE field_name= '$email'";
$result= mysql_query($query, $db);
if (mysql_numrows($result > 0))
{
echo "";
}
else
{
echo "that email already exists! please go back and use a different email";
exit ();
}


i know its something wrong with the placement of exit();
where would i put it?

Why would you echo nothing? Is there a point to that? Try it like this:


$error = array(); // Set $error as an array

/////////////////////////////////////////////////////////////////////////
// make sure passes are between 4 characters

if(strlen($password) < 4)
{
$error[] = "password is below 4 characters! please go back and try again";
}

/////////////////////////////////////////////////////////////////////////
// make sure display name is at least 1 character

if(strlen($dname) < 1)
{
$error[] = "display name is below 1 character! please go back and try again";
}

/////////////////////////////////////////////////////////////////////////
// validate date

if (!is_numeric($mm))
{
$error[] = "month not valid! please go back and try again";
}

if (!is_numeric($dd))
{
$error[] = "day not valid! please go back and try again";
}

if (!is_numeric($yy))
{
$error[] = "year not valid! please go back and try again";
}

/////////////////////////////////////////////////////////////////////////
// validate email

$email = $_POST['email'];
if(!eregi("^[a-z0-9\.\-\_]@[a-z0-9\-\_]\.[a-z]$",$email)) //if email entered, verify format
{
$error[] = "Email not valid.";
}

/////////////////////////////////////////////////////////////////////////
// make sure email hasnt already been registered

$query= "SELECT email FROM users WHERE field_name= '$email'";
$result= mysql_query($query, $db);
if (mysql_numrows($result) > 0))
{
$error[] = "that email already exists! please go back and use a different email";
}

/////////////////////////////////////////////////////////////////////////
// Echo errors if they exist
if (sizeof($error) > 0)
{
$i = 0;
while ($i < sizeof($error)
{
echo $error[$i];
$i++;
}
}


The code you had was not very, well built.

ok, i edited some small problems in the script so here it is now:

/////////////////////////////////////////////////////////////////////////
// make sure passes are between 4 characters

if(strlen($password) < 4)
{
$error[] = "password is below 4 characters! please go back and try again";
}

/////////////////////////////////////////////////////////////////////////
// make sure display name is at least 1 character

if(strlen($dname) < 1)
{
$error[] = "display name is below 1 character! please go back and try again";
}

/////////////////////////////////////////////////////////////////////////
// validate date

if (!is_numeric($mm))
{
$error[] = "month not valid! please go back and try again";
}

if (!is_numeric($dd))
{
$error[] = "day not valid! please go back and try again";
}

if (!is_numeric($yy))
{
$error[] = "year not valid! please go back and try again";
}

/////////////////////////////////////////////////////////////////////////
// validate email

$email = $_POST['email'];
if(!eregi("^[a-z0-9\.\-\_]@[a-z0-9\-\_]\.[a-z]$",$email)) //if email entered, verify format
{
$error[] = "Email not valid.";
}

/////////////////////////////////////////////////////////////////////////
// make sure email hasnt already been registered

$query= "SELECT email FROM users WHERE field_name= '$email'";
$result= mysql_query($query, $db);
if (mysql_numrows($result) > 0)
{
$error[] = "that email already exists! please go back and use a different email";
}

/////////////////////////////////////////////////////////////////////////
// Echo errors if they exist

if (sizeof($error) > 0)
{
$i = 0;
while ($i < sizeof($error))
{
echo $error[$i];
$i++;
}
}





now, can i make it exit the script if there are any errors? because this is just a part of a long script. it posts the feilds to a db after this, so i need it to exit if there are any errors.

and also i get this warning:

Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /home/wellcany/public_html/signup2.php on line 95


heres line 95

if (mysql_numrows($result) > 0)

After echoing any error's use die()
die();

blackpepper, that is a very poor way to do it. He should put the parts that handle the data in an if conditional testing to make sure there are no errors
if (sizeof($error) = 0)
{
// Handle the data
}

That way he can continue to utilise the page for PHP. You should only kill the script if there is a problem that will result in fatal issues, like if PHP cannot find a file or if PHP cannot write to a location.

genuineskate, field_name is probably not the name of the field that contains the email addresses. Adjust your query so that it correct.

You probably want the email RE to be this:
^[a-z0-9\.\-\_]@[a-z0-9\-\_\.]\.[a-z]$
I forgot about if someone was mailing from a sub-domain. *goes back and corrects own RE's*

good point ersico thanks for correcting :D

ok, but there's still something wrong with this:

$query = "SELECT email FROM users WHERE mail= '$email'";
$result1 = mysql_query($query, $db);
if (mysql_num_rows($result1) > 0)


i get this error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wellcany/public_html/signup2.php on line 95

What is contained in $db? Make sure it is a valid connection to your database.

yes it is valid...

could you possibly show the source of it? can't solve anything without the visual problem.

Also the logic of your query
$query = "SELECT email FROM users WHERE mail= '$email'";

Does not make sense to me. You have two fields called email and mail? I think you meant:

$query = "SELECT email FROM users WHERE email= '$email'";

And in the future, make a conditional making sure the resource exists. If there is no result, there won't be a value, and you will get an error. You are expecting some queries to return no results so this is essential.

ohhhhhhhhhhhhhhhh. i cant beleive i missed that

thanks ericso!

but now theres still a problem, it shows all the errors even when everythings correct!

try it yourself:
http://www.wellcanyousing.com/signup.php

heres the new code:

<?php
/////////////////////////////////////////////////////////////////////////
//
// ***Signup Script Written By Austin Pivarnik For Wellcanyousing.com***
//
/////////////////////////////////////////////////////////////////////////

/////////////////////////////////////////////////////////////////////////
// connect to database

function SafeAddSlashes($string) {
if (!get_magic_quotes_gpc())
{
$text = mysql_escape_string($string);
}
return htmlentities($string);
}

$dbHost = 'localhost';
$dbUser = 'wellcany_admin';
$dbPass = 'mjolner';
$dbName = 'wellcany_standalone';

$db = mysql_connect("$dbHost","$dbUser","$dbPass");
if (!$db) { die('Error : ' . mysql_error()); }

$select_db = mysql_select_db($dbName,$db);
if (!$select_db) { die('Error : ' . mysql_error()); }

$error = array(); // Set $error as an array

/////////////////////////////////////////////////////////////////////////
// make sure passes are between 4 characters

if(strlen($password) < 4)
{
$error[] = "Password is below 4 characters! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// make sure display name is at least 1 character

if(strlen($dname) < 1)
{
$error[] = "Misplay name is below 1 character! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// validate date

if (!is_numeric($mm))
{
$error[] = "Month not valid! please go back and try again<br>";
}

if (!is_numeric($dd))
{
$error[] = "Day not valid! please go back and try again<br>";
}

if (!is_numeric($yy))
{
$error[] = "Year not valid! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// validate email

$email = $_POST['email'];
if(!eregi("^[a-z0-9\.\-\_]@[a-z0-9\-\_]\.[a-z]$",$email)) //if email entered, verify format
{
$error[] = "Email not valid! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// make sure email hasnt already been registered

$query = "SELECT mail FROM users WHERE mail= '$email'";
$result1 = mysql_query($query, $db);
if (mysql_num_rows($result1) > 0)
{
$error[] = "That email already exists! please go back and use a different email<br>";
}

/////////////////////////////////////////////////////////////////////////
// make sure passwords match

if ($password = $password2)
{
$error[] = "Password feilds do not match! please go back and try again<br>";
}
/////////////////////////////////////////////////////////////////////////
// Echo errors if they exist

if (sizeof($error) > 0)
{
$i = 0;
while ($i < sizeof($error))
{
echo $error[$i];
$i++;
}
}

if (sizeof($error) < 1)
{
/////////////////////////////////////////////////////////////////////////
// sha1 encrypt password

$password = sha1($pass);

/////////////////////////////////////////////////////////////////////////
// add data to database

$dname = SafeAddSlashes($_POST['$dname']);
$email = SafeAddSlashes($_POST['$email']);
$mm = SafeAddSlashes($_POST['$mm']);
$dd = SafeAddSlashes($_POST['$dd']);
$yy = SafeAddSlashes($_POST['$yy']);
$country = SafeAddSlashes($_POST['$country']);
$zip = SafeAddSlashes($_POST['$zip']);


$sql = "INSERT INTO users (pass, mail, country, zip, dname, MM, DD, YY) VALUES ('$password', '$email', '$country', '$zip', '$dname', '$mm', '$dd', '$yy')";
$result = mysql_query($sql) or die(mysql_error());
if($result)
{
echo '<p><span class="redtext">thanks for joining wellcanyousing.com! you may now click home to enter your control panel where you can edit your profile and add songs!</span></p>';
}
else
{
echo '<p><span class="redtext">Error! please try again or contact support if you continue getting an error!</span></p>';
}
}


?>

I'd take all your database information out of there bud...

You don't seem to understand how this works. You give a name to the field, and that name and its value is stored in $_POST. If your field name was password the variable you need to use is $_POST['password'].

ok fixed that, now it displays all the errors... again

heres my new code:

<?php
/////////////////////////////////////////////////////////////////////////
//

// ***Signup Script Written By Austin Pivarnik For Wellcanyousing.com***
//
/////////////////////////////////////////////////////////////////////////

/////////////////////////////////////////////////////////////////////////
// Prep variables

$dname = SafeAddSlashes($_POST['dname']);
$email = SafeAddSlashes($_POST['email']);
$mm = SafeAddSlashes($_POST['mm']);
$dd = SafeAddSlashes($_POST['dd']);
$yy = SafeAddSlashes($_POST['yy']);
$country = SafeAddSlashes($_POST['country']);
$zip = SafeAddSlashes($_POST['$zip']);
$password = SafeAddSlashes($_POST['password']);
$password2 = SafeAddSlashes($_POST['password2']);

/////////////////////////////////////////////////////////////////////////
// connect to database

function SafeAddSlashes($string) {
if (!get_magic_quotes_gpc())
{
$text = mysql_escape_string($string);
}
return htmlentities($string);
}

$dbHost = 'localhost';
$dbUser = 'wellcany_admin';
$dbPass = 'mjolner';
$dbName = 'wellcany_standalone';

$db = mysql_connect("$dbHost","$dbUser","$dbPass");
if (!$db) { die('Error : ' . mysql_error()); }

$select_db = mysql_select_db($dbName,$db);
if (!$select_db) { die('Error : ' . mysql_error()); }

$error = array(); // Set $error as an array

/////////////////////////////////////////////////////////////////////////
// make sure passes are between 4 characters

if(strlen($password) < 4)
{
$error[] = "Password is below 4 characters! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// make sure display name is at least 1 character

if(strlen($dname) < 1)
{
$error[] = "Misplay name is below 1 character! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// validate date

if (!is_numeric($mm))
{
$error[] = "Month not valid! please go back and try again<br>";
}

if (!is_numeric($dd))
{
$error[] = "Day not valid! please go back and try again<br>";
}

if (!is_numeric($yy))
{
$error[] = "Year not valid! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// validate email

$email = $_POST['email'];
if(!eregi("^[a-z0-9\.\-\_]@[a-z0-9\-\_]\.[a-z]$",$email)) //if email entered, verify format
{
$error[] = "Email not valid! please go back and try again<br>";
}

/////////////////////////////////////////////////////////////////////////
// make sure email hasnt already been registered

$query = "SELECT mail FROM users WHERE mail= '$email'";
$result1 = mysql_query($query, $db);
if (mysql_num_rows($result1) > 0)
{
$error[] = "That email already exists! please go back and use a different email<br>";
}

/////////////////////////////////////////////////////////////////////////
// make sure passwords match

if ($password = $password2)
{
$error[] = "Password feilds do not match! please go back and try again<br>";
}
/////////////////////////////////////////////////////////////////////////
// Echo errors if they exist

if (sizeof($error) > 0)
{
$i = 0;
while ($i < sizeof($error))
{
echo $error[$i];
$i++;
}
}

if (sizeof($error) < 1)
{
/////////////////////////////////////////////////////////////////////////
// sha1 encrypt password

$password = sha1($pass);

/////////////////////////////////////////////////////////////////////////
// add data to database

$sql = "INSERT INTO users (pass, mail, country, zip, dname, MM, DD, YY) VALUES ('$password', '$email', '$country', '$zip', '$dname', '$mm', '$dd', '$yy')";
$result = mysql_query($sql) or die(mysql_error());
if($result)
{
echo '<p><span class="redtext">thanks for joining wellcanyousing.com! you may now click home to enter your control panel where you can edit your profile and add songs!</span></p>';
}
else
{
echo '<p><span class="redtext">Error! please try again or contact support if you continue getting an error!</span></p>';
}
}


?>


and of course you can try it yourself here:
http://www.wellcanyousing.com/signup.php

It isn't displaying all the errors. The logic of this bit you added:
/////////////////////////////////////////////////////////////////////////
// make sure passwords match

if ($password = $password2)
{
$error[] = "Password feilds do not match! please go back and try again<br>";
}

Is wrong in two ways. First off only one = simply gives a variable a value. You are giving $password the same value as $password2, and since that is possible the condition is always true. It is also incorrect in the sense, we only want to display an error message if they do NOT equal each other. So the correct code would be:

/////////////////////////////////////////////////////////////////////////
// make sure passwords match

if ($password != $password2)
{
$error[] = "Password feilds do not match! please go back and try again<br>";
}

!= means not equal to. == means equal to, but = means equals.

phew, now it just shows the email error

anything wrong here:

$email = $_POST['$email'];
if(!eregi("^[a-z0-9\.\-\_]@[a-z0-9\-\_]\.[a-z]$",$email)) //if email entered, verify format
{
$error[] = "Email not valid! please go back and try again<br>";
}


thnkas ericso!

Just like I always forget to increase a counter, I always forget the wildcard.

^[a-z0-9\.\-\_]*@[a-z0-9\-\_]*\.[a-z]*$

phew! thanks so much ericso!

it finally works!!!!!!!!!!!11

THANKS ERICSO!

only thing u might want to change... give the default selections of Moth Day and Year a value other than 0, a letter would work.

Also you might want to use the modified RE, otherwise valid emails could be regected!
^[a-z0-9\.\-\_]*@[a-z0-9\-\_\.]*\.[a-z]*$
Now people emailing from subdomains, or people emailing from something like domain.co.uk are able to do so.