Learn VBA & Macros in 1 Week!

PHP - Where & How To Do Validations

Full Excel VBA Course - Beginner to Expert

Where & How To Do Validations	View Content

Hi Guys

I'm pretty new to PHP, and I've taken on a small PHP project. My project has (among other things) a page where you can capture/edit users. This involves entering a user name and password on an HTML POST form. Upon submitting the form, the data is set to a php script that writes it to a MySQL database. My problem is this - I need to validate the data before writing it to the database. I have to check that all required fields have values, that the "Password" and "Confirm Password" fields match and that the user did not enter illegal characters (SQL injection). Where should this happen? The script can validate the data, but then I'll still need a way to send the user back to the form and repopulate it automatically with what the user had entered. I can't use GET parameters (due to having to keep the password private). One way of doing it might be to send everything except the password as GET parameters, and force the user to re-enter the password. Am I missing something here? What's the best way of doing validations?

Thanks for your input.

Cheers,
Riaan

Full Excel VBA Course - Beginner to Expert

Form Validations

Similar Tutorials

View Content

Hello!

When I fill my php form in internet explorer or firefox and click on submit, the spry validaitons will be displayed; but using google chrome or safari they are not displayed.
I tried the form using safari but on localhost, they are displayed but over the internet the form will skip to the database and will not be validated.

What could be the problem please?

Validations In Forms Are Not Working! (help)

Similar Tutorials

View Content

Php Server Side Validations

Similar Tutorials

View Content

I am doing server side validations using php and jquery.Its validating properly.But problem is the erros messages are displaying on the top of the page.I want to display side of field.All of the validations store in array.How to display errors to side of the field.

Moved: Username Validations In Php And Ajax

Similar Tutorials

View Content

This topic has been moved to Ajax Help.

http://www.phpfreaks.com/forums/index.php?topic=323416.0

Show Me How To Add Php Validations On User Inputs

Similar Tutorials

View Content

Hi,

I built this reg-login file.

Note, login.php asks for your login details. The webform (so to speak) uses SELECT sql query to check your login credentials.

The reg.php asks for your new acc details. The webform (so to speak) uses INSERT sql query to add your details to db.

I got my webform not displayed to you either as registration form or login form. It is a neutral form. It justs asks you for your email.

Then checks against db. If it exists, it assumes you existing member and login() function takes over and logs you in. Else, registration() functions takes over and registers you.

Note:

On the login(), at the end when user is logged into his member account, his personal details get displayed on screen.
I need you to check if this following line (especially) is correct or not:

if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC))

1. I want you to see if there any errors in my code that will result in malfunction or hacker sql injecting or hacking.

2. I need you to show me how to VALIDATE user input. VALIDATE email using 1). html5 & 2). php 7 email validation function plus 3.) with REGEX so nothing but email is inputted. Show me these 3 ways to check for email.

I need you to show me how to VALIDATE user password. VALIDATE password using 1). html5 & 2). php 7 & 3.) with REGEX so nothing but password (A-Z, 0-9 ONLY) is inputted. And no other chars. Show me these 3 ways to check for password.

From there, I should pick on fast from you and manage to VALIDATE username input.

I don't know how to do these above 2 so kindly teach me by showing snippet with comments so i understand your snippet.

NOTE:

I did not complete the password prompt because I have forgotten how to do it with SHA256. Can someone show me a typical example how to query for password with SHA256 or whatever the latest strong algorithm is ? Show me code with comments so I understand what you doing with your code.
I will the modify your snippet a little to suit my purpose and add it on the login().
I know I need to add the password prompt on the registration() too but you don't have to deal with that as I will complete it once I finish learning from you. You just teach me how to do it in the login() and from there I will take it on to add it on the registration().

Thank You!

<?php
	session_start();
	if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    if(!isset($_POST['email_account']) || !isset($_POST['email_service']))
    {
        $email_error = "<font color='red'>Input Email Address!</color>";
    }
    else
    {
        //Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
        $conn = mysqli_connect("localhost","root","","powerpage");
        $conn->set_charset('utf8mb4'); //Always set Charset.
        
        if($conn === false)
        {
            die("ERROR: Connection Error!. " . mysqli_connect_error());
        }
        else
        {
            //Set Parameters.
            $email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
            $_SESSION['email'] = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);//If this fails on test then replace it with above line
            echo "line 25 triggered: $email<br>";
            
            $sql_query = "SELECT COUNT(personal_email) FROM users WHERE personal_email = ?";
            $stmt = mysqli_prepare($conn,$sql_query);
            if($stmt == False)
            {
                //Close Connection.
                mysqli_close($conn);
                echo "Line 33<br>";//DELETE THIS
                die("<pre>Mysqli Prepare Failed!\n".mysqli_stmt_error($stmt)."\n$sql_query</pre>");
            }
            else
            {
                mysqli_stmt_bind_param($stmt,'s',$email);
                
                if(!mysqli_stmt_execute($stmt))
                {
                    //Close Connection.
                    mysqli_close($conn);                    
                    die("Could not mysqli_stmt_execute! Please try again later!");
                }
                
                $result = mysqli_stmt_get_result($stmt);
                
                if(mysqli_fetch_array($result, MYSQLI_NUM)[0])//WHY THIS NOT WORK UNLESS NUM ARRAY GIVEN ?
                {
                    echo "Line 57 triggered: Function login() will trigger!<br>"; //DELETE THIS
                    $_SESSION['session_type'] = 'login';
                    login();
                
                }
                else
                {
                    echo "Line 61 triggered: Function register() will trigger!<br>"; //DELETE THIS
                    $_SESSION['session_type'] = 'register';
                    register();
                }
            }
        }
    }
}
	function register()
{
    //if(!isset($_SESSION['session_type'] or $_SESSION['session_type'] != 'registration')//Nog Dog's copied & pasted line
    if(!isset($_SESSION['session_type']) || $_SESSION['session_type'] != 'register')
    {
        //Close Statement.
        mysqli_stmt_close($stmt);
        //Close Connection.
        mysqli_close($conn);
        
        die("Line 86: Could not check email! Please try again later!");
    }
    
    //$email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
    $email = $_SESSION['email'];//If this fails on test then replace it with above line
    
    //Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
    $conn = mysqli_connect("localhost","root","","powerpage");
    
    //Prepare an INSERT Statement.
    $sql_query_2 = "INSERT INTO users (personal_email) VALUES (?)";
    
    if(!$stmt_2 = mysqli_prepare($conn,$sql_query_2))
    {
        //Close Connection.
        mysqli_close($conn);
        die("Could not register! Please try again later!");
    }
    else
    {
        //Bind Variables to the Prepared Statement as parameters.
        mysqli_stmt_bind_param($stmt_2,'s',$email);
        
        //Attempt to execute the Prepared Statement.
        if(!mysqli_stmt_execute($stmt_2))
        {
            //Close Statement.
            mysqli_stmt_close($stmt_2);
            //Close Connection.
            mysqli_close($conn);
            die("Could not register! Please try again later!");
        }
        mail();
    }
}
	function login()
{
    if(!isset($_SESSION['session_type']) || $_SESSION['session_type'] != 'login')
    {
        //Close Statement.
        mysqli_stmt_close($stmt);                
        //Close Connection.
        mysqli_close($conn);
        
        die("Could not check email! Please try again later!");
    }
    
    //$email = trim($_POST["email_account"]) . '@' . trim($_POST["email_service"]);
    $email = $_SESSION['email'];//If this fails on test then replace it with above line
    
    //Connect to Database. (DB_SERVER, BD_USERNAME, DB_PASSWORD, DB_NAME).
    $conn = mysqli_connect("localhost","root","","powerpage");
    
    //Prepare a Select Statement.
    $sql_query_3 = "SELECT id,username,first_name,middle_name,surname,gender,age_range FROM users WHERE personal_email = ?";
    if(!$stmt_3 = mysqli_prepare($conn,$sql_query_3))
    {
        //Close Statement.
        mysqli_stmt_close($stmt_3);
        //Close Connection.
        mysqli_close($conn);
        
        die("Could not check email! Please try again later!");
    }
    else
    {
        //Bind Variables to the Prepared Statement as parameters.
        mysqli_stmt_bind_param($stmt_3,'s',$email);
        
        //Attempt to execute the Prepared Statement.
        if(!mysqli_stmt_execute($stmt_3))
        {
            //Close Statement.
            mysqli_stmt_close($stmt_3);
            //Close Connection.
            mysqli_close($conn);
            
            die("Could not check email! Please try again later!");
        }
        //mysqli_stmt_bind_result($stmt,$email);        
        
        $result_3 = mysqli_stmt_get_result($stmt_3);
        
        //if(mysqli_fetch_array($result_3, MYSQLI_NUM))
        
        //Fetch result row as an associative array. Since the result set contains only one row, we don't need to use the 'While loop'.
        //mysqli_stmt_fetch($stmt);//use this if you use 'mysqli_stmt_bind_result($stmt,$email).
        if($row = mysqli_fetch_array($result_3,MYSQLI_ASSOC)) //Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of 'mysqli_stmt_bind_result($stmt,$email)'.
        {
            //Retrieve Values.
            $id = $row["id"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $username = $row["username"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $first_name = $row["first_name"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $middle_name = $row["middle_name"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $surname = $row["surname"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $gender = $row["gender"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
            $age_range = $row["age_range"];//Use this if you use '$result = mysqli_stmt_get_result($stmt)' instead of //'mysqli_stmt_bind_result($stmt,$email_count)';
        
            echo "Id: $id<br>";
            echo "Username: $username<br>";
            echo "First Name: $first_name<br>";
            echo "Middle Name: $middle_name<br>";
            echo "Surname: $surname<br>";
            echo "Gender: $gender<br>";
            echo "Age Range: $age_range<br>";
            
            //Close Statement.
            mysqli_stmt_close($stmt_3);
            //Close Connection.
            mysqli_close($conn);
        }
    }
}
	//DO NOT NEED TO REDO THE HTML CODE BELOW AS WAS NOT COPY & PASTE FROM ELESEWHERE ....
?>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
<meta name="viewport" content="width=device=width, initial-scale=1">
</head>
	<body>
	<form action="" method="post">
<label for="email_account">Email:</label>
<input type="text" name="email_account" id="email_first_part" placeholder="Email Address before '@'">
<label for="email_service"><b>@</b></label>
<input type="text" name="email_service" id="email_last_part" placeholder="Email Address after '@'">
<?php if(!empty($email_error)){echo $email_error;}?>
<br>
<button type="submit" class="login_register" name="login_register">Register/Login</button>
</body>
<html>
<?php
?>