I'm trying to get some form validations to work, but my script registers a user even if the data is incorrect and doesn't validate.
Also, what should I write so it can check whether the user is already in the database and return an error if so?
For example, if I just typed "aaaa" in all text boxes, it would register the user. What should happen if a user entered incorrect data (wrong format) is an error message should appear, and it should not register until the user enters correct data. But it registers the user no matter what I enter, as if there were no validations written.
<?php
include "db.php";
// define variables and set to empty values
$nameErr = $emailErr = $genderErr = $passwordErr = $cpasswordErr = "";
$cpassword = "";
$cust_email = $cust_username = $cust_password = $cust_fullname = $cust_country = $cust_dob = $cust_gender = $cust_phone = "";
if (isset($_POST["btnsignup"])) {
//Username Validation
if (empty($_POST["txtcust_username"])) {
$nameErr = "Name is required";
} else {
$cust_username = test_input($_POST["txtcust_username"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z0-9]*$/", $cust_username)) {
$nameErr = "Only letters, numbers are allowed and no white space allowed";
}
}
//Email Validation
if (empty($_POST["txtcust_email"])) {
$emailErr = "Email is required";
} else {
$cust_email = test_input($_POST["txtcust_email"]);
// check if e-mail address is well-formed
if (!filter_var($cust_email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
//Password Validation
if (!empty($_POST["txtcust_password"]) && ($_POST["txtcust_password"] == $_POST["txtcust_cpassword"])) {
$cust_password = test_input($_POST["txtcust_password"]);
$cust_cpassword = test_input($_POST["txtcust_cpassword"]);
if (strlen($_POST["txtcust_password"]) <= '6') {
$passwordErr = "Your Password Must Contain At Least 6 Characters!";
} elseif (!preg_match("#[0-9]+#", $cust_password)) {
$passwordErr = "Your Password Must Contain At Least 1 Number!";
} elseif (!preg_match("#[A-Z]+#", $cust_password)) {
$passwordErr = "Your Password Must Contain At Least 1 Capital Letter!";
} elseif (!preg_match("#[a-z]+#", $cust_password)) {
$passwordErr = "Your Password Must Contain At Least 1 Lowercase Letter!";
}
} elseif (!empty($_POST["txtcust_password"])) {
$cpasswordErr = "Please Check You've Entered Or Confirmed Your Password!";
}
$cust_fullname = $_POST['txtcust_fullname'];
$cust_country = $_POST['txtcust_country'];
$cust_dob = $_POST['txtcust_dob'];
$cust_gender = $_POST['txtcust_gender'];
$cust_phone = $_POST['txtcust_phone'];
//Insert Into Table
$insert = "INSERT INTO customer (cust_email,cust_username,cust_password,cust_fullname,cust_country,cust_dob,cust_gender,cust_phone)
VALUES ('$cust_email','$cust_username','$cust_password','$cust_fullname','$cust_country','$cust_dob','$cust_gender','$cust_phone') ";
$run = mysqli_query($conn, $insert);
if ($run) {
setcookie("Name", $cust_username);
header("Location: home.php");
} else
echo "User has not been Add";
}
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>