Form Checking Help

@MegatronDec 12.2005

Hi guys, i’m fairly new to php so excuse my naviety. I have been following a tutorial on creating a user management system but it doesn’t have the best form checking. The only thing form checking it uses is to verify if the username/email address are already in the database. I would like to modify the code so that it only allows the user pick a username that contains english characters (no numbers or characters) and that the first name and last name can’t contain characters or numbers either.

This is the code that is currently in place

[CODE]/* Let’s do some checking and ensure that the user’s email address or username does not exist in the database */

$sql_email_check = mysql_query(“SELECT email_address FROM users WHERE email_address=’$email_address'”); $sql_username_check = mysql_query(“SELECT username FROM users WHERE username=’$username'”);

$email_check = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check);

if(($email_check > 0) || ($username_check > 0)){ echo “Please fix the following errors: <br />”; if($email_check > 0){ echo “<strong>Your email address has already been used by another member in our database. Please submit a different Email address!<br />”; unset($email_address); } if($username_check > 0){ echo “The username you have selected has already been used by another member in our database. Please choose a different Username!<br />”; unset($username); } include ‘join_form.html’; // Show the form again! exit(); // exit the script so that we do not create this account! }[/CODE]

Thanks for any forthcoming help. I’m sure its a simple enough thing to solve and it will probably be very logical for me to follow but i have no previous php experience so i’m at a bit of a loss at the moment. Thanks

to post a comment

PHP

25 Comments(s) _↴

@chazzyDec 12.2005 — #use the function ctype_alpha($username) to check it.

http://php.net/manual/en/function.ctype-alpha.php

@MegatronauthorDec 12.2005 — #thanks,so would the code be something like

[CODE]if((cytype_alpha(username_check) {
 echo "the username you have selected can not contain irregualar characters <br />";
 unset($username);[/CODE]

@bokehDec 12.2005 — #use the function ctype_alpha($username) to check it.

http://php.net/manual/en/function.ctype-alpha.php[/QUOTE]If you use that function you will also want to check the length of the username/password.

[code=php]$min_length = 5;
 $max_length = 15;
 $length = strlen($username);
 if(($min_length <= $length) and ($length <= $max_length)){
 // length OK
 }else{
 // length not ok
 }[/code]

@chazzyDec 12.2005 — #thanks,so would the code be something like

[CODE]if((cytype_alpha(username_check) {
 echo "the username you have selected can not contain irregualar characters <br />";
 unset($username);[/CODE]

?[/QUOTE]

you would need the negation so

[code=php]
 if(!ctype_alpha($username)){
 echo "the username you have selected contains invalid characters.  Please only use a-z, A-Z."
 }
 [/code]

you're also going to want to check for null cases as well, for required fields.

@MegatronauthorDec 13.2005 — #If you use that function you will also want to check the length of the username/password.

[code=php]$min_length = 5;
 $max_length = 15;
 $length = strlen($username);
 if(($min_length <= $length) and ($length <= $max_length)){
 // length OK
 }else{
 // length not ok
 }[/code]

[/QUOTE]

i'm not to sure where that code would go! (i'm a php beginner)...but could i do something along these lines...

[code=php]if(!$last_name <5){
 echo "wrong amount of characters.<br />";
 }[/code]

@chazzyDec 13.2005 — #well you can have something simple like this:

[code=php]
 $first = $_POST['first_name'];
 $last = $_POST['last_name'];
 $user = $_POST['username'];
 if(!(ctype_alpha($user)) || ($user == "") || ($user == NULL) || (strlen($user) < 5) || (strlen($user) > 15)){
 printf("You have an invalid username.  It must be between 5 and 15 characters and can only contains letters a-zA-Z.");
 }
 [/code]

You really can't put any restrictions on their first or last name, other than alphabet + a single quote. Bob is a valid last name. Ao is one as well. They also up much further than 15 characters.

@MegatronauthorDec 13.2005 — #oh yeah! sorry, that restriction is only for the username. I'll give that code a go and see what happens. Thanks for your help

@NogDogDec 13.2005 — #Another way to do it:

[code=php]
 if(!preg_match('/^[a-z]{5,15}$/i', $username))
 {
 # invalid user name, echo error message or whatever here
 }
 else
 {
 # user name is valid, continue processing....
 }
 [/code]

@chazzyDec 13.2005 — #mind explain what the regular expression means, for those like me who have very little knowledge of regex, nogdog?

@NogDogDec 13.2005 — #

<i>
 </i>/      start of regexp
 ^      start of string
 [a-z]  any character from a-z
 {5,15} 5-15 occurences of the preceding character
 $      end of string
 /      end of regexp
 i      case-insensitive flag

@MegatronauthorDec 13.2005 — #mmm, i'm encountering a syntax error with that code chazzy. Here is the revised code i have which includes your code..

[code=php]<?
 
 include 'db.php';
 
 $first_name = $_POST['first_name'];
 $last_name = $_POST['last_name'];
 $email_address = $_POST['email_address'];
 $username = $_POST['username'];
 $info = $_POST['info'];
 
 
 
 $first_name = stripslashes($first_name);
 $last_name = stripslashes($last_name);
 $email_address = stripslashes($email_address);
 $username = stripslashes($username);
 $info = stripslashes($info);
 $cytpe_alpha = stripslashes($cytpe_alpha); 
 
 
 /* Do some error checking on the form posted fields */
 
 if((!$first_name) || (!$last_name) || (!$email_address) || (!$username)){
 echo 'You did not submit the following required information! <br />';
 if(!$first_name){
 echo "First Name is a required field. Please enter it below.<br />";
 }
 if(!$last_name){
 echo "Last Name is a required field. Please enter it below.<br />";
 }
 if(!$email_address){
 echo "Email Address is a required field. Please enter it below.<br />";
 }
 if(!$username){
 echo "Desired Username is a required field. Please enter it below.<br />";
 }
 
  if(!(ctype_alpha($username)) || ($username == "") || ($username == NULL) || (strlen($username) < 5) || (strlen($username) >)){
   echo "You have an invalid username.  It must be between 5 and 15 characters and can only contains letters a-zA-Z.<br />";
  } 
 [/code]

the error is coming back saying that there is an extra ) in the code. But i have altered the code and taken out certain ) which i tought may have been causing a problem but i haven't managed to solve it

@chazzyDec 13.2005 — #you forgot the number 15 (assuming you want the length to be 15...)

[code=php]
 ... || (strlen($username) >15)){ ...
 [/code]

@MegatronauthorDec 13.2005 — #cheers.I added 15 before the > , but now i receive a T_LNUMBER error on the same line (40), do you have any idea what that may be. Thanks for all your help btw, appriciate it.

@chazzyDec 13.2005 — #so your script now reads

[code=php]
 ... || (strlen($username) 15>)){ ...
 [/code]

?

just copy what i wrote in the previous post, it's the solution.

strlen() returns a number with the length of the string passed in. you want to be compared to 15. it's like algebra, num1 > num2

@MegatronauthorDec 13.2005 — #yes this is the code i have

[code=php]if(!(ctype_alpha($username)) || ($username == "") || ($username == NULL) || (strlen($username) < 5) || (strlen($username) 15 >)){
 echo "You have an invalid username.  It must be between 5 and 15 characters and can only contains letters a-zA-Z.<br />";
 } [/code]

and i still get the T_LNUMBER error on line 40.

@NogDogDec 13.2005 — #

[code=php]
 (strlen($username) 15 >)
 
 # should be:
 
 (strlen($username) > 15)
 [/code]

@MegatronauthorDec 13.2005 — #

[code=php]
 (strlen($username) 15 >)
 
 # should be:
 
 (strlen($username) > 15)
 [/code]

[/QUOTE]

am i required to declare the function ctype_alpha prehand because i am now getting an error stating that there has been a call to a undefined function ctype_alpha()

@NogDogDec 13.2005 — #Check the requirements info at http://www.php.net/manual/en/ref.ctype.php for the ctype library. Depending on which version of PHP you are using and how it was configured, those functions may not be available.

@chazzyDec 13.2005 — #if that's the case, then you should switch to the solution given by NogDog on the previous page using the regular expression.

[code=php]
 if(!preg_match('/^[a-z]{5,15}$/i', $username)){
 //this replaces your min length, max length and alphabet only restrictions.
 [/code]

@MegatronauthorDec 13.2005 — #if that's the case, then you should switch to the solution given by NogDog on the previous page using the regular expression.
[/QUOTE]

yes, the code is compiling now. But for some reason it's not having its desired effect. I.E. users can still sign up with a username such as $%3 which contains invalid characters and one character less than the required minimum. Is there any futher modifications i need to do or do i need to declare anything new.

(thanks to every one who helped as well, i'm almost finished with the questions ? )

@MegatronauthorDec 14.2005 — #i have managed to get the script working properly.

i just have a simple preg_match question now. At the moment i have

[code=php]if(!preg_match("/[^a-zA-Z0-9.-ßäÄüÜöÖ ]+$/s",$first_name)) return TRUE;
 else return FALSE;
 }[/code]

which is preventing users signing up with the name £%£^{^£^{^....what}} do i need to add to that to prevent users signing up with 35£%£^{^£} ?

@chazzyDec 14.2005 — #take out the "0-9" from preg_match to remove #'s from the first name.

@bokehDec 14.2005 — #[B][^{^a-zA-Z0-9.-ßäÄüÜöÖ} ]+$[/B]

That regex is gobbledygook. First you don't need to escape anything in a character class (except, of course, the escape character), second your regex reads: [I]don't match any target string that terminates with one or more of the characters within the character class[/I]. Is that really what you wanted?

@MegatronauthorDec 14.2005 — #so the correct code would be

[code=php]
 function check_first_name($first_name){
 return !preg_match("/[^A-Za-z0-9]/",$first_name));
 } 
 [/code]

????

@bokehDec 14.2005 — #First of all I for one have never seen a first name that contained numbers.

Secondly your regex is wrong. [B]/[^{^A-Za-z0-9]/}[/B] Let's take a look at that:

[B]/[/B] string delimiter

[B][ [/B] open character class

[B]^{^}[/B] don't match any of the characters in this character class

[B]A-Za-z0-9[/B]These are the characters that are not to be matched

[B]][/B] close character class

[B]/[/B] string delimiter

Why don't you want to use the regex provided by Nogdog [B]/^{^[a-z]{5,15}$/i}[/B] It would be perfect for this. Just customise the min and max length to you application.

Also is there any need to make this into a function. You are not saving anything. Your function just contains a ready made php function. Are you trying to re-invent the wheel.

Also in #PHP _↴

Success!

Help @Megatron spread the word by sharing this article on Twitter...

Tweet This

Form Checking Help

25 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Form Checking Help

25 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

25 Comments(s) _↴

Also in #PHP _↴