0

i have made a registration from (followed e.g from w3schools.com) where they have used the $_SERVER["PHP_SELF"] in the action of form method.

$_SERVER["PHP_SELF"] this helps for validation part but it doesn't allow to insert data into db.

I have also written code for mobile no. where only numbers should be inserted but that is also not working.Please help.

 <html>
 <head>
 <title>Meeting Room Application</title>
 </head>
 <body>
 <?php
// define variables and set to empty values
$nameErr     = $emailErr     = $genderErr    = $mobErr       = $uidErr       = $pwdErr       = $roleErr  = "";
$txtname     = $gender       = $txtmob       = $txteid       = $txtuid       = $txtpwd       = $role         = "";
if($_SERVER["REQUEST_METHOD"] == "POST") {
    if(empty($_POST["txtname"])) {
        $nameErr = "Name is required";
    } else {
        $txtname = test_input($_POST["txtname"]);
        // check if name only contains letters and whitespace
        if(!preg_match("/^[a-zA-Z ]*$/", $txtname)) {
            $nameErr = "Only letters and white space allowed";
        }
    }
    if(empty($_POST["txteid"])) {
        $emailErr = "Email is required";
    } else {
        $txteid = test_input($_POST["txteid"]);
        // check if e-mail address is well-formed
        if(!filter_var($txteid, FILTER_VALIDATE_EMAIL)) {
            $emailErr = "Invalid email format";
        }
    }
    if(empty($_POST["gender"])) {
        $genderErr = "Gender is required";
    } else {
        $gender = test_input($_POST["gender"]);
    }
    if(empty($_POST["txtmob"])) {
        $mobErr = "Mobile is required";
    } else {
        $txtmob = test_input($_POST["txtmob"]);
        //check only numbers are given
        if(preg_match("/^d{10}$/", $txtmob)) {
            $mobErr = "Only numbers are allowed";
        }
    }
    if(empty($_POST["txtuid"])) {
        $uidErr = "User Id is required";
    } else {
        $txtuid = test_input($_POST["txtuid"]);
    }
    if(empty($_POST["txtpwd"])) {
        $pwdErr = "Password is required";
    } else {
        $txtpwd = test_input($_POST["txtpwd"]);
    }
    if(empty($_POST["role"])) {
        $roleErr = "Role is required";
    } else {
        $role = test_input($_POST["role"]);
    }
}

function test_input($data) {
    $data    = trim($data);
    $data    = stripslashes($data);
    $data    = htmlspecialchars($data);
    return $data;
}
?>
<table align="center" cellpadding="5" cellspacing="5">
    <tr>
        <th colspan="2"><img src="Hitech Logo1.png" alt="HiTech"></th>
    </tr>
    <tr>
        <th colspan="2"><h1>User Registration</h1></th>
</tr>
<tr>
    <td colspan="2" align="left"><font color="red">All fields are mandatory</font></td>
</tr>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
    <tr>
        <td>Full Name &nbsp; : </td>
        <td><input type="text" name="txtname" value="<?php echo $txtname ?>">&nbsp;&nbsp;&nbsp;<font color="red"><?php echo $nameErr; ?></td>
    </tr>
    <tr>
        <td>Gender &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : </td>
        <td><input type="radio" name="gender" <?php if(isset($gender) && $gender == "Male") echo "checked"; ?>  value="Male">Male
            <input type="radio" name="gender" <?php if(isset($gender) && $gender == "Female") echo "checked"; ?>  value="Female">Female
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="red"><?php echo $genderErr; ?>
        </td>
    </tr>
    <tr>
        <td>Mobile No. : (+91)</td>
        <td><input type="text" name="txtmob" maxlength="10" value="<?php echo $txtmob ?>">
            &nbsp;&nbsp;&nbsp;<font color="red"><?php echo $mobErr; ?>
        </td>
    </tr>
    <tr>
        <td>Email Id &nbsp;&nbsp;&nbsp;&nbsp; : </td>
        <td><input type="text" name="txteid" value="<?php echo $txteid ?>">
            &nbsp;&nbsp;&nbsp;<font color="red"><?php echo $emailErr; ?>
        </td>
    </tr>
    <tr>
        <td>User Id &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : </td>
        <td><input type="text" name="txtuid" value="<?php echo $txtuid ?>">
            &nbsp;&nbsp;&nbsp;<font color="red"><?php echo $uidErr; ?>
        </td>
    </tr>
    <tr>
        <td>Password &nbsp;&nbsp;&nbsp; : </td>
        <td><input type="password" name="txtpwd" value="<?php echo $txtpwd ?>">
            &nbsp;&nbsp;&nbsp;<font color="red"><?php echo $pwdErr; ?>
        </td>
    </tr>
    <tr>
        <td>Role &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : </td>
        <td><input type="radio" name="role" <?php if(isset($role) && $role == "User") echo "checked"; ?>  value="User">User
            <input type="radio" name="role" <?php if(isset($role) && $role == "Admin") echo "checked"; ?>  value="Admin">Admin
            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="red"><?php echo $roleErr; ?>
        </td>
    </tr>
    <tr>
        <td></td>
        <td><input type="submit" value="Submit" name="btnsave">
        </td>
    </tr>
</form>
</tr>
</table>
<?php
$host        = "localhost"; // Host name 
$username    = "root"; // Mysql username 
$password    = ""; // Mysql password 
$db_name     = "testmra"; // Database name 
// Connect to server and select databse.
$conn        = mysqli_connect($host, $username, $password) or die("cannot connect");
mysqli_select_db($conn, $db_name);
$name        = mysqli_real_escape_string($conn, $_POST['txtname']);
$gender      = mysqli_real_escape_string($conn, $_POST['gender']);
$mobile      = mysqli_real_escape_string($conn, $_POST['txtmob']);
$email       = mysqli_real_escape_string($conn, $_POST['txteid']);
$username    = mysqli_real_escape_string($conn, $_POST['txtuid']);
$userpass    = mysqli_real_escape_string($conn, $_POST['txtpwd']);
$role        = mysqli_real_escape_string($conn, $_POST['role']);
$res         = mysqli_query($conn, "SELECT username FROM trialusers WHERE username='$username'");
$row         = mysqli_fetch_row($res);
if($row > 0) {
    echo "Username $username has already been taken";
} else {
    $sql = "INSERT INTO newuser (name,gender,contactno,emailid,username,userpass,role)VALUES('$name','$gender','$mobile','$email','$username','$userpass','$role')";
    if(mysqli_query($conn, $sql)) {
        header("location:registration.php");
    } else {
        die('Error: Cannot connect to db');
    }
}
?>
 </body>    
 </html>
Improve this question
5
  • what error you are receiving? Commented Apr 20, 2015 at 7:21
  • PHP_SELF is not for validations. Also HTML5 input types like wise number does not work on all browsers. Use it on updated chrome browser.. Commented Apr 20, 2015 at 7:23
  • Also you are selecting from table trialusers and inserting into newuser . Commented Apr 20, 2015 at 7:24
  • you can set input type to number, or use php function : is_numeric() Commented Apr 20, 2015 at 7:26
  • What do you mean PHP_SELF doesn't allow you to insert? Commented Apr 20, 2015 at 7:29

2 Answers 2

Reset to default
1

Change the last part of your code to this:

 <?php 
if(!empty($_POST)){
 $host="localhost"; // Host name 
 $username="root"; // Mysql username 
 $password=""; // Mysql password 
 $db_name="testmra"; // Database name 
 // Connect to server and select databse.
 $conn=mysqli_connect($host,$username,$password) or die("cannot connect"); 
 mysqli_select_db($conn,$db_name);
 $name = mysqli_real_escape_string($conn, $_POST['txtname']);
 $gender = mysqli_real_escape_string($conn, $_POST['gender']);
 $mobile = mysqli_real_escape_string($conn, $_POST['txtmob']);
 $email = mysqli_real_escape_string($conn, $_POST['txteid']);
 $username = mysqli_real_escape_string($conn, $_POST['txtuid']);
 $userpass = mysqli_real_escape_string($conn, $_POST['txtpwd']);
 $role= mysqli_real_escape_string($conn, $_POST['role']);
 $res=mysqli_query($conn,"SELECT username FROM trialusers WHERE username='$username'");
 $row=mysqli_fetch_row($res);
 if($row>0)
 {
 echo "Username $username has already been taken";
 }
 else
 {
 $sql="INSERT INTO newuser (name,gender,contactno,emailid,username,userpass,role)VALUES('$name','$gender','$mobile','$email','$username','$userpass','$role')";
 if (mysqli_query($conn,$sql))
 {
 header("location:registration.php");
 }
 else
 {
 die('Error: Cannot connect to db' );
 }
 }
}
 ?>

This will trigger the data insert part only when you actually post data from the form and will remove the error you see. BTW the code you are using is outdated and use a mysql library that is deprecated. Please consider update to PDO

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, but if i don't select the radio button of gender or role it gives db error & displays the message directly "Username is already selected"
0

It is not always possible to receive a POST request on your page so keep your bottom PHP code into a condition

if ($_SERVER["REQUEST_METHOD"] == "POST")
{ 

 $host="localhost"; // Host name 
 $username="root"; // Mysql username 
 $password=""; // Mysql password 
 $db_name="testmra"; // Database name 
 // Connect to server and select databse.
 $conn=mysqli_connect($host,$username,$password) or die("cannot connect"); 
 mysqli_select_db($conn,$db_name);
 $name = mysqli_real_escape_string($conn, $_POST['txtname']);
 $gender = mysqli_real_escape_string($conn, $_POST['gender']);
 $mobile = mysqli_real_escape_string($conn, $_POST['txtmob']);
 $email = mysqli_real_escape_string($conn, $_POST['txteid']);
 $username = mysqli_real_escape_string($conn, $_POST['txtuid']);
 $userpass = mysqli_real_escape_string($conn, $_POST['txtpwd']);
 $role= mysqli_real_escape_string($conn, $_POST['role']);
 $res=mysqli_query($conn,"SELECT username FROM trialusers WHERE username='$username'");
 $row=mysqli_fetch_row($res);
 if($row>0)
 {
 echo "Username $username has already been taken";
 }
 else
 {
 $sql="INSERT INTO newuser (name,gender,contactno,emailid,username,userpass,role)VALUES('$name','$gender','$mobile','$email','$username','$userpass','$role')";
 if (mysqli_query($conn,$sql))
 {
 header("location:registration.php");
 }
 else
 {
 die('Error: Cannot connect to db' );
 }
 }
}
Improve this answer

1 Comment

Thanks for the code. But there 2 issues.1. If i leave all the fields blank the error msgs are not coming & blank data is being inserted in the db 2.If i dont select role or gender radio button theninstead of giving validation part of select gender its giving db error & displaying "Username is already selected"

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.