Jump to content
Larry Ullman's Book Forums

Form Validation - Registration


Recommended Posts

My registration form will not accept any name with a space, hyphen or apostrophe, such as O'Meara or Mary-Lou. The form tells me to "Please enter your first name or last name or username - whichever applies. When I take the space, hyphen, or apostrophe out then the form will submit. I am using the code from the Knowledge is Power sight.<?php // Check for a form submission:

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

 

// Check for a first name:

if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $_POST['first_name'])) {

$fn = mysqli_real_escape_string ($connect, $_POST['first_name']);

} else {

$reg_errors['first_name'] = 'Please enter your first name!';

}

 

// Check for a last name:

if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['last_name'])) {

$ln = mysqli_real_escape_string ($connect, $_POST['last_name']);

} else {

$reg_errors['last_name'] = 'Please enter your last name!';

}

 

// Check for a username:

if (preg_match ('/^[A-Z0-9]{2,30}$/i', $_POST['username'])) {

$u = mysqli_real_escape_string ($connect, $_POST['username']);

} else {

$reg_errors['username'] = 'Please enter a desired name!';

}

 

Hoping that someone can shed some light on this problem. Thanks,

 

Marie

Link to comment
Share on other sites

Thanks for posting. The form submitted and I got this in my database - O\'Toole instead of just O'Toole. I was wondering though, why the original code would be incorrect. I was thinking that I may have been missing something in another area, like the config file, or forms function file.

 

Marie

Link to comment
Share on other sites

Hello, Marie,

 

Your server probably has Magic Quotes on. Look at the escape_data() function at the bottom of page 55. It will show you both how to check that this is the case – just echo the result of if (get_magic_quotes_gpc( )) – and how to solve the problem once for all.

 

But, since you are from Canada, also note that the regular expression, as it is, won't allow for French names with diacritics, such as "Jean-François Desfossés". It only allows the English alphabet.

  • Upvote 1
Link to comment
Share on other sites

Thanks for giving me a heads up with regard to the French accents since there are plenty of French people living in English Canada and eventually I will have to do my site in French as well. I was wondering about my server because I when I tried to register under the site which is on the Larry Ullman website it worked fine.

 

Thanks very much for your help.

Link to comment
Share on other sites

  • 2 weeks later...

Hello,

 

I have examined this further and discovered that it seems it is just the apostrophes that my form does not accept. The code in the book may or may not be correct as I stated, however, when I Register within the page set up on the Knowledge is Power site within the Larry Ullman website the form there will accept a name with an apostrophe. Supposedly I am using the same code in my sample web site although my page will not accept an apostrophe. When I used the stripslashes code above it accepts it but then the backslash shows up in the database which I have discovered indicated that the code has been escaped twice. Will the slashes show up when the data is retrieved from the database? I got in contact with my server but they cannot offer php support. They have told me that magic quotes is on. The more I check into forums books etc. the more I think this should be simple, however, everything I try does not work. I cannot find anything on this in the "php manual". Thanks.

Link to comment
Share on other sites

For people wondering what the disabling part in the "php.ini" file looks like for Magic Quotes here is a copied

 

; Magic quotes are a preprocessing feature of PHP where PHP will attempt to

; escape any character sequences in GET, POST, COOKIE and ENV data which might

; otherwise corrupt data being placed in resources such as databases before

; making that data available to you. Because of character encoding issues and

; non-standard SQL implementations across many databases, it's not currently

; possible for this feature to be 100% accurate. PHP's default behavior is to

; enable the feature. We strongly recommend you use the escaping mechanisms

; designed specifically for the database your using instead of relying on this

; feature. Also note, this feature has been deprecated as of PHP 5.3.0 and is

; scheduled for removal in PHP 6.

; Default Value: On

; Development Value: Off

; Production Value: Off

; http://php.net/magic-quotes-gpc

magic_quotes_gpc = Off

 

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.

; http://php.net/magic-quotes-runtime

magic_quotes_runtime = Off

 

; Use Sybase-style magic quotes (escape ' with '' instead of \').

; http://php.net/magic-quotes-sybase

magic_quotes_sybase = Off

Link to comment
Share on other sites

Thank you for all the helpful information. I am still experimenting with different codes etc. The following did not work for me - Use Sybase-style magic quotes (escape ' with '' instead of \'). Also, it seems that it is not possible to turn Magic Quotes off at the server level so I am still playing around with escaping and stripslashes etc. Josee is right about foreign accets. The form will not accept those either. SO, back to the web site.

 

Marie

Link to comment
Share on other sites

For your forms to accept French diacritics, you just need to add them to the regular expression, like this (since the match is case insensitive, no need to add lower-case characters):

preg_match('/^[A-Z ÀÂÄÆÇÈÉÊËÎÏÔŒÙÛÜŸ\'.-]{2,20}$/i', $_POST['first_name'])

 

And if you want them to accept all European languages using the Latin alphabet, this should do it (all on one line, of course):

preg_match('/^[A-Z ÀÁÂÃÄĀĂĄÅÆÇĆĈĊČĎĐÐÈÉÊËĒĔĖĘĚĜĞĠĢĤĦÌÍÎÏĨĪĬĮİ

IJĴĶĸĹĻĽĿŁÑŃŅŇʼnŊÒÓÔÕØŌŎŐŒŔŖŘߌŜŞŠŢŤŦÙÚÛÜŨŪŬŮŰŲŴÝŸŶŹŻŽſÞð\'.-]

{2,20}$/i', $_POST['first_name'])

 

I hope this helps,

  • Upvote 1
Link to comment
Share on other sites

  • 2 weeks later...

Thank you. This does help. That is one amazing line of accents but I can't forget anyone. It is possible that I will have to set up the sites in different languages - in the furture.

 

Still working on the apostrophe problem. I set up a testing server on my machine and it works fine which is logical because I probably don't have magic quotes enabled. So, back to php.

Link to comment
Share on other sites

Okay this is what I have done that seems to work so far. The data is being entered and there are no slashes in the database.

 

I followed the advice given above for the form validation and added stripslashes before the $_POST. This allowed my form to accept the apostrophe in the name. THEN I added stripslashes to the SQL code that enteres the values into the database.

 

// Check for a first name:

if (preg_match ('/^[A-Z \'.-]{2,20}$/i', stripslashes($_POST['first_name']))) {

$fn = mysqli_real_escape_string ($connect, $_POST['first_name']);

} else {

$reg_errors['first_name'] = 'Please enter your first name!';

}

 

// Check for a last name:

if (preg_match ('/^[A-Z \'.-]{2,40}$/i', stripslashes($_POST['last_name']))) {

$ln = mysqli_real_escape_string ($connect, $_POST['last_name']);

 

$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . get_password_hash($p) . "', '" . stripslashes($fn) . "', '" . stripslashes($ln) . "', SUBDATE(NOW(), INTERVAL 1 DAY) )";

  • Upvote 1
Link to comment
Share on other sites

  • 1 month later...

Just curious about another aspect of this whole thing.

 

IF I treat this registration form in the same manner as the add_pdf file, and use this code - if (!empty($_POST['title'])) {

 

instead of - if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['organization'])) {

 

Everything seems to get entered into the data base just fine, including apostophes and other foreign characters.

 

So I am now wondering why anyone would use the preg_match code.

 

Marie

Link to comment
Share on other sites

 Share

×
×
  • Create New...