[clarkeash]

Hi I am creating a registration form for my website and I want any errors to be shown to the user (eg empty fields)
The code i will show on here is partly mine but also partly found from another source.

The registration page (register.php)

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>QR - Share</title>
<link rel="stylesheet" media="screen" href="css/reset.css" />
<link rel="stylesheet" media="screen" href="css/grid.css" />
<link rel="stylesheet" media="screen" href="css/style.css" />
<link rel="stylesheet" media="screen" href="css/messages.css" />
<link rel="stylesheet" media="screen" href="css/forms.css" />
<!--[if lt IE 8]>
<link rel="stylesheet" media="screen" href="css/ie.css" />
<![endif]-->
<!--[if lt IE 9]>
<script src="js/html5.js"></script>
<script src="js/PIE.js"></script>
<script src="js/IE9.js"></script>
<![endif]-->
<!-- jquerytools -->
<script type="text/javascript" src="js/jquery.tools.min.js"></script>
<script type="text/javascript" src="js/jquery.cookie.js"></script>
<script type="text/javascript" src="js/jquery.ui.min.js"></script>
<script type="text/javascript" src="js/global.js"></script>
<!-- THIS SHOULD COME LAST -->
<!--[if lt IE 9]>
<script type="text/javascript" src="js/ie.js"></script>
<![endif]-->
</head>
<body class="login">
    <div class="login-box main-content">
      <header>
          
          <h2>Create an account</h2>
      </header>
    	<section>
    		<?php
    			if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
    				
    				foreach($_SESSION['ERRMSG_ARR'] as $msg) {
    					echo $msg; 
    				}
    				
    				unset($_SESSION['ERRMSG_ARR']);
    			}
    		?>
    		<form id="form" action="register-exec.php" method="post" class="clearfix">
			<p>
		<input type="text" name="f_name"  class="large" value=""  placeholder="First Name" />
		<input type="text" name="s_name"  class="large" value="" placeholder="Last Name" /><br />
		<input type="text" name="email"  class="large" value=""  placeholder="Email Address" />
		<input type="text" name="u_name"  class="large" value=""  placeholder="Username" /><br />
        <input type="password" name="password" class="large" value=""  placeholder="Password" />
        <input type="password" name="cpassword" class="large" value=""  placeholder="Confirm Password" /><br />   <br />        
             <button class="large button button-gray fr" type="submit">Register</button>
			</p>
			</form>
    	</section>
    </div>
</body>
</html>

This is the code that should echo the error

<?php
    			if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
    				
    				foreach($_SESSION['ERRMSG_ARR'] as $msg) {
    					echo $msg; 
    				}
    				
    				unset($_SESSION['ERRMSG_ARR']);
    			}
    		?>

The validation errors should be shown due to the php
this page executes everything

<?php
	//Start a session
	session_start();
	
	//Get details of databae
	require_once('config.inc');
	
	//Array to store validation errors
	$errmsg_arr = array();
	
	//Validation error flag
	$errflag = false;
	
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
	
	//Function to sanitise values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	
	//Sanitize the POST values EDITED (changed $_POST values and added $teamid)
	$fname = clean($_POST['f_name']);
	$lname = clean($_POST['s_name']);
	$uname = clean($_POST['u_name']);
	$email = clean($_POST['email']);
	$pass = clean($_POST['password']);
	$cpass = clean($_POST['cpassword']);
	$md5pass = MD5($pass);
	
	//Input Validations EDITED (added teamid validation)
	if($fname == '') {
		$errmsg_arr[] = '<div class="message notice">Enter any letter and press Login</div>';
		$errflag = true;
	}
	//If there are input validations, redirect back to the registration form EDITED (changed location from register-form.php)
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		header("location: register.php");
		exit();
	}

	//Create INSERT query EDITED (changed sql a lot almost re-wrote)
	$qry = "INSERT INTO tbl_user (f_name, s_name, u_name, s_name, email, p_word)
	  VALUES
	  ('$fname','$lname','$uname','$lname', '$email','$md5pass')";
	$result = @mysql_query($qry);
	
	//Check whether the query was successful or not EDITED (changed location)
	if($result) {
		header("location: register.php");
		exit();
	}else {
		die("Query failed!");
	}
?>

when form submitted nothing is added to the database as expected but the error messages are not shown

I am sure i am just doing something stupid, your help would be appreciated

[codeprada]

I'm not seeing session_start() on your register.php page.

[JackOfAllTrades]

Do you have session_start() at the top of the register.php page? Also, you probably shouldn't use session_write_close() right after you've added data to the session (caveat: I am not a session expert as we use our own session management system).

From the manual page:

Quote

End the current session and store session data.

It seems that there would be no more session -- and therefore no more session data -- after that call. But again, I could be wrong here.

[clarkeash]

Yea it was the session_start() that was missing, i normally have it in the header then include() it, but wasn't using that on this page.

Cheers guys