[cbgfilms]

at the moment someone could just keep pressing submit on my form loads and spam my database, how can I make it so they have to type atleast a certain amount of characters in certains fields, and if they didnt they'd get an error message?

[BetaWar]

Well, we will need to see your code before we post some, but you may want to look into a javascript check for the form onsubmit function so that it takes a look at certain input value lengths and compares them to the amount allowed.

[cbgfilms]

BetaWar, on 16 Jul, 2008 - 01:21 PM, said:

Well, we will need to see your code before we post some, but you may want to look into a javascript check for the form onsubmit function so that it takes a look at certain input value lengths and compares them to the amount allowed.

Ok, could you possibly just simply send me the updated code with the validation techniques in, I would like the following:
Block Naughty words.
Refuse to submit if the fields are empty
Refuse to submit if the email fied does not contain an @
Require atleast 1 number in the password field.

Thanks.

FORM CODE:

<form action="insert.php" method="post">
<table width="393" height="269" border="8" align="center" cellpadding="0" cellspacing="0" bordercolor="#FFFFFF">
  <tr>
	<td width="375" height="253" bgcolor="#0033CC"><table width="397" height="240" border="0" cellpadding="0" cellspacing="0">
	  <tr>
		<td height="30"> <div align="center"><span class="style45"><span class="style37">Name</span></span></div></td>
		<td><div align="center" class="style37">:</div></td>
		<td><span class="style45">-</span>
		  <input name="name" type="text" id="name" size="35" maxlength="25" minlength="5" />
&nbsp;</td>
	  </tr>
	  <tr>
		<td width="89" height="30"><div align="center"><span class="style37"> Username</span></div></td>
		<td width="10"><div align="center" class="style37">:</div></td>
		<td width="298"><span class="style45">-</span>
			<input name="username" type="text" id="username" size="35" />
		  &nbsp;</td>
	  </tr>
	  <tr>
		<td height="30"><div align="center"><span class="style37">Password</span></div></td>
		<td><div align="center" class="style37">:</div></td>
		<td><span class="style45">-</span>
			<input name="password" type="password" id="password" size="35" />
		  &nbsp;</td>
	  </tr>
	  <tr>
		<td height="30"><div align="center"><span class="style37">Country</span></div></td>
		<td><div align="center" class="style37">:</div></td>
		<td><span class="style45">-</span>
		  <input name="country" type="text" id="country" size="35" />
&nbsp;</td>
	  </tr>
	  <tr>
		<td height="30"><div align="center"><span class="style37">Email</span></div></td>
		<td><div align="center" class="style37">:</div></td>
		<td><span class="style45">-</span>
			<input name="email" type="text" id="email" size="35" />
		  &nbsp;</td>
	  </tr>
	  <tr>
		<td height="30" valign="top"><div align="center">
			<p class="style37">Profile</p>
		</div></td>
		<td valign="top"><div align="center" class="style37"><br />:</div></td>
		<td><span class="style45">-</span>
			<textarea name="profile" cols="27" rows="8" id="profile"></textarea>
		  &nbsp;</td>
	  </tr>
	  <tr>
		<td height="30" valign="top"><div align="center"><span class="style37">CaPtChA</span></div></td>
		<td valign="top"><div align="center"><span class="style37">:</span></div></td>
		<td><p align="left" class="style45"><?php

require_once('recaptchalib.php');
$publickey = "6Ld5fAIAAAAAAJNGHh9RoXaQD0mOn6vvdEUh4-vs";
$privatekey = "6Ld5fAIAAAAAACQ5ZAY1RUzF6RYF8A8d_w9BQtzJ";

# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;

# are we submitting the page?
if ($_POST["submit"]) {
  $resp = recaptcha_check_answer ($privatekey,
								  $_SERVER["REMOTE_ADDR"],
								  $_POST["recaptcha_challenge_field"],
								  $_POST["recaptcha_response_field"]);

  if ($resp->is_valid) {
	echo "You got it!";
	# in a real application, you should send an email, create an account, etc
  } else {
	# set the error code so that we can display it. You could also use
	# die ("reCAPTCHA failed"), but using the error message is
	# more user friendly
	$error = $resp->error;
  }
}
echo recaptcha_get_html($publickey, $error);
?>
&nbsp;</p>
		  </td>
	  </tr>
	  <tr>
		<td height="30">&nbsp;</td>
		<td>&nbsp;</td>
		<td align="right"><input type="submit" />
		  &nbsp;
		  <input name="Reset" type="reset" value="Reset" />

INSERT.PHP CODE:

<?php
$con = mysql_connect("sql207.byethost17.com","b17_2102460","CENSORED");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("b17_2102460_members", $con);

$sql="INSERT INTO members (username, password, email, profile)
VALUES
('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[profile]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>

[PsychoCoder]

cbgfilms, on 16 Jul, 2008 - 02:02 PM, said:

Ok, could you possibly just simply send me the updated code with the validation techniques in, I would like the following:
Block Naughty words.
Refuse to submit if the fields are empty
Refuse to submit if the email fied does not contain an @
Require atleast 1 number in the password field.

Thanks.

Not going to happen. Here at Dream.In.Code we don't just write code for people like that, thats not what we're all about here

[Moonbat]

In the spirit of the community I won't write out the code, but I can lay it out for you.

To block naughty words, just make an array with said words, and check the input against that array.

To check if the fields are empty, just use isset().

The other things can be solved just as easily.

[BetaWar]

Quote

Not going to happen. Here at Dream.In.Code we don't just write code for people like that, thats not what we're all about here

Darn you beat me to it.

If you wanted to have someone do it for you, you could try to post this in teh "request service" forum, though that may cost you some money depending on who decides to do it.

If you try to get it yourself and are still having trouble I am sure there are people who will HELP YOU, but nobody will do it for you. You don't learn by having things done for you.

[cbgfilms]

Moonbat, on 16 Jul, 2008 - 03:52 PM, said:

In the spirit of the community I won't write out the code, but I can lay it out for you.

To block naughty words, just make an array with said words, and check the input against that array.

To check if the fields are empty, just use isset().

The other things can be solved just as easily.

Hi thanks for that, but I'm still a little bit confused.

1. Could you make an example of the array with said words, as I do not know what that means!
2. Where abouts do I put this code in my updatedetails.php page?
3. isset() could I get a example of that too.

I'm still learning and I'm finding it hard, I've been following some of the simplilest tutorials, but still struggling.

Thanks, Charlie.

EDIT:
I tried doing it, but the register form ignores it

<?php
$host="sql207.byethost17.com"; // Host name
$username="b17_2102460"; // Mysql username
$password="CENSORED"; // Mysql password
$db_name="b17_2102460_members"; // Database name
$tbl_name="members"; // Table name

$flag="OK";   // This is the flag and we set it to OK
$msg="";		// Initializing the message to hold the error messages

if(strlen($username) < 5){	// checking the length of the entered userid and it must be more than 5 character in length
$msg=$msg."( Please enter user id more than 5 character length  )<BR>";
$flag="NOTOK";   //setting the flag to error flag.
}
if(strlen($password) < 5 ){	// checking the length of the entered password and it must be more than 5 character in length
$msg=$msg."( Please enter password of more than 5 character length  )<BR>";
$flag="NOTOK";   //setting the flag to error flag.
}

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "The Login Credientials You Inputted Were Incorrect.";
}
?>

This post has been edited by cbgfilms: 16 July 2008 - 11:35 PM