I am having trouble trying too check theses two inputs uname and passwod. I can get one to work on its own but I keep getting an error when I try to pass them both back up.
<?php
// define variables and set to empty values
$usernameErr="";
$passwordErr="";
$username= "";
$password="";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["uname"]))
{
$usernameErr = " username is required <br>";
print $usernameErr;
}
else
{
$username = checkUserData($username);
}
if (empty($_POST["passwd"]))
{
$passwordErr = " password is required <br>";
print $passwordErr;
}
else
{
$password = checkUserData($password);
}
}
Here is were the problem is. I am passing down to check the data to stop attacks. I have tried multiple ways of joining them together but everything has failed.
function checkUserData($username)
{
$username = htmlspecialchars($username);
$username = trim($username);
$username = stripslashes($username);
return $username;
}
function checkUserData($password)
{
$password = htmlspecialchars($password);
$password = trim($password);
$password = stripslashes($password);
return $password;
}
I'm printing just to check it's working.
print ("welcome " .checkUserData($_POST["uname"]));
print ("welcome " .checkUserData($_POST["passwd"]));
?>
Any help would be great.
Both functions are doing the same thing so generalise them
function SanitizeData($var)
{
$var= htmlspecialchars($var);
$var= trim($var);
$var= stripslashes($var);
return $var;
}
Now in your checking process call
$username = SanitizeData($_POST["uname"]);
Or
$password = SanitizeData($_POST["passwd"]);
Although this sanitization is unnecessary at best and destructive at worst if you are going to use these fields in a query, it would be better to use a parameterized query and the PDO database extension.