I have created a user registration form using PHP, a password must be entered and entered again to check they both match. I have my conditional checks which are run when the form is submitted, if they fail, the form is reloaded empty for the user to fill in. I wanted to do a real time check against the password, and repeatPassword fields, so if they were both entered and did not match a warning displayed instantly, not after the whole form was filled in and submitted.
I have tried doing this using only PHP, I was using JavaScript before but I want to do it all in PHP as I think it will be better and more reliable.
Here is the code I have for my form checking condition:
$firstname=$_POST['fName'];
$surname=$_POST['sName'];
$email=$_POST['emailad'];
$password= md5($_POST['password']);
$repeatpassword= md5($_POST['repeatPassword']);
$secretquestion=$_POST['sQuestion'];
$secretanswer=$_POST['sAnswer'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$address3=$_POST['address3'];
$address4=$_POST['address4'];
$city=$_POST['city'];
$postcode=$_POST['postcode'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
if(!empty($password)
&& !empty($repeatpassword)
&& !empty($firstname)
&& !empty($surname)
&& !empty($email)
&& ($repeatpassword == $password)
&& !empty($secretquestion)
&& !empty($secretanswer)
&& !empty($address1)
&& !empty($city)
&& !empty($postcode)
&& !empty($phone))
{
$reg =true;
$sql = "INSERT INTO cryptuser (firstname,surname,email,password, secretq, secreta,
address1,address2,address3,address4,city,postcode,phone,mobile)
VALUES ('$firstname','$surname','$email','$password','$secretquestion','$secretquestion',
'$address1','$address2','$address3','$address4','$city','$postcode','$phone','$mobile')";
I had code written which I deleted because it was definitely wrong, but I was trying to perform a PHP function, if the password and repeatPassword fields are not empty, check both values are the same, if they are do nothing, else display warning text.
I felt this would work, but I am still trying to get used to php being a server side language.
Any advice would be appreciated.
First off, it won't be "better and more reliable" in PHP than in Javascript. Both languages are Turing-complete and there's little you can do in one realm you can't do in the other. You're only limited by your ability as a coder.
That said, if you want to do the validation in PHP before the form is submitted, you're going to have to get the data to the server somehow. Of course, that process is much like submitting a form...
One means would be to have JS which scrapes the information from the form and makes an AJAX request to the server. If the server says "OK", then the JS sets the client location to the new page (since the server already received all the contents as part of the validation process, you shouldn't need to POST them again).
Moving on, your validation code as you've written it above is a very bad idea. See this comic for a fast-and-decent explanation why ( http://bobby-tables.com appears to be down) - imagine what the SQL query would look like if you had that as $_POST['fName'].
YES! there are casses where you want to do server side as well as client side validation though in most cases you need only do client side BEFORE submitting then client side on submit. If you need to do both before and after submit a quick google search game me this nice looking tutorial
and as always I recommend using jQuery validate which has a function to compare two passwords
PHP will only run on the server, not in the browser. Use javascript to do the client side validation. Keep your server side validation, and add SQL injection protection. If you don't know what that is, Google it and look at the mysql_escape_string() PHP function to start.