CODEWITHSUNDEEP
phpvalidationemail
Theo
Theo

Reputation: 371

email validation with php

I made a successful registration/login script which is used for android devices. I'm quite new with PHP, so please bear with me. 

<?php
   require "init.php";
   header('Content-type: application/json');

    $email = $_POST['email'];
    $user_name = $_POST['user_name'];
    $user_pass = $_POST['user_pass'];
    $msg = "Congratulations. You are now registered to the most amazing app    
    ever!";

    $passwordEncrypted = sha1($user_pass);         



    if($email && $user_name && $user_pass){

        $sql_query = "select * from user_info WHERE email  ='".mysqli_real_escape_string($con, $email)."' or user_name 
        ='".mysqli_real_escape_string($con, $user_name)."'";

        $result = mysqli_query($con, $sql_query);   

        $results = mysqli_num_rows($result);

        if ($results){
            $don = array('result' =>"fail","message"=>"Email or username exists.");
        }else{

            $sql_query = "insert into user_info values('$email','$user_name','$passwordEncrypted');";

            if(mysqli_query($con,$sql_query)){

                $don = array('result' =>"success","message"=>"Successfully registered!Well done");
                //mail($email,"Well done",$msg);
            }
        }
    }else if(!$email || (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))){


            $don = array('result' =>"fail","message"=>"Please enter a valid email");               


        }else if(!$user_name){

         $don = array('result' =>"fail","message"=>"Please enter your username");

        }else if(!$user_pass){

         $don = array('result' =>"fail","message"=>"Please enter a password");

        }
    }       

   echo json_encode($don);

 ?>

With the above code the email is not validated,and goes to the database even if the user enters theo instead of "[email protected]"

Upvotes: 1

Views: 72

Answers (2)

Topological Sort
Topological Sort

Reputation: 2898

It's conventional to do the email validation before the form is submitted, for obvious reasons: it's better to get a warning your form info is in the wrong format before submitting it and loading the next page. So people usually use Javascript for this. You can find a lot of pages on Internet on how to do this. Here's one: http://www.randomsnippets.com/2008/04/01/how-to-verify-email-format-via-javascript/

But if you're committed to doing it in PHP, Kahan's got your solution.

Upvotes: 1

Ben
Ben

Reputation: 9011

You're inserting into the database at this if statement:

if($email && $user_name && $user_pass){

This only checks if the $email variable is set, not if it is valid.

Change that line to not fire unless the $email variable is a valid email:

if($email && $user_name && $user_pass && filter_var($email, FILTER_VALIDATE_EMAIL)){

Upvotes: 1

Related Questions