PHP check for errors in input, if no errors execute and upload

Question

I\'m currently working on a registration system and ran into some problem.
I\'ll start with pasting a simplified version of the code before:

session_start(         


        

Answer 1

Your question isn't exactly clear, nor is your code which is also incomplete (where is the form?).
You seem to be at an early stage of learning the form handling, and likely would benefit from further reading and testing before you ask specific questions.

Here are some starters:
http://en.wikipedia.org/wiki/Post/Redirect/Get
What's the best method for sanitizing user input with PHP?
The definitive guide to form-based website authentication

I'll give some info anyway, as have some free time.

For example, your first if checks if session IS set, if TRUE redirect to notLoggedIn. Are you sure this is intentional? Either they're logged in, echo message to suit, or not and so show the reg page (most sites show a login and reg on the same page, for convenience for all scenarios).

As this is a registration form, surely you meant if IS logged in then redirect to YouAreAlreadyLoggedIn?
In fact, I'd just exit a message "You are already logged in" then stop the script.

The problem is the fact that it runs everything at once and just redirects me to index.php.

That's because it has no other option, as at the end of your script after XYZ it redirects to index.php.
If you do not want it to do this then change it. Either don't redirect, handle the entire process more constructively, or exit at some point you need it to (like form errors).

How do I make sure it first of all checks if the form has been submitted before running.

I don't see a form, so don't know exactly what you are doing to advise.

Ideally you'd use the PRG (Post Redirect Get).
http://en.wikipedia.org/wiki/Post/Redirect/Get

Your Script

I've edited your script to make this an answer to the question, and tidied it up a little.

e.g. in your script, specifically at the top, you don't need the else as there's an exit() in the if. When the if returns true, the script will stop, otherwise (with or without an else) it will continue.

The code:

session_start();


if (isset($_SESSION['logged_in']))
  {
    exit('You are already logged in');
  }



if ($_SERVER["REQUEST_METHOD"] == "POST")
  {

    if ( strlen($POST['field_name']) < 4 )
      {
        exit('Minimum 4 chars required');
      }
    elseif ( strlen($POST['field_name']) > 20 )
      {
        exit('Max of 20 chars allowed');
      }
    elseif ( preg_match("/^[A-z0-9]+$/", $POST['field_name']) != 1 )
      {
        exit('Invalid chars - allowed A-z and 0-9 only');
      }
     else
      {
        // Not sure what you want here
        // If all ok (no errors above)
        // then sanatise the data and insert into DB
      }

  }

As for entering into the DB, you need much more checking and handling of the entire process before you just allow the DB stuff to run.

Not sure why you redirect to index.php. You'd then need to handle form submission results in index.php to tell user you are registered. On the form page, tell them the errors they have in the fields, or echo out the success message and what happens next (i.e. go to your account page, or (hopefully) confirm the email you sent before logging in).

As for the validation checks in the POSTed form data, it's entirely up to you what you need. But I've given you some very basic to go on. Make sure your max set in the form matches the database column allowance, or if (eg) DB varchar is set to 15 and you allow users to enter 20, the data they enter will be truncated, and they'll register, but never be able to login (or some other data will be broken, their name/username etc).