Skip to main content
Code Review

Return to Answer

update spelling, formatting, punctuation
Source Link
Sᴀᴍ Onᴇᴌᴀ
Sᴀᴍ Onᴇᴌᴀ
  • 29.6k
  • 16
  • 46
  • 203

How do you put the message below the table?

How do you put the message below the table?

Now letslet's get a bit more advanced

Same thing that KIKO said, you don't need to filter your password, at the very least change the 3rd parameter in it to FILTER_UNSAFE_RAWFILTER_UNSAFE_RAW or just remove it - because you're hashing it there is no chance for a user to do anything. I know you've been taught and told several times to filter ALL inputs, this is the one and only exception to that rule. Once a password is hashed there's nothing left that PHP will mistake for code.

Should be declared before you try to use them. I'm not sure why they are at the bottom of your document, they should be at the top with all the other PHP. Not sure if you just pasted those in from an include file at the bottom just so they were there? If its a seperateseparate file just start a new code block with the little tilde's ```

I think I covered everything that you were mainly asking, like. Like I said there a lot I would personally change. Hopefully that helps though.

How do you put the message below the table?

Now lets get a bit more advanced

Same thing that KIKO said, you don't need to filter your password, at the very least change the 3rd parameter in it to FILTER_UNSAFE_RAW or just remove it - because you're hashing it there is no chance for a user to do anything. I know you've been taught and told several times to filter ALL inputs, this is the one and only exception to that rule. Once a password is hashed there's nothing left that PHP will mistake for code.

Should be declared before you try to use them. I'm not sure why they are at the bottom of your document, they should be at the top with all the other PHP. Not sure if you just pasted those in from an include file at the bottom just so they were there? If its a seperate file just start a new code block with the little tilde's ```

I think I covered everything that you were mainly asking, like I said there a lot I would personally change. Hopefully that helps though.

How do you put the message below the table?

Now let's get a bit more advanced

Same thing that KIKO said, you don't need to filter your password, at the very least change the 3rd parameter in it to FILTER_UNSAFE_RAW or just remove it - because you're hashing it there is no chance for a user to do anything. I know you've been taught and told several times to filter ALL inputs, this is the one and only exception to that rule. Once a password is hashed there's nothing left that PHP will mistake for code.

Should be declared before you try to use them. I'm not sure why they are at the bottom of your document, they should be at the top with all the other PHP. Not sure if you just pasted those in from an include file at the bottom just so they were there? If its a separate file just start a new code block with the little tilde's ```

I think I covered everything that you were mainly asking. Like I said there a lot I would personally change. Hopefully that helps though.

Source Link
sBucholtz
sBucholtz
  • 107
  • 9

To add onto KIKO's answer, you are on the right track.

Ultimately there is quite a bit you can change and there's a ton I would fix myself. But I'm not going to re-write the whole thing for you. Hopefully these pointers will help you move in the right direction.

First things first lets answer your question:

Your Question

How do you put the message below the table?

Quite easy actually. You can re-open PHP below that table and echo a variable or message. Right now you have:

if (empty($forename)) {
    echo "First name is required\n";
} else {
    $forename = fix_string($_POST["forename"]); 
}

Instead what you can do is store that error message in a variable

if (empty($forename)) {
    $error = "First name is required\n";
    // You could also unset the variable here too- Not necessary but good for memory clean up
    unset($forename);
} else {
    $forename = fix_string($_POST["forename"]); 
}

then below your table

<?php
if($error){
 echo $error
}
?>

With that you can also switch from the empty function to an exclamation mark operator

if(!$forename){
// error
}else{
// Good to go
}

Now lets get a bit more advanced

Instead of storing each error in an individual variable, create an array for errors

$err = [];

Then inside each if statement you can add that message to that array

$err[] = "Some Error";

And below your table use an iterator to get all of the values from that array

foreach($err as $key){
  echo $key;
}

Of course before you do any iteration, check to see if that array even has anything, you can achieve this by using the count function.

$num = count($err);
if ($num > 0 ){
 // Iterate
}

Session Start

First thing you have to change is where you're calling session_start take that and put it right at the very very top. In a vast majority of cases you should have it at the top before anything else. Only when using say for example an login with AJAX. But lets not get to ahead of ourselves.

Password

Same thing that KIKO said, you don't need to filter your password, at the very least change the 3rd parameter in it to FILTER_UNSAFE_RAW or just remove it - because you're hashing it there is no chance for a user to do anything. I know you've been taught and told several times to filter ALL inputs, this is the one and only exception to that rule. Once a password is hashed there's nothing left that PHP will mistake for code.

Functions

Should be declared before you try to use them. I'm not sure why they are at the bottom of your document, they should be at the top with all the other PHP. Not sure if you just pasted those in from an include file at the bottom just so they were there? If its a seperate file just start a new code block with the little tilde's ```

Finishing Up

I think I covered everything that you were mainly asking, like I said there a lot I would personally change. Hopefully that helps though.