Home arrow PHP arrow Page 4 - Building Site Registration for Web Application Security

The HTML Form continued - PHP

In this article we will be exploring the registration script of our site. This script is responsible for registering new users for the website. We will also be looking at database security; since the registration script also uses a database table, we will implement some of the concepts that we will be discussing. This article is the sixth part of an eight-part series on web application security.

  1. Building Site Registration for Web Application Security
  2. The Code Explained
  3. Username and Password
  4. The HTML Form continued
By: David Web
Rating: starstarstarstarstar / 5
October 27, 2008

print this article



The second, third and fourth elements take the email, password and confirmation password respectively:

<td><div align="left">Email</div></td>

<td><input name="email" type="text" size="40"></td>



<td><div align="left">Password</div></td>

<td><input name="pw1" type="password" size="40"></td>



<td ><div align="left">Confirm Password </div></td>

<td><input name="pw2" type="password" size="40">

Notice the hidden input; that has the name as the key. This element will act as the check point when form data is processed later on. We are using this element instead of the usual submit button because it provides a more portable way of submitting form values:

<input type="hidden" name="key" /></td>




<td> <input name="submit" type="submit"></td>



As an added layer of security and for the convenience of the user, JavaScript code is made available to ensure that all form fields are filled in:

function checkform(pform1){


alert("Please enter a username")


return false



alert("Please enter a email address")


return false



alert("Please enter a password")


return false


if(pform1.pw.value=="" && pform1.uname.value==""&& pform1.email.value==""){

alert("Please make sure that you have entered all the information that is required")

return false


return true



In the code above, the pform1 refers to the form name and the pw refers to the form field name. The same applies to the uname.value and email.value lines. The alert message is what the user will see if the form fields are empty.


In this article we looked in detail at the user registration script. In the next article we will discuss database security and also look at password management.

>>> More PHP Articles          >>> More By David Web

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: