The Code - PHP

The script first checks to see if the form has been submitted:

if(isset($_POST['key'])){

If the form has been submitted, the form data is filtered. The process of filtering starts by checking to see if the submitted form data actually contains any values:

//1. Check if form fields are filled in

if(!filledin($_POST)){

//print "Please enter your username and email.";

$errmsg=”Please make sure that all required form fields are filled in”;

$error=true;

}

Next, the type of data is tested. We expect only string values for the name and email values. So we check the data type by using the is_numeric() function of PHP. This function checks to see if the value that it is fed is a number:

//check that the username and email address is string

if( is_numeric($_POST['name']) && (is_numeric($_POST['email]))){

//print "Please enter a valid username and email address.";

$errmsg=" Please enter a valid username and email address.";

$error=true;

}

We use regular expressions to test the format of the email address that the user entered into the form and set the appropriate error messages if the format is invalid:

//Check if email address has correct format

if(!eregi("^[a-z0-9]+[a-z0-9_-]*(.[a-z0-9_-]+)*@[a-z0-9_-]+(.[a-z0-9_-]+)*.(

[a-z]+){2,}$", $_POST['email'])) {

$errmsg=" Please enter a valid email address.";

$error=true;

}

if no errors were found, the form values are transferred to shorter variables:

if(!$error){

$name=$_POST['name'];

$em=$_POST['mail'];

Then we check to see if the username that the user entered exists in the database. This is very important, because we will not be able to retrieve the database without this piece of information. Also, it is a good way to make sure that no unauthorized person gets the password:

//2. Check if entered name exist

$query="Select pw from users where uname='$name'" or die(mysql_error());

$result= mysql_query($query);

if(mysql_num_rows($result)>0){

for ($i=0; $i<mysql_num_rows($result); $i++) {

$row = mysql_fetch_assoc($result);