Treehouse: Grow your CSS skills. Land your dream job.

Sign up form

  • Bob
    # May 15, 2011 at 3:54 pm


    So I’m creating a website for an event. I want people to be able to sign up at the website with their name, phone number etc.

    I want to display each name of everyone who signed up on a certain page of my website so everyone can see who signed up already. I was wondering what is the best way of doing this?

    I was thinking of sending the inputs to a database and then on the page I want to display them on, get them out of the database and output them. I haven’t got any code yet or a live site, but I was just wondering what was the best way.


    Im using wordpress btw.

    # May 17, 2011 at 1:59 pm

    Bump :)

    I suppose the way to do this is as I said above, by using a mysql query to save and get the data from the database again? Any examples of that?

    # May 18, 2011 at 10:43 am

    Hello Bob,

    Since you are wanting to get data from the user as you specified it would be practical for you to store it in a database. Especially if you plan on utilizing that data in some way in the future for the actual event.

    As far as displaying the information, retrieving it from the database is the most practical solution. I would give you a code example, however you did not specify the language that you will be using. Maybe PHP?

    # May 25, 2011 at 4:56 am

    Sorry for the late response – I was away for a while.

    Thanks for your response, I indeed will be using PHP.

    I was wondering though what was the correct way of securing these forms. I know persons can input stuff in the input field that can mess up your database or website, so I would like to know how to prevent such things from happening. What is a good way of making sure nothing is inputted that can disrupt things and have a secure way of saving the inputs in the database?

    # May 25, 2011 at 7:37 am

    Hi Bob,

    You should have some validation and cleanup on data input by user to avoid XSS Attack and SQL Injection Attack.

    Below is a simple example in PHP and Mysql.

    Suppose you have a html form posting following data to add_contact.php:


    < ?php
    //connect to db
    $conn=mysql_connect("localhost", 'mysql_user', 'mysql_password');

    //form data

    //trim data

    //do simple validation
    if(!$form_data || !$form_data || !$form_data || !$form_data)
    die('Invalid data');

    //escape before insert to db to prevent SQL Injection Attack

    //insert to db
    mysql_query("INSERT INTO contacts(first_name,last_name,email,address) VALUES ('{$form_data}','{$form_data}','{$form_data}','{$form_data}')");

    //close db connection

    //show success message
    echo "Add success";

    Then the list page

    < ?php
    ...//init db connection

    //get data
    $query=mysql_query("SELECT * FROM contacts LIMIT 10");
    //loop and show each entry
    //convert html chars to prevent XSS Attack

    //convert new line to
    to keep the layout

    echo "First name:".$row."
    echo "Last name:".$row."
    echo "Email:".$row."
    echo "Address:".$row."
    echo "


    Note that it’s just a simple example for doing that, to learn more about PHP, you can visit php website:


    # May 25, 2011 at 3:02 pm

    That looks great and is definitely helping me get further, thanks for this!

    I have a question about some part of the code though, namely this:

    //do simple validation
    if(!$form_data || !$form_data || !$form_data || !$form_data)
    die('Invalid data');

    The validation. I don’t really understand what it says.. its an if statement, but it doesn’t seem to compare or check an input value against a set value, if that makes sense.. usually, its something like: If.. 5+5 = 10 then output “thats correct” else “nope thats wrong”. I can only see there is an exclamation mark in front of each $form_data[…] but I dont really understand it fully I think.

    Also, thats whats causing problems for when testing this out. It outputs “Invalid data”, whereas I only filled in my name in the fields.. can someone help?

    # May 25, 2011 at 10:41 pm

    @Bob, if i’m not mistaken the if statement is only checking to make sure there is actual data given in the fields and none are left blank.

    you can check if something is true or not simply by doing something like
    if($form_data) {


    if theres nothing in the field, it will return false if theres something in it it will return true.

    in the example ddliu gave, he had put !$form_data in the if statement, along with the other fields as well. the ! before it basicly means, if its not true, then do what ever is inside the if statement.

    # May 26, 2011 at 1:41 am

    The if scope is just a simple validation which means that every field should not be empty.

    If any field not input, the script will quit and show an error message “Invalid data”.(die will stop the script, and the script will not be continued anymore)

    For more complex validation, you should change this scope.

    For example, to check the email, you may use regular expression; you may also limit the string length of first name and last name.

    I’ve created a gist here:

    < ?php
    //validate first name
    die('First name too long');

    //validate last name
    die('Last name too long');

    //validate email
    die('Invalid email address');

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.