/profile.php?id= does not work?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mikes1471
Forum Commoner
Posts: 88
Joined: Sat Jan 24, 2009 3:29 pm

/profile.php?id= does not work?

Post by mikes1471 »

Could someone advise me how I can begin to define the users values in a URL? Currently if i set a link to someones profile and hover over it on the live site I can see the URL displays as '/profile.php?id=' you see there is no ID appearing where i have specified the link in the code as '/profile.php?=$id' and the same for any other users, so where am I going wrong, I would include my code but am not sure on which page this is defined or if its something ive done wrong?
Last edited by mikes1471 on Wed Nov 25, 2009 1:12 pm, edited 2 times in total.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: /profile.php?id= does not work?

Post by requinix »

You should include code. Do a search for any file with "/profile.php?" in it.

Anyways,

Code: Select all

// good forms
echo "/profile.php?id=$id"; // or print(); note how the $id is in "s
echo "/profile.php?id=${id}"; // or print()
echo "/profile.php?id={$id}"; // or print()
echo "/profile.php?id=" . $id; // or print()
echo "/profile.php?id=", $id; /* cannot use print() here */ ?>
/profile.php?id=<?=$id?>
/profile.php?id=<?php echo $id; /* or print() */ ?>
 
<?php
// bad forms
 
echo '/profile.php?id=$id'; /* or print(); note how the $id is in 's */ ?>
/profile.php?id=$id
Not a complete list.
mikes1471
Forum Commoner
Posts: 88
Joined: Sat Jan 24, 2009 3:29 pm

Re: /profile.php?id= does not work?

Post by mikes1471 »

Thanks, I'm now able to echo the ID of my members in such a way:

Code: Select all

<a href='profile.php?id=".$row['id']."'>$id</a>
When hovering over this link for one of the members I see the link includes the id, e.g profile.php?id=59 and when I click on this, it displays as such in the address bar, however, the profile which is displayed in the page is for the user I am logged in as and not that of user id 59.

At first I thought it was picking up on the session id from my login but I've tried it using:

Code: Select all

<a href='profile.php?lastname=".$row['lastname']."'>$lastname</a>
Lastname is not a value stored in a session, or called upon in any way to be displayed in any other part of the webpage and when I click on the link, again I am taken to the profile I am logged in as, as opposed to that of user 59 (lastname of tester1)

I'd be really grateful if anyone can point out where I'm going wrong
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: /profile.php?id= does not work?

Post by requinix »

mikes1471 wrote:I'd be really grateful if anyone can point out where I'm going wrong
Without any code it's hard to say...
mikes1471
Forum Commoner
Posts: 88
Joined: Sat Jan 24, 2009 3:29 pm

Re: /profile.php?id= does not work?

Post by mikes1471 »

Code removed
Last edited by mikes1471 on Wed Nov 25, 2009 8:50 am, edited 1 time in total.
mikes1471
Forum Commoner
Posts: 88
Joined: Sat Jan 24, 2009 3:29 pm

Re: /profile.php?id= does not work?

Post by mikes1471 »

Sorted this now, profile.php had $id = $_SESSION['id']; changed this to $id = $_GET['id']; and all works OK thanks for your assistance tasairis
mikes1471
Forum Commoner
Posts: 88
Joined: Sat Jan 24, 2009 3:29 pm

/profile.php?id= does not work?

Post by mikes1471 »

Sorry to string this out but the profile page no longer displays now I have changed the line $id = $_SESSION['id']; to $id = $_GET['id'];

Is there any way around this?

Profile.php:

Code: Select all

<?php
 
include('design/header.php');
require('connect.php');
?>
<table width='100%' border='0'>
<tr></tr>
</table>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-3261058-3");
pageTracker._trackPageview();
} catch(err) {}</script>
 
<?
 
$albumid = $_GET['album'];
$id = $_GET['id'];
 
$getusername= $_GET['username'];
$album = mysql_query("SELECT * FROM users WHERE id='$id' AND defaultimage= '1'");
echo "<br>";
//Google Ads here <<<<<<<<<
 
//display username
echo "<br>";
$username = mysql_query("SELECT username FROM users WHERE id='$id'");
$firstname = mysql_query("SELECT firstname FROM users WHERE id='$id'");
$gender = mysql_query("SELECT gender FROM users WHERE id='$id'");
$city = mysql_query("SELECT city FROM users WHERE id='$id'");
$country = mysql_query("SELECT country FROM users WHERE id='$id'");
$birthdate = mysql_query("SELECT birthdate FROM users WHERE id='$id'");
$location = mysql_query("SELECT location FROM users WHERE id='$id'");
$status = mysql_query("SELECT status FROM users WHERE id='$id'");
$memberlevel = mysql_query("SELECT memberlevel FROM users WHERE id='$id'");
$aboutme = mysql_query("SELECT aboutme FROM users WHERE id='$id'");
 
# Do the Queries and get the return arrays
$yobarray = mysql_fetch_array(mysql_query("SELECT yob FROM users WHERE id='$id'"));
$mobarray = mysql_fetch_array(mysql_query("SELECT mob FROM users WHERE id='$id'"));
$dobarray = mysql_fetch_array(mysql_query("SELECT dob FROM users WHERE id='$id'"));
 
# Get the first entry in each array (should only be 1 entry anyway)
$yob = $yobarray[0];
$mob = $mobarray[0];
$dob = $dobarray[0];
 
$usernamearray = mysql_fetch_assoc($username);
$firstnamearray = mysql_fetch_assoc($firstname);
$genderarray = mysql_fetch_assoc($gender);
$cityarray = mysql_fetch_assoc($city);
$countryarray = mysql_fetch_assoc($country);
$locationarray = mysql_fetch_assoc($location);
$statusarray = mysql_fetch_assoc($status);
$memberlevelarray = mysql_fetch_assoc($memberlevel);
$aboutmearray = mysql_fetch_assoc($aboutme);
 
//THIS IS THE PART OF THE WEBPAGE WHICH DISPLAYS THE DATE CURRENTLY
 
 
 
 
function getage($year,$month,$day) {
 
        $cyear = date('Y');
 
        $cmon = date('m');
 
        $cday = date('d');
 
 
 
        $age = $cyear - $year;
 
 
 
        if($cmon <= $month && $cday <= $day) {
 
                $age--;
 
        }
 
 
 
        return $age;
 
};
 
$theirage = getage($yob,$mob,$dob);
 
 
 
echo "<font size='8' face='arial'>".$usernamearray['username']."</font><p>";
echo "<table width='100%' border='1'>";
        while ($row = mysql_fetch_assoc($album))
        {
        echo "
        <tr>
            <td width='25%' height='300' align='center' valign='top'>
            <a href='gallery.php'><a href='/gallery.php?username=
$getusername'><img src='store/".$locationarray['location']."' width='280' border='0'></a>
            </td>
    <td width='7%' align='left' valign='top'>
    <font size='4' face='arial'>Name:</font><p>
    <font size='4' face='arial'>Age:</font><p>
        <font size='4' face='arial'>Gender:</font><p>   
        <font size='4' face='arial'>Status:</font><p>
        <font size='4' face='arial'>Lives in:</font><p>
    <font size='4' face='arial'>In:</font><p>
    </td>
 
    <td width='20%' align='left' valign='top' bgcolor='#f2f2f1'>
    <font size='4' face='arial'>".$firstnamearray['firstname']."</font><p>
    <font size='4' face='arial'>$theirage years old</font><p>
        <font size='4' face='arial'>".$genderarray['gender']."</font><p>    
        <font size='4' face='arial'>".$statusarray['status']."</font><p>
        <font size='4' face='arial'>".$cityarray['city']."</font><p>
    <font size='4' face='arial'>".$countryarray['country']."</font><p>
    <img src='images/message.png'>
    </td>
 
    <td width='35%' text align='center' valign='top'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 336x280, created 15/11/09 */
google_ad_slot = \"4031011979\";
google_ad_width = 336;
google_ad_height = 280;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
        <td width='15%' rowspan='3' text align='center'>
    <script type=\"text/javascript\"><!--
    google_ad_client = \"pub-2244587610348757\";
    /* 160x600, created 21/08/09 */
    google_ad_slot = \"7640913206\";
    google_ad_width = 160;
    google_ad_height = 600;
    //-->
    </script>
    <script type=\"text/javascript\"
    src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
    </script>
    </td>
            </tr>
<tr>
<td height='30px' text align='center'><font size='4' face='arial' color='#33cc00'>Member Level</font><br>
<img src='images/".$memberlevelarray['memberlevel']."' width='280' border='0'>
</td>
<td colspan='3' rowspan='2' valign='top'>
<font size='6' face='arial' color='#33cc00'>
About Me<br></font><br>
<font size='4' face='arial'>".$aboutmearray['aboutme']."</font>
</td>
</tr>
 
<tr>
<td text align='center'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 250x250, created 15/11/09 */
google_ad_slot = \"8072119895\";
google_ad_width = 250;
google_ad_height = 250;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
</tr>
 
        ";
        }
        echo "</table>
        ";
 
include("design/footer.php");
 
?>
Browse.php:

Code: Select all

<?php
 
include('connect.php');
include('design/header.php');
 
 
//max displayed per page
$per_page = 36;
 
//get start variable
$start = $_GET['start'];
 
//count records
$record_count = mysql_num_rows(mysql_query("SELECT * FROM users"));
 
 
//id in URL
$getid= $_GET['id'];
 
$query_result = mysql_query($sql);
 
$display_per_row = 4; //amount you need to display per row
$x = 0;
 
//count max pages
$max_pages = $record_count / $per_page; //may come out as decimal
 
if (!$start)
   $start = 0;
 
$sql = "SELECT * FROM users WHERE gender='male' OR gender='female'";
$query_result = mysql_query($sql); 
 
$display_per_row = 4; //amount you need to display per row
$x = 0;
 
echo "<table border='1' align='center' width='100%'>";
// loop through users
while ($row = mysql_fetch_assoc($query_result))
{
    $x++;
    
    if ($x == 1) {
      echo "<tr height='10'></tr><tr>";
    }
    
    $username = $row['username'];
    $yob = $row['yob'];
    $mob = $row['mob'];
    $dob = $row['dob'];
    $age = getage($yob, $mob, $dob);
    $location = $row['location'];
    $gender = $row['gender'];
    $status = $row['status'];
    $city = $row['city'];
    $id = $row['id'];
 
    echo "
    <td align='center' width='120'><a href='profile.php?=$getid'><img src=store/$location width='120' border='0'></a></td><td>
    <b><font face='arial' size='3'>
    $username<br>
    <font color='red'>Age:</font> $age<br>
    <font color='red'>Gender:</font> $gender<br>
    <font color='red'>Status:</font> $status<br><br>
    $city<br>
    <a href='profile.php?id=".$row['id']."'>$id</a><br>
    <a href='messageuser.php'><font color='green'>Message me!</font></a>
    </b>
    </td>";
    
    if ($x == $display_per_row) {
      echo "</tr>";
      $x=0;
    }
 
}
echo '</table>';
 
function getage($year,$month,$day) {
 
    $cyear = date('Y');
    $cmon = date('m');
    $cday = date('d');
    
    $age = $cyear - $year;
    
    if($cmon <= $month && $cday <= $day) {
        $age--;
    }
     
     return $age;
 
} 
 
//setup prev and next variables
$prev = $start - $per_page;
$next = $start + $per_page;
 
//show prev button
if (!($start<=0))
       echo "<a href='index.php?start=$prev'>Prev</a> ";
 
//show page numbers
 
//set variable for first page
$i=1;
 
for ($x=0;$x<$record_count;$x=$x+$per_page)
{
if ($start!=$x)
    echo " <a href='index.php?start=$x'>$i</a> ";
else
    echo " <a href='index.php?start=$x'><b>$i</b></a> ";
$i++;
}
 
//show next button
if (!($start>=$record_count-$per_page))
       echo " <a href='index.php?start=$next'>Next</a>";
 
 
?>
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: /profile.php?id= does not work?

Post by superdezign »

Firstly, clean all user input. $id is coming from the query string, and is thus user input and can be corrupted. Typecast it to an integer.

Secondly, all of those queries can be condensed into one. Turn this:

Code: Select all

$username = mysql_query("SELECT username FROM users WHERE id='$id'");
$firstname = mysql_query("SELECT firstname FROM users WHERE id='$id'");
$gender = mysql_query("SELECT gender FROM users WHERE id='$id'");
$city = mysql_query("SELECT city FROM users WHERE id='$id'");
$country = mysql_query("SELECT country FROM users WHERE id='$id'");
$birthdate = mysql_query("SELECT birthdate FROM users WHERE id='$id'");
$location = mysql_query("SELECT location FROM users WHERE id='$id'");
$status = mysql_query("SELECT status FROM users WHERE id='$id'");
$memberlevel = mysql_query("SELECT memberlevel FROM users WHERE id='$id'");
$aboutme = mysql_query("SELECT aboutme FROM users WHERE id='$id'");
Into this:

Code: Select all

$user = null;
$data = mysql_query("SELECT * FROM `users` WHERE `id`=" . (int)$id);
if (is_resource($data)) {
  $user = mysql_fetch_object($data);
  $username = $user->username;
  $firstname = $user->firstname;
  // ... etc.
}
And, instead of using "$usernamearray['username']", just use "$username" or "$user ->username."
dsick
Forum Commoner
Posts: 57
Joined: Fri Mar 27, 2009 3:34 pm

Re: /profile.php?id= does not work?

Post by dsick »

make sure you concatenating the id variable

that happens to me some times because i forgot to concatenate
Post Reply