/profile.php?id= does not work?
Moderator: General Moderators
/profile.php?id= does not work?
Could someone advise me how I can begin to define the users values in a URL? Currently if i set a link to someones profile and hover over it on the live site I can see the URL displays as '/profile.php?id=' you see there is no ID appearing where i have specified the link in the code as '/profile.php?=$id' and the same for any other users, so where am I going wrong, I would include my code but am not sure on which page this is defined or if its something ive done wrong?
Last edited by mikes1471 on Wed Nov 25, 2009 1:12 pm, edited 2 times in total.
Re: /profile.php?id= does not work?
You should include code. Do a search for any file with "/profile.php?" in it.
Anyways,
Not a complete list.
Anyways,
Code: Select all
// good forms
echo "/profile.php?id=$id"; // or print(); note how the $id is in "s
echo "/profile.php?id=${id}"; // or print()
echo "/profile.php?id={$id}"; // or print()
echo "/profile.php?id=" . $id; // or print()
echo "/profile.php?id=", $id; /* cannot use print() here */ ?>
/profile.php?id=<?=$id?>
/profile.php?id=<?php echo $id; /* or print() */ ?>
<?php
// bad forms
echo '/profile.php?id=$id'; /* or print(); note how the $id is in 's */ ?>
/profile.php?id=$idRe: /profile.php?id= does not work?
Thanks, I'm now able to echo the ID of my members in such a way:
When hovering over this link for one of the members I see the link includes the id, e.g profile.php?id=59 and when I click on this, it displays as such in the address bar, however, the profile which is displayed in the page is for the user I am logged in as and not that of user id 59.
At first I thought it was picking up on the session id from my login but I've tried it using:
Lastname is not a value stored in a session, or called upon in any way to be displayed in any other part of the webpage and when I click on the link, again I am taken to the profile I am logged in as, as opposed to that of user 59 (lastname of tester1)
I'd be really grateful if anyone can point out where I'm going wrong
Code: Select all
<a href='profile.php?id=".$row['id']."'>$id</a>At first I thought it was picking up on the session id from my login but I've tried it using:
Code: Select all
<a href='profile.php?lastname=".$row['lastname']."'>$lastname</a>I'd be really grateful if anyone can point out where I'm going wrong
Re: /profile.php?id= does not work?
Without any code it's hard to say...mikes1471 wrote:I'd be really grateful if anyone can point out where I'm going wrong
Re: /profile.php?id= does not work?
Code removed
Last edited by mikes1471 on Wed Nov 25, 2009 8:50 am, edited 1 time in total.
Re: /profile.php?id= does not work?
Sorted this now, profile.php had $id = $_SESSION['id']; changed this to $id = $_GET['id']; and all works OK thanks for your assistance tasairis
/profile.php?id= does not work?
Sorry to string this out but the profile page no longer displays now I have changed the line $id = $_SESSION['id']; to $id = $_GET['id'];
Is there any way around this?
Profile.php:
Browse.php:
Is there any way around this?
Profile.php:
Code: Select all
<?php
include('design/header.php');
require('connect.php');
?>
<table width='100%' border='0'>
<tr></tr>
</table>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-3261058-3");
pageTracker._trackPageview();
} catch(err) {}</script>
<?
$albumid = $_GET['album'];
$id = $_GET['id'];
$getusername= $_GET['username'];
$album = mysql_query("SELECT * FROM users WHERE id='$id' AND defaultimage= '1'");
echo "<br>";
//Google Ads here <<<<<<<<<
//display username
echo "<br>";
$username = mysql_query("SELECT username FROM users WHERE id='$id'");
$firstname = mysql_query("SELECT firstname FROM users WHERE id='$id'");
$gender = mysql_query("SELECT gender FROM users WHERE id='$id'");
$city = mysql_query("SELECT city FROM users WHERE id='$id'");
$country = mysql_query("SELECT country FROM users WHERE id='$id'");
$birthdate = mysql_query("SELECT birthdate FROM users WHERE id='$id'");
$location = mysql_query("SELECT location FROM users WHERE id='$id'");
$status = mysql_query("SELECT status FROM users WHERE id='$id'");
$memberlevel = mysql_query("SELECT memberlevel FROM users WHERE id='$id'");
$aboutme = mysql_query("SELECT aboutme FROM users WHERE id='$id'");
# Do the Queries and get the return arrays
$yobarray = mysql_fetch_array(mysql_query("SELECT yob FROM users WHERE id='$id'"));
$mobarray = mysql_fetch_array(mysql_query("SELECT mob FROM users WHERE id='$id'"));
$dobarray = mysql_fetch_array(mysql_query("SELECT dob FROM users WHERE id='$id'"));
# Get the first entry in each array (should only be 1 entry anyway)
$yob = $yobarray[0];
$mob = $mobarray[0];
$dob = $dobarray[0];
$usernamearray = mysql_fetch_assoc($username);
$firstnamearray = mysql_fetch_assoc($firstname);
$genderarray = mysql_fetch_assoc($gender);
$cityarray = mysql_fetch_assoc($city);
$countryarray = mysql_fetch_assoc($country);
$locationarray = mysql_fetch_assoc($location);
$statusarray = mysql_fetch_assoc($status);
$memberlevelarray = mysql_fetch_assoc($memberlevel);
$aboutmearray = mysql_fetch_assoc($aboutme);
//THIS IS THE PART OF THE WEBPAGE WHICH DISPLAYS THE DATE CURRENTLY
function getage($year,$month,$day) {
$cyear = date('Y');
$cmon = date('m');
$cday = date('d');
$age = $cyear - $year;
if($cmon <= $month && $cday <= $day) {
$age--;
}
return $age;
};
$theirage = getage($yob,$mob,$dob);
echo "<font size='8' face='arial'>".$usernamearray['username']."</font><p>";
echo "<table width='100%' border='1'>";
while ($row = mysql_fetch_assoc($album))
{
echo "
<tr>
<td width='25%' height='300' align='center' valign='top'>
<a href='gallery.php'><a href='/gallery.php?username=
$getusername'><img src='store/".$locationarray['location']."' width='280' border='0'></a>
</td>
<td width='7%' align='left' valign='top'>
<font size='4' face='arial'>Name:</font><p>
<font size='4' face='arial'>Age:</font><p>
<font size='4' face='arial'>Gender:</font><p>
<font size='4' face='arial'>Status:</font><p>
<font size='4' face='arial'>Lives in:</font><p>
<font size='4' face='arial'>In:</font><p>
</td>
<td width='20%' align='left' valign='top' bgcolor='#f2f2f1'>
<font size='4' face='arial'>".$firstnamearray['firstname']."</font><p>
<font size='4' face='arial'>$theirage years old</font><p>
<font size='4' face='arial'>".$genderarray['gender']."</font><p>
<font size='4' face='arial'>".$statusarray['status']."</font><p>
<font size='4' face='arial'>".$cityarray['city']."</font><p>
<font size='4' face='arial'>".$countryarray['country']."</font><p>
<img src='images/message.png'>
</td>
<td width='35%' text align='center' valign='top'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 336x280, created 15/11/09 */
google_ad_slot = \"4031011979\";
google_ad_width = 336;
google_ad_height = 280;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
<td width='15%' rowspan='3' text align='center'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 160x600, created 21/08/09 */
google_ad_slot = \"7640913206\";
google_ad_width = 160;
google_ad_height = 600;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
</tr>
<tr>
<td height='30px' text align='center'><font size='4' face='arial' color='#33cc00'>Member Level</font><br>
<img src='images/".$memberlevelarray['memberlevel']."' width='280' border='0'>
</td>
<td colspan='3' rowspan='2' valign='top'>
<font size='6' face='arial' color='#33cc00'>
About Me<br></font><br>
<font size='4' face='arial'>".$aboutmearray['aboutme']."</font>
</td>
</tr>
<tr>
<td text align='center'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 250x250, created 15/11/09 */
google_ad_slot = \"8072119895\";
google_ad_width = 250;
google_ad_height = 250;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
</tr>
";
}
echo "</table>
";
include("design/footer.php");
?>Code: Select all
<?php
include('connect.php');
include('design/header.php');
//max displayed per page
$per_page = 36;
//get start variable
$start = $_GET['start'];
//count records
$record_count = mysql_num_rows(mysql_query("SELECT * FROM users"));
//id in URL
$getid= $_GET['id'];
$query_result = mysql_query($sql);
$display_per_row = 4; //amount you need to display per row
$x = 0;
//count max pages
$max_pages = $record_count / $per_page; //may come out as decimal
if (!$start)
$start = 0;
$sql = "SELECT * FROM users WHERE gender='male' OR gender='female'";
$query_result = mysql_query($sql);
$display_per_row = 4; //amount you need to display per row
$x = 0;
echo "<table border='1' align='center' width='100%'>";
// loop through users
while ($row = mysql_fetch_assoc($query_result))
{
$x++;
if ($x == 1) {
echo "<tr height='10'></tr><tr>";
}
$username = $row['username'];
$yob = $row['yob'];
$mob = $row['mob'];
$dob = $row['dob'];
$age = getage($yob, $mob, $dob);
$location = $row['location'];
$gender = $row['gender'];
$status = $row['status'];
$city = $row['city'];
$id = $row['id'];
echo "
<td align='center' width='120'><a href='profile.php?=$getid'><img src=store/$location width='120' border='0'></a></td><td>
<b><font face='arial' size='3'>
$username<br>
<font color='red'>Age:</font> $age<br>
<font color='red'>Gender:</font> $gender<br>
<font color='red'>Status:</font> $status<br><br>
$city<br>
<a href='profile.php?id=".$row['id']."'>$id</a><br>
<a href='messageuser.php'><font color='green'>Message me!</font></a>
</b>
</td>";
if ($x == $display_per_row) {
echo "</tr>";
$x=0;
}
}
echo '</table>';
function getage($year,$month,$day) {
$cyear = date('Y');
$cmon = date('m');
$cday = date('d');
$age = $cyear - $year;
if($cmon <= $month && $cday <= $day) {
$age--;
}
return $age;
}
//setup prev and next variables
$prev = $start - $per_page;
$next = $start + $per_page;
//show prev button
if (!($start<=0))
echo "<a href='index.php?start=$prev'>Prev</a> ";
//show page numbers
//set variable for first page
$i=1;
for ($x=0;$x<$record_count;$x=$x+$per_page)
{
if ($start!=$x)
echo " <a href='index.php?start=$x'>$i</a> ";
else
echo " <a href='index.php?start=$x'><b>$i</b></a> ";
$i++;
}
//show next button
if (!($start>=$record_count-$per_page))
echo " <a href='index.php?start=$next'>Next</a>";
?>- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Re: /profile.php?id= does not work?
Firstly, clean all user input. $id is coming from the query string, and is thus user input and can be corrupted. Typecast it to an integer.
Secondly, all of those queries can be condensed into one. Turn this:
Into this:
And, instead of using "$usernamearray['username']", just use "$username" or "$user ->username."
Secondly, all of those queries can be condensed into one. Turn this:
Code: Select all
$username = mysql_query("SELECT username FROM users WHERE id='$id'");
$firstname = mysql_query("SELECT firstname FROM users WHERE id='$id'");
$gender = mysql_query("SELECT gender FROM users WHERE id='$id'");
$city = mysql_query("SELECT city FROM users WHERE id='$id'");
$country = mysql_query("SELECT country FROM users WHERE id='$id'");
$birthdate = mysql_query("SELECT birthdate FROM users WHERE id='$id'");
$location = mysql_query("SELECT location FROM users WHERE id='$id'");
$status = mysql_query("SELECT status FROM users WHERE id='$id'");
$memberlevel = mysql_query("SELECT memberlevel FROM users WHERE id='$id'");
$aboutme = mysql_query("SELECT aboutme FROM users WHERE id='$id'");Code: Select all
$user = null;
$data = mysql_query("SELECT * FROM `users` WHERE `id`=" . (int)$id);
if (is_resource($data)) {
$user = mysql_fetch_object($data);
$username = $user->username;
$firstname = $user->firstname;
// ... etc.
}Re: /profile.php?id= does not work?
make sure you concatenating the id variable
that happens to me some times because i forgot to concatenate
that happens to me some times because i forgot to concatenate