Page 1 of 1
/profile.php?id= does not work?
Posted: Mon Nov 23, 2009 7:45 pm
by mikes1471
Could someone advise me how I can begin to define the users values in a URL? Currently if i set a link to someones profile and hover over it on the live site I can see the URL displays as '/profile.php?id=' you see there is no ID appearing where i have specified the link in the code as '/profile.php?=$id' and the same for any other users, so where am I going wrong, I would include my code but am not sure on which page this is defined or if its something ive done wrong?
Re: /profile.php?id= does not work?
Posted: Tue Nov 24, 2009 12:26 am
by requinix
You should include code. Do a search for any file with "/profile.php?" in it.
Anyways,
Code: Select all
// good forms
echo "/profile.php?id=$id"; // or print(); note how the $id is in "s
echo "/profile.php?id=${id}"; // or print()
echo "/profile.php?id={$id}"; // or print()
echo "/profile.php?id=" . $id; // or print()
echo "/profile.php?id=", $id; /* cannot use print() here */ ?>
/profile.php?id=<?=$id?>
/profile.php?id=<?php echo $id; /* or print() */ ?>
<?php
// bad forms
echo '/profile.php?id=$id'; /* or print(); note how the $id is in 's */ ?>
/profile.php?id=$id
Not a complete list.
Re: /profile.php?id= does not work?
Posted: Tue Nov 24, 2009 9:32 pm
by mikes1471
Thanks, I'm now able to echo the ID of my members in such a way:
Code: Select all
<a href='profile.php?id=".$row['id']."'>$id</a>
When hovering over this link for one of the members I see the link includes the id, e.g profile.php?id=59 and when I click on this, it displays as such in the address bar, however, the profile which is displayed in the page is for the user I am logged in as and not that of user id 59.
At first I thought it was picking up on the session id from my login but I've tried it using:
Code: Select all
<a href='profile.php?lastname=".$row['lastname']."'>$lastname</a>
Lastname is not a value stored in a session, or called upon in any way to be displayed in any other part of the webpage and when I click on the link, again I am taken to the profile I am logged in as, as opposed to that of user 59 (lastname of tester1)
I'd be really grateful if anyone can point out where I'm going wrong
Re: /profile.php?id= does not work?
Posted: Tue Nov 24, 2009 10:59 pm
by requinix
mikes1471 wrote:I'd be really grateful if anyone can point out where I'm going wrong
Without any code it's hard to say...
Re: /profile.php?id= does not work?
Posted: Wed Nov 25, 2009 5:40 am
by mikes1471
Code removed
Re: /profile.php?id= does not work?
Posted: Wed Nov 25, 2009 8:47 am
by mikes1471
Sorted this now, profile.php had $id = $_SESSION['id']; changed this to $id = $_GET['id']; and all works OK thanks for your assistance tasairis
/profile.php?id= does not work?
Posted: Wed Nov 25, 2009 12:59 pm
by mikes1471
Sorry to string this out but the profile page no longer displays now I have changed the line $id = $_SESSION['id']; to $id = $_GET['id'];
Is there any way around this?
Profile.php:
Code: Select all
<?php
include('design/header.php');
require('connect.php');
?>
<table width='100%' border='0'>
<tr></tr>
</table>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-3261058-3");
pageTracker._trackPageview();
} catch(err) {}</script>
<?
$albumid = $_GET['album'];
$id = $_GET['id'];
$getusername= $_GET['username'];
$album = mysql_query("SELECT * FROM users WHERE id='$id' AND defaultimage= '1'");
echo "<br>";
//Google Ads here <<<<<<<<<
//display username
echo "<br>";
$username = mysql_query("SELECT username FROM users WHERE id='$id'");
$firstname = mysql_query("SELECT firstname FROM users WHERE id='$id'");
$gender = mysql_query("SELECT gender FROM users WHERE id='$id'");
$city = mysql_query("SELECT city FROM users WHERE id='$id'");
$country = mysql_query("SELECT country FROM users WHERE id='$id'");
$birthdate = mysql_query("SELECT birthdate FROM users WHERE id='$id'");
$location = mysql_query("SELECT location FROM users WHERE id='$id'");
$status = mysql_query("SELECT status FROM users WHERE id='$id'");
$memberlevel = mysql_query("SELECT memberlevel FROM users WHERE id='$id'");
$aboutme = mysql_query("SELECT aboutme FROM users WHERE id='$id'");
# Do the Queries and get the return arrays
$yobarray = mysql_fetch_array(mysql_query("SELECT yob FROM users WHERE id='$id'"));
$mobarray = mysql_fetch_array(mysql_query("SELECT mob FROM users WHERE id='$id'"));
$dobarray = mysql_fetch_array(mysql_query("SELECT dob FROM users WHERE id='$id'"));
# Get the first entry in each array (should only be 1 entry anyway)
$yob = $yobarray[0];
$mob = $mobarray[0];
$dob = $dobarray[0];
$usernamearray = mysql_fetch_assoc($username);
$firstnamearray = mysql_fetch_assoc($firstname);
$genderarray = mysql_fetch_assoc($gender);
$cityarray = mysql_fetch_assoc($city);
$countryarray = mysql_fetch_assoc($country);
$locationarray = mysql_fetch_assoc($location);
$statusarray = mysql_fetch_assoc($status);
$memberlevelarray = mysql_fetch_assoc($memberlevel);
$aboutmearray = mysql_fetch_assoc($aboutme);
//THIS IS THE PART OF THE WEBPAGE WHICH DISPLAYS THE DATE CURRENTLY
function getage($year,$month,$day) {
$cyear = date('Y');
$cmon = date('m');
$cday = date('d');
$age = $cyear - $year;
if($cmon <= $month && $cday <= $day) {
$age--;
}
return $age;
};
$theirage = getage($yob,$mob,$dob);
echo "<font size='8' face='arial'>".$usernamearray['username']."</font><p>";
echo "<table width='100%' border='1'>";
while ($row = mysql_fetch_assoc($album))
{
echo "
<tr>
<td width='25%' height='300' align='center' valign='top'>
<a href='gallery.php'><a href='/gallery.php?username=
$getusername'><img src='store/".$locationarray['location']."' width='280' border='0'></a>
</td>
<td width='7%' align='left' valign='top'>
<font size='4' face='arial'>Name:</font><p>
<font size='4' face='arial'>Age:</font><p>
<font size='4' face='arial'>Gender:</font><p>
<font size='4' face='arial'>Status:</font><p>
<font size='4' face='arial'>Lives in:</font><p>
<font size='4' face='arial'>In:</font><p>
</td>
<td width='20%' align='left' valign='top' bgcolor='#f2f2f1'>
<font size='4' face='arial'>".$firstnamearray['firstname']."</font><p>
<font size='4' face='arial'>$theirage years old</font><p>
<font size='4' face='arial'>".$genderarray['gender']."</font><p>
<font size='4' face='arial'>".$statusarray['status']."</font><p>
<font size='4' face='arial'>".$cityarray['city']."</font><p>
<font size='4' face='arial'>".$countryarray['country']."</font><p>
<img src='images/message.png'>
</td>
<td width='35%' text align='center' valign='top'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 336x280, created 15/11/09 */
google_ad_slot = \"4031011979\";
google_ad_width = 336;
google_ad_height = 280;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
<td width='15%' rowspan='3' text align='center'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 160x600, created 21/08/09 */
google_ad_slot = \"7640913206\";
google_ad_width = 160;
google_ad_height = 600;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
</tr>
<tr>
<td height='30px' text align='center'><font size='4' face='arial' color='#33cc00'>Member Level</font><br>
<img src='images/".$memberlevelarray['memberlevel']."' width='280' border='0'>
</td>
<td colspan='3' rowspan='2' valign='top'>
<font size='6' face='arial' color='#33cc00'>
About Me<br></font><br>
<font size='4' face='arial'>".$aboutmearray['aboutme']."</font>
</td>
</tr>
<tr>
<td text align='center'>
<script type=\"text/javascript\"><!--
google_ad_client = \"pub-2244587610348757\";
/* 250x250, created 15/11/09 */
google_ad_slot = \"8072119895\";
google_ad_width = 250;
google_ad_height = 250;
//-->
</script>
<script type=\"text/javascript\"
src=\"http://pagead2.googlesyndication.com/pagead/show_ads.js\">
</script>
</td>
</tr>
";
}
echo "</table>
";
include("design/footer.php");
?>
Browse.php:
Code: Select all
<?php
include('connect.php');
include('design/header.php');
//max displayed per page
$per_page = 36;
//get start variable
$start = $_GET['start'];
//count records
$record_count = mysql_num_rows(mysql_query("SELECT * FROM users"));
//id in URL
$getid= $_GET['id'];
$query_result = mysql_query($sql);
$display_per_row = 4; //amount you need to display per row
$x = 0;
//count max pages
$max_pages = $record_count / $per_page; //may come out as decimal
if (!$start)
$start = 0;
$sql = "SELECT * FROM users WHERE gender='male' OR gender='female'";
$query_result = mysql_query($sql);
$display_per_row = 4; //amount you need to display per row
$x = 0;
echo "<table border='1' align='center' width='100%'>";
// loop through users
while ($row = mysql_fetch_assoc($query_result))
{
$x++;
if ($x == 1) {
echo "<tr height='10'></tr><tr>";
}
$username = $row['username'];
$yob = $row['yob'];
$mob = $row['mob'];
$dob = $row['dob'];
$age = getage($yob, $mob, $dob);
$location = $row['location'];
$gender = $row['gender'];
$status = $row['status'];
$city = $row['city'];
$id = $row['id'];
echo "
<td align='center' width='120'><a href='profile.php?=$getid'><img src=store/$location width='120' border='0'></a></td><td>
<b><font face='arial' size='3'>
$username<br>
<font color='red'>Age:</font> $age<br>
<font color='red'>Gender:</font> $gender<br>
<font color='red'>Status:</font> $status<br><br>
$city<br>
<a href='profile.php?id=".$row['id']."'>$id</a><br>
<a href='messageuser.php'><font color='green'>Message me!</font></a>
</b>
</td>";
if ($x == $display_per_row) {
echo "</tr>";
$x=0;
}
}
echo '</table>';
function getage($year,$month,$day) {
$cyear = date('Y');
$cmon = date('m');
$cday = date('d');
$age = $cyear - $year;
if($cmon <= $month && $cday <= $day) {
$age--;
}
return $age;
}
//setup prev and next variables
$prev = $start - $per_page;
$next = $start + $per_page;
//show prev button
if (!($start<=0))
echo "<a href='index.php?start=$prev'>Prev</a> ";
//show page numbers
//set variable for first page
$i=1;
for ($x=0;$x<$record_count;$x=$x+$per_page)
{
if ($start!=$x)
echo " <a href='index.php?start=$x'>$i</a> ";
else
echo " <a href='index.php?start=$x'><b>$i</b></a> ";
$i++;
}
//show next button
if (!($start>=$record_count-$per_page))
echo " <a href='index.php?start=$next'>Next</a>";
?>
Re: /profile.php?id= does not work?
Posted: Wed Nov 25, 2009 2:40 pm
by superdezign
Firstly, clean all user input. $id is coming from the query string, and is thus user input and can be corrupted. Typecast it to an integer.
Secondly, all of those queries can be condensed into one. Turn this:
Code: Select all
$username = mysql_query("SELECT username FROM users WHERE id='$id'");
$firstname = mysql_query("SELECT firstname FROM users WHERE id='$id'");
$gender = mysql_query("SELECT gender FROM users WHERE id='$id'");
$city = mysql_query("SELECT city FROM users WHERE id='$id'");
$country = mysql_query("SELECT country FROM users WHERE id='$id'");
$birthdate = mysql_query("SELECT birthdate FROM users WHERE id='$id'");
$location = mysql_query("SELECT location FROM users WHERE id='$id'");
$status = mysql_query("SELECT status FROM users WHERE id='$id'");
$memberlevel = mysql_query("SELECT memberlevel FROM users WHERE id='$id'");
$aboutme = mysql_query("SELECT aboutme FROM users WHERE id='$id'");
Into this:
Code: Select all
$user = null;
$data = mysql_query("SELECT * FROM `users` WHERE `id`=" . (int)$id);
if (is_resource($data)) {
$user = mysql_fetch_object($data);
$username = $user->username;
$firstname = $user->firstname;
// ... etc.
}
And, instead of using "$usernamearray['username']", just use "$username" or "$user ->username."
Re: /profile.php?id= does not work?
Posted: Wed Nov 25, 2009 6:57 pm
by dsick
make sure you concatenating the id variable
that happens to me some times because i forgot to concatenate