user id in URL

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mozartmatt
Forum Newbie
Posts: 8
Joined: Wed May 02, 2007 2:39 pm

user id in URL

Post by mozartmatt »

i think this is a bit of a newbie question but i'm not sure what is best to do:

I want to load a specific members profile information from a database... and i can already get to the info by passing an id in the url eg: /profile.php?id=1

i'm not sure how to get the correct id for the user in the first place - and i think i'm being really dumb with this one! can anyone suggest an answer?

i thought of creating a global variable $_SESSION['username'] to use this in a mysql query for example, i got it to work but i dont know if a. it's very secure, and b. there's a much simpler solution that i've not thought of:

Code: Select all

//On the sign in page
$email = $_POST['email'];
$_SESSION['username'] = $email;

//On any other page - To set up the right link
$username = $_SESSION['username'];

$sql = mysql_query("SELECT `id` FROM `users` WHERE `username`= {$username} LIMIT 1");
thanks!
User avatar
guitarlvr
Forum Contributor
Posts: 245
Joined: Wed Mar 21, 2007 10:35 pm

Post by guitarlvr »

passing the user ID via $_SESSION is a lot more secure than passing via $_GET (in url). You can validate a user ID with MySQL or any other database that you use to store the ID's in by simply doing a SELECT statement.

Wayne
mozartmatt
Forum Newbie
Posts: 8
Joined: Wed May 02, 2007 2:39 pm

Post by mozartmatt »

cool thanks wayne!
Post Reply