Page 1 of 1

user id in URL

Posted: Fri May 11, 2007 3:25 pm
by mozartmatt
i think this is a bit of a newbie question but i'm not sure what is best to do:

I want to load a specific members profile information from a database... and i can already get to the info by passing an id in the url eg: /profile.php?id=1

i'm not sure how to get the correct id for the user in the first place - and i think i'm being really dumb with this one! can anyone suggest an answer?

i thought of creating a global variable $_SESSION['username'] to use this in a mysql query for example, i got it to work but i dont know if a. it's very secure, and b. there's a much simpler solution that i've not thought of:

Code: Select all

//On the sign in page
$email = $_POST['email'];
$_SESSION['username'] = $email;

//On any other page - To set up the right link
$username = $_SESSION['username'];

$sql = mysql_query("SELECT `id` FROM `users` WHERE `username`= {$username} LIMIT 1");
thanks!

Posted: Fri May 11, 2007 3:51 pm
by guitarlvr
passing the user ID via $_SESSION is a lot more secure than passing via $_GET (in url). You can validate a user ID with MySQL or any other database that you use to store the ID's in by simply doing a SELECT statement.

Wayne

Posted: Fri May 11, 2007 4:18 pm
by mozartmatt
cool thanks wayne!