Help With members profile/control panel

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tecmeister
Forum Newbie
Posts: 4
Joined: Tue Jan 22, 2008 4:22 pm

Help With members profile/control panel

Post by tecmeister »

Hi,

Im trying to create a members profile page so that they can see their details.

This is the script that i using on profile.php;

Code: Select all

 
<?
 
$dbhost = "localhost";
$dbname = "********;
$dbuser = "*********";
$dbpass = "********";
 
mysql_connect ($dbhost,$dbuser,$dbpass)or die("Could not connect:".mysql_error());
mysql_select_db($dbname)or die(mysql_error());
 
/*Retrieve the data*/
$id = $_GET['id'];
$q = mysql_query("SELECT * FROM members WHERE id = '$id'");
$data = mysql_fetch_array($q);
/*To display the data*/
echo "Username: ".$data['username'];
echo "<br>";
echo "Name: ".$data['name'];
echo "<br>";
echo "E-Mail: ".$data['email'];
echo "<br>";
echo "Company: ".$data['company'];
echo "<br>";
echo "Address 1: ".$data['address1'];
echo "<br>";
echo "Address 2: ".$data['address2'];
echo "<br>";
echo "City: ".$data['city'];
echo "<br>";
echo "County: ".$data['email'];
echo "<br>";
echo "Post Code: ".$data['postal'];
echo "<br>";
echo "Phone Number: ".$data['phonenumber'];
echo "<br>";
echo "Mobile Number: ".$data['mobilenumber'];
echo "<br>";
 
?>
 
This is what im getting:

Code: Select all

 
Username:
Name:
E-Mail:
Company:
Address 1:
Address 2:
City:
County:
Post Code:
Phone Number:
Mobile Number: 
 
What do i need to do to display the info of the member?

Thanks for your help,

tecmeister
LSJason
Forum Commoner
Posts: 45
Joined: Mon May 12, 2008 4:43 pm

Re: Help With members profile/control panel

Post by LSJason »

First of all, that's TERRIBLY insecure. What if my "ID" was '; DELETE * FROM `table` WHERE '1' = '1...you'd be dead in the water.

The primary reason for your problem, past that, is that you query is returning no data to display. Try echoing the SQL statement and running it in PHPMyAdmin or some other SQL manager.
tecmeister
Forum Newbie
Posts: 4
Joined: Tue Jan 22, 2008 4:22 pm

Re: Help With members profile/control panel

Post by tecmeister »

Im a total newbie, i got that script from someone on a forum.

Please will you be able to write a new script for me.

Thanks for your help
LSJason
Forum Commoner
Posts: 45
Joined: Mon May 12, 2008 4:43 pm

Re: Help With members profile/control panel

Post by LSJason »

I charge $35 per hour for my programming services. If you are interested in hiring me for your programming needs, please PM me.
tecmeister
Forum Newbie
Posts: 4
Joined: Tue Jan 22, 2008 4:22 pm

Re: Help With members profile/control panel

Post by tecmeister »

LSJason wrote:I charge $35 per hour for my programming services. If you are interested in hiring me for your programming needs, please PM me.

No thanks i think that i will just have to figure it out my self.
hansford
Forum Commoner
Posts: 91
Joined: Mon May 26, 2008 12:38 am

Re: Help With members profile/control panel

Post by hansford »

Jason is right about the security issue. You might be just learning-we all are, but might as well learn to do it right before we let some hack bring down you or your employers entire database.

Try using a while loop and build a $query string.

$query = "SELECT * FROM members WHERE id = '$id'";
$q = mysql_query($query);
while($data = mysql_fetch_array($q)){

echo "Username: ".$data['username'];
echo "<br>";
echo "Name: ".$data['name'];
echo "<br>";
echo "E-Mail: ".$data['email'];
echo "<br>";
echo "Company: ".$data['company'];
echo "<br>";
echo "Address 1: ".$data['address1'];
echo "<br>";
echo "Address 2: ".$data['address2'];
echo "<br>";
echo "City: ".$data['city'];
echo "<br>";
echo "County: ".$data['email'];
echo "<br>";
echo "Post Code: ".$data['postal'];
echo "<br>";
echo "Phone Number: ".$data['phonenumber'];
echo "<br>";
echo "Mobile Number: ".$data['mobilenumber'];
echo "<br>";
}
LSJason
Forum Commoner
Posts: 45
Joined: Mon May 12, 2008 4:43 pm

Re: Help With members profile/control panel

Post by LSJason »

The problem wouldn't be with that. The query seems to be designed to only pull one result, so a loop is useless. The code itself appears to be right, but the query is returning nothing.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Help With members profile/control panel

Post by VladSun »

LSJason wrote:What if my "ID" was '; DELETE * FROM `table` WHERE '1' = '1...you'd be dead in the water.
mysql_query() sends an unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified link_identifier .
Though, I must agree that hansford's code is insecure.
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply