Page 1 of 1

Help With members profile/control panel

Posted: Thu May 29, 2008 9:15 am
by tecmeister
Hi,

Im trying to create a members profile page so that they can see their details.

This is the script that i using on profile.php;

Code: Select all

 
<?
 
$dbhost = "localhost";
$dbname = "********;
$dbuser = "*********";
$dbpass = "********";
 
mysql_connect ($dbhost,$dbuser,$dbpass)or die("Could not connect:".mysql_error());
mysql_select_db($dbname)or die(mysql_error());
 
/*Retrieve the data*/
$id = $_GET['id'];
$q = mysql_query("SELECT * FROM members WHERE id = '$id'");
$data = mysql_fetch_array($q);
/*To display the data*/
echo "Username: ".$data['username'];
echo "<br>";
echo "Name: ".$data['name'];
echo "<br>";
echo "E-Mail: ".$data['email'];
echo "<br>";
echo "Company: ".$data['company'];
echo "<br>";
echo "Address 1: ".$data['address1'];
echo "<br>";
echo "Address 2: ".$data['address2'];
echo "<br>";
echo "City: ".$data['city'];
echo "<br>";
echo "County: ".$data['email'];
echo "<br>";
echo "Post Code: ".$data['postal'];
echo "<br>";
echo "Phone Number: ".$data['phonenumber'];
echo "<br>";
echo "Mobile Number: ".$data['mobilenumber'];
echo "<br>";
 
?>
 
This is what im getting:

Code: Select all

 
Username:
Name:
E-Mail:
Company:
Address 1:
Address 2:
City:
County:
Post Code:
Phone Number:
Mobile Number: 
 
What do i need to do to display the info of the member?

Thanks for your help,

tecmeister

Re: Help With members profile/control panel

Posted: Thu May 29, 2008 9:29 am
by LSJason
First of all, that's TERRIBLY insecure. What if my "ID" was '; DELETE * FROM `table` WHERE '1' = '1...you'd be dead in the water.

The primary reason for your problem, past that, is that you query is returning no data to display. Try echoing the SQL statement and running it in PHPMyAdmin or some other SQL manager.

Re: Help With members profile/control panel

Posted: Thu May 29, 2008 9:48 am
by tecmeister
Im a total newbie, i got that script from someone on a forum.

Please will you be able to write a new script for me.

Thanks for your help

Re: Help With members profile/control panel

Posted: Thu May 29, 2008 2:28 pm
by LSJason
I charge $35 per hour for my programming services. If you are interested in hiring me for your programming needs, please PM me.

Re: Help With members profile/control panel

Posted: Thu May 29, 2008 6:32 pm
by tecmeister
LSJason wrote:I charge $35 per hour for my programming services. If you are interested in hiring me for your programming needs, please PM me.

No thanks i think that i will just have to figure it out my self.

Re: Help With members profile/control panel

Posted: Thu May 29, 2008 10:45 pm
by hansford
Jason is right about the security issue. You might be just learning-we all are, but might as well learn to do it right before we let some hack bring down you or your employers entire database.

Try using a while loop and build a $query string.

$query = "SELECT * FROM members WHERE id = '$id'";
$q = mysql_query($query);
while($data = mysql_fetch_array($q)){

echo "Username: ".$data['username'];
echo "<br>";
echo "Name: ".$data['name'];
echo "<br>";
echo "E-Mail: ".$data['email'];
echo "<br>";
echo "Company: ".$data['company'];
echo "<br>";
echo "Address 1: ".$data['address1'];
echo "<br>";
echo "Address 2: ".$data['address2'];
echo "<br>";
echo "City: ".$data['city'];
echo "<br>";
echo "County: ".$data['email'];
echo "<br>";
echo "Post Code: ".$data['postal'];
echo "<br>";
echo "Phone Number: ".$data['phonenumber'];
echo "<br>";
echo "Mobile Number: ".$data['mobilenumber'];
echo "<br>";
}

Re: Help With members profile/control panel

Posted: Fri May 30, 2008 5:52 am
by LSJason
The problem wouldn't be with that. The query seems to be designed to only pull one result, so a loop is useless. The code itself appears to be right, but the query is returning nothing.

Re: Help With members profile/control panel

Posted: Fri May 30, 2008 6:07 am
by VladSun
LSJason wrote:What if my "ID" was '; DELETE * FROM `table` WHERE '1' = '1...you'd be dead in the water.
mysql_query() sends an unique query (multiple queries are not supported) to the currently active database on the server that's associated with the specified link_identifier .
Though, I must agree that hansford's code is insecure.