4 Replies - 264 Views - Last Post: 14 July 2013 - 06:52 AM Rate Topic: -----

#1 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

User profile id

Posted 14 July 2013 - 03:17 AM

Hello, I want each user has his own profile. I mean like, I can see others profile. For example, this is a test web site: http://test.test.org/profile.php?id=12, my problem is when I login with a account and change the id to 1 for example it still shows my current profile. How can I make it when the user change the id to 1 or whatever, then transfer him to his profile? Here is my profile script:

<?php
session_start();
$connect = mysql_connect("localhost", "********", "**********");
$db = mysql_select_db("********");

$user = $_SESSION['username'];
$desc = $_GET['desc'];
$id = $_GET['id'];
if($user&&$id){
	$check = mysql_query("SELECT * FROM users2 WHERE id ='$id'");
	$checknum = mysql_num_rows($check);
	if($checknum==1){
		echo "Account: <b>".$user."</b><p></p>";
		
		echo "<table border='4'><tr>
		<th>Account settings</th>
		</tr>
		<tr>
		<td><b><font color='blue'><center><p><a href='http://*****.*****.org/changepass2.php'>Change password</a></center><p></font></b></td>
		</tr>
		
		<tr>
		<td><b><font color='blue'><center><p><a href='http://*****.*****.org/description.php'>Add description</a></center><p></font></b></td>
		</tr>
		
		<tr>
		<td><b><center><p>Delect account<font color='red'> Under construction!</center><p></font></b></td>
		</tr>
		
		</table>";
		
		echo "<p><p><a href='http://*****.*****.org/member.php'>Back to members page</a>";
		
		$query = mysql_query("SELECT * FROM users2 WHERE username ='$user'");
		while($row = mysql_fetch_array($query)) {


		  echo "<p><p>Your profile description is: <b><p>".$row['desc'] . "<br />";

		  }
	}else{
	die("Invalid user account!");
}	
}else{
	die("You must be logged in to see your profile or invalid user ID!");
}

?>




Examples:

Attached Image

Now I've changed the ID and see what happens:

Attached Image


Any help is appriciated :)

Is This A Good Question/Topic? 0
  • +

Replies To: User profile id

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3637
  • View blog
  • Posts: 5,766
  • Joined: 08-June 10

Re: User profile id

Posted 14 July 2013 - 03:57 AM

You are always echoing the user name from the session. You execute a query based on the ID passed through the query string, but don't do anything with it. - If you want to show data based on the ID in the query string, you must fetch data from the database based on that, not just show what's in the session.

A couple of more things you should look into:

  • Your code is wide open to SQL Injection. That's a huge problem that you should investigate immediately.

  • The mysql_* functions are deprecated and should not be used any more. Use either the MySQLi extension or the PDO extensions instead. - We have a great tutorial on PDO right here on DIC: Introduction to PDO.

  • Always make sure input values exist before using them.
    // DO NOT DO THIS!
    $id = $_GET["id"];
    if ($id) {
        // Do stuff with $id
    }
    
    // Instead, do this.
    if (isset($_GET["id"])) {
        // Do stuff with $_GET["id"].
    }
    
    

    Copying $_GET["id"] into $id without validation and sanitation is a bad idea. Just leave it in the $_GET array and use it from there.

Was This Post Helpful? 0
  • +
  • -

#3 andrewsw  Icon User is offline

  • Fire giant boob nipple gun!
  • member icon

Reputation: 2891
  • View blog
  • Posts: 9,599
  • Joined: 12-December 12

Re: User profile id

Posted 14 July 2013 - 04:07 AM

BTW The font and center tags are obsolete, and have been for a long time. If you found this script you need to find a more up-to date one, or a more up-to date tutorial.

This post has been edited by andrewsw: 14 July 2013 - 04:08 AM

Was This Post Helpful? 0
  • +
  • -

#4 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Re: User profile id

Posted 14 July 2013 - 05:10 AM

View PostAtli, on 14 July 2013 - 03:57 AM, said:

You are always echoing the user name from the session. You execute a query based on the ID passed through the query string, but don't do anything with it. - If you want to show data based on the ID in the query string, you must fetch data from the database based on that, not just show what's in the session.

A couple of more things you should look into:

  • Your code is wide open to SQL Injection. That's a huge problem that you should investigate immediately.

  • The mysql_* functions are deprecated and should not be used any more. Use either the MySQLi extension or the PDO extensions instead. - We have a great tutorial on PDO right here on DIC: Introduction to PDO.

  • Always make sure input values exist before using them.
    // DO NOT DO THIS!
    $id = $_GET["id"];
    if ($id) {
        // Do stuff with $id
    }
    
    // Instead, do this.
    if (isset($_GET["id"])) {
        // Do stuff with $_GET["id"].
    }
    
    

    Copying $_GET["id"] into $id without validation and sanitation is a bad idea. Just leave it in the $_GET array and use it from there.


I did

if($user&&isset($_GET["id"])){
//etc
}



Again, when I change the id to a another id it shows again the same profile
Was This Post Helpful? 0
  • +
  • -

#5 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 5960
  • View blog
  • Posts: 23,238
  • Joined: 23-August 08

Re: User profile id

Posted 14 July 2013 - 06:52 AM

If you want to be a programmer and repeatedly ask for help, you need to learn how to read and use the answers provided. This was done for you in the first response from Atli, which is quoted here:

Quote

You are always echoing the user name from the session. You execute a query based on the ID passed through the query string, but don't do anything with it. - If you want to show data based on the ID in the query string, you must fetch data from the database based on that, not just show what's in the session.

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1