tags:

views:

46

answers:

4
+1  Q: 

Use PHP to link to user profile

I want my php query to display the user name with a link to the user profile.

<?php

$get_items = "SELECT * FROM items WHERE category='test'";
$result = mysql_query($get_items);

while($item = mysql_fetch_array($result, MYSQL_ASSOC)){
    $creator = $item['created_by'];
     echo "<b>Seller: </b>"."<a href='userprof.php?id=$creator'>$creator</a>";  
    }
?>

Clicking on this link takes it to a user profile page that I created. But I want "userprof.php?id=$creator" to know which user to display the account information. Is this the best way to do this? How can I read the url and display the correct information?

+2  A:  
<?php
$userId = $_GET['id'];
$sql = "SELECT * FROM user WHERE id = " . intval($userId);
$result = mysql_query($sql);
...
Matt Williamson  2010-09-10 20:47:24
edited in order to prevent SQL injection
Col. Shrapnel  2010-09-10 20:59:25
I think something is wrong with my while loop. <?php $userId = $_GET['id']; echo "<div class=\"item_list\">"; $sql = "SELECT * FROM user WHERE id = " . intval($userId); $result = mysql_query($sql); while($userid = mysql_fetch_array($result, MYSQL_ASSOC)){ echo "<b>Title: </b>" . $item['item'] . "<br/><b>Email: </b>". $item['email'] . "<br/>"; echo "<b>Price: </b>" . $item['price'] . "</b><br/> <b>Category: </b>". $item['category'] . "</b><br/> <b>Extra: </b>". ($item['extra'] . "</b><br/><b>Date Listed: </b>". $item['date'] ); }
tim  2010-09-10 22:46:19
You're not assigning anything to item. Try changing it to `while($item = mysql_fetch_array($result, MYSQL_ASSOC)){`
Matt Williamson  2010-09-13 05:07:56
A: 

You are sending a GET variable.

$id = $_GET['id']; // Contains whatever was in $creator;
Josh K  2010-09-10 20:47:59
A: 

use $_GET for getting the variable from the URL. like in your code you want to access the user profile then get the user id from url like

http://localhost/test/user_profile.php?uid=2

here in the url uid is 2 thet is your userid. you can get this id by using the code

$user_id = $_GET['uid'];

use this variable in your query.

Ricky Dang  2010-09-11 05:50:14
A: 

OMG!! HORRIBLE PHP ABOUNDS! IT HURTS MY EYES!!

These people, none of them did both of the correct things:

  1. ALWAYS FILTER USER INPUT!!
  2. NEVER TRUST PHP ESCAPE FUNCTIONS, ESP NOT intval() and addslashes()!!
  3. EVEN mysql_real_escape_string() HAS VULNERABILITIES AND SHOULD NEVER BE USED.
  4. You should used prepared statements for everything in 2010.

Here it is the proper way:

<?php
if (!filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT))
{
    trigger_error('Invalid User ID. It must be an integer (number).', PHP_USER_ERROR);
    exit;
}

$userId = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$sql = "SELECT * FROM user WHERE id = ?";

$pdo = new PDO('mysql:host=localhost;db=mydb', $dbUsername, $dbPassWord);
$statement = $pdo->prepare($sql);
$statement->execute(array($userId));

$result = $statement->fetch(PDO::FETCH_ASSOC);

That is 100% secure. I hope people neither vote me down nor tone down my answer. Bad code is so systemic, we just have to shout from the rooftops until the new guys start learning it correctly, otherwise PHP as a professional language is seriously harmed.

hopeseekr  2010-09-14 16:15:41

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?