Jump to content

JoeBrenan

Members
  • Posts

    15
  • Joined

  • Last visited

Posts posted by JoeBrenan

  1. Yeah this works! :D

     

    It pulls in the username from the URL then displays the data relating to the username from the database on the page, and have implemented the code into the view_profile.php.

     

    Thanks a lot, i know it was hard work but i learned a lot :)

     

    Now to create a friends system :P

     

    Happy Halloween!

  2. i posted both outputs, the first one was before you posted to edit this line '{$_GET['username']}'  4:57 - 5:09 on the previous page.

     

    either way i have now got the page to output the correct row from the database but need to store them as separate variables to call upon later.

     

    now im getting this as my output:

    Array
    (
    [0] => Array
    (
    [id] => 2
    [username] => Asuza
    [firstname] => test
    [lastname] => test
    [password] => 84f94225d0015af33e2a29e71b69db12ec50d98dfde48541d3ae2ec68bb0c746
    [salt] => 152a907b12b40692
    [email] => test@test.com
    [access_level] => 1
    )
    
    )
    
  3. Forget it dude. You are TOTALLY CLUELESS

     

    Some one else can deal with you.

     

     

    In your words "existing data"

     

    That is what I was asking you for. How in the world you couldn't understand that is beyond me.

     

     

     

    I am calling TROLL on this thread.

     

    ok, im sorry you feel this way, but i provided the array output in my second comment which shows the existing data in the array already.

     

     

     

    [0] => Array

    (

    [id] => 1

    [username] => test

    [firstname] => test

    [lastname] => test

    [password] => 5c73b9801c80c790e4c9b5bf0f55cdf84bea07baa3af1d778845427339d71e12

    [salt] => 4f0819657e64c9ed

    [email] => test@test.com

    [access_level] => 1

    )

     

    the above is the data from the database being pulled out, after i implemented the code you provided.

     

    thanks.

  4. Data dump please....

     

    view_profile.php:

    <?php 
    
     
    if(isset($_POST['$row'])) { 
    
    }
    
     
        require("common.php"); 
         
    t 
        if(empty($_SESSION['user'])) 
        { 
         
            header("Location: login.php"); 
             
    
            die("Redirecting to login.php"); 
        } 
         
    
    	
    
    $_GET['username']='someusername';
    
    $query = "SELECT id,
           username,
           firstname,
           lastname,
           password,
           salt,
           email,
           access_level
    FROM   users
    WHERE  username = '{$_GET['username']}' ";
    
    try
        {
        $stmt = $db->prepare($query);
        $stmt->execute();
        $result = $stmt->fetchAll();
        }
    catch (PDOException $ex)
        {
        die("Failed to run query: " . $ex->getMessage());
        }
    
    echo "<pre>";
    print_r($result);
    echo "</pre>";
    
    
    ?> 
    

    Common.php:

    <?php 
    
    
        $username = "root"; 
        $password = "password"; 
        $host = "localhost"; 
        $dbname = "members"; 
    
       
        $options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); 
         
        
        try 
        { 
            
            $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options); 
        } 
        catch(PDOException $ex) 
        { 
            
            die("Failed to connect to the database: " . $ex->getMessage()); 
        } 
         
       
        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
         
       
        $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 
         
       
        if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) 
        { 
            function undo_magic_quotes_gpc(&$array) 
            { 
                foreach($array as &$value) 
                { 
                    if(is_array($value)) 
                    { 
                        undo_magic_quotes_gpc($value); 
                    } 
                    else 
                    { 
                        $value = stripslashes($value); 
                    } 
                } 
            } 
         
            undo_magic_quotes_gpc($_POST); 
            undo_magic_quotes_gpc($_GET); 
            undo_magic_quotes_gpc($_COOKIE); 
        } 
         
        
        header('Content-Type: text/html; charset=utf-8'); 
         
        
        session_start(); 
    
       
  5. You need quotes around string values

     

    WHERE username = '{$_GET['username']}'

     

    I implemented this change and I am now getting this:

     

    Array

    (

    )

     

     

    Here is my database:

    CREATE TABLE IF NOT EXISTS `users` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `username` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
      `firstname` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
      `lastname` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
      `password` char(64) COLLATE utf8_unicode_ci NOT NULL,
      `salt` char(16) COLLATE utf8_unicode_ci NOT NULL,
      `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
      `nationalityid` varchar(128) COLLATE utf8_unicode_ci NOT NULL,
      `age` date NOT NULL,
      `access_level` int(2) NOT NULL DEFAULT '1',
      PRIMARY KEY (`id`),
      UNIQUE KEY `username` (`username`),
      UNIQUE KEY `email` (`email`)
    ) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=6 ;
    
  6. Post an sql dump of your DB. "someusername" needs to be an actual username in the database, not the name of the column. Forget the URL for now. The code I gave you has nothing to do with it.

    when I put "someusername" i get this error:

     

    Failed to run query: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'someusername' in 'where clause'

     

    Thanks.

  7. I have added your code and change "someusername" to username which is the column in the table, but it is outputting every row rather than the row with the username specified in the URL.

     

    the outputted result:

    Array
    (
        [0] => Array
            (
                [id] => 1
                [username] => test
                [firstname] => test
                [lastname] => test
                [password] => 5c73b9801c80c790e4c9b5bf0f55cdf84bea07baa3af1d778845427339d71e12
                [salt] => 4f0819657e64c9ed
                [email] => test@test.com
                [access_level] => 1
            )
    
        [1] => Array
            (
                [id] => 2
                [username] => Asuza
                [firstname] => test3
                [lastname] => test3
                [password] => 84f94225d0015af33e2a29e71b69db12ec50d98dfde48541d3ae2ec68bb0c746
                [salt] => 152a907b12b40692
                [email] => test3@test.com
                [access_level] => 1
            )
    
        [2] => Array
            (
                [id] => 3
                [username] => Test1
                [firstname] => Test1
                [lastname] => Test1
                [password] => f28b461db1ec030adfa725c6e87a6a287f0034ca973235c5a6b8821bee9aa228
                [salt] => 48fb0eab6179dccb
                [email] => Test1@test.com
                [access_level] => 1
            )
    
    )
    

    Thanks.

  8. Hey, 
     
    I am trying to output a row from my database using PDO where the username is the same as one that I have pulled from the URL,
     
    my URL reads: "http://localhost/view_profile.php?username=test\"
     
    On the view profile_page.php I am storing the username in $username by using $username = $_GET["username"];
     
    now I want to use a SELECT to retrieve and save the data relating to the username found in the URL.
     
    I am struggling to get this to work, the page is already linked to the database any help would be appreciated.
     
    Thanks.
     

    
     <?php
     
    if(isset($_POST['$row'])) { 
        // check if the username has been set
    }
     
        // First we execute our common code to connection to the database and start the session 
        require("common.php"); 
         
        // At the top of the page we check to see whether the user is logged in or not 
        if(empty($_SESSION['user'])) 
        { 
            // If they are not, we redirect them to the login page. 
            header("Location: login.php"); 
             
            // Remember that this die statement is absolutely critical.  Without it, 
            // people can view your members-only content without logging in. 
            die("Redirecting to login.php"); 
        } 
         
        // Everything below this point in the file is secured by the login system 
         
        // We can display the user's username to them by reading it from the session array.  Remember that because 
        // a username is user submitted content we must use htmlentities on it before displaying it to the user. 
     
    $username = $_GET["username"];
     
          $query = " 
            SELECT 
                id, 
                username,
                firstname,
                lastname, 
                password, 
                salt, 
                email, 
                access_level 
            FROM users
    WHERE username = $username 
        "; 
         
        try 
        { 
            // These two statements run the query against your database table. 
            $stmt = $db->prepare($query); 
            $stmt->execute(); 
        } 
        catch(PDOException $ex) 
        { 
            // Note: On a production website, you should not output $ex->getMessage(). 
            // It may provide an attacker with helpful information about your code.  
            die("Failed to run query: " . $ex->getMessage()); 
        } 
             
        // Finally, we can retrieve all of the found rows into an array using fetchAll 
        $rows = $stmt->fetchAll(); 
     
    ?>
    
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.