TheFreak Posted July 9, 2008 Share Posted July 9, 2008 I am trying to print a list of users and when someone clicks on the username i want to show him the profile of that username.I am using showprofile.php?ID=username and in the showprofile.php i am using $_GET['username'] along with $_POST['username'] as profile can be viewed by searching too.It is working fine when i search a username but whenever i try to see profile from the list it says "Username not found". Here is a peice of my profileform.php (It shows the profile of the person) <?php //Connect to mysql server include 'connect.php'; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $search= $_GET['ID']; $search = clean($_POST['search']); $qry = "SELECT * FROM battle_users WHERE cname='$search'"; $result = mysql_query($qry); if($result) { $result_array = mysql_fetch_assoc($result); if($result_array > 0) { include "side.php"; print "</td>"; print "<td valign='top' width=70%>"; print "<table class='maintable'><tr class='headline'><td><center>View Profile</center></td></tr>"; print "<tr class='mainrow'><td>"; print "<br> Character's Profile <br> <br><br>"; ?> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <center><h2><?php print $result_array["cname"]; ?></h2> </center> <tr> <th> Character's Name :-</th> <td><?php print $result_array["cname"]; ?></td> </tr> <tr> <th> Rank :-</th> <td><?php if($result_array["rank"] == 0){$result_array["rank"] = "Unranked";} print $result_array["rank"]; ?></td> </tr> Here is rank.php ( It shows the list of players ) <?php include "side.php"; print "</td>"; print "<td valign='top' width=70%>"; print "<table class='maintable'><tr class='headline'><td><h3><center>Rank<center></h4></td></tr>"; print "<tr class='mainrow'><td>"; print "<br>Chatacter's Name <br><td>Rank</td>"; $getaddress="SELECT * FROM battle_users ORDER BY rank ASC"; $getaddress2=mysql_query($getaddress) or die("Could not get address"); while($getaddress3=mysql_fetch_array($getaddress2)) { if($getaddress3[rank]== 0) { $getaddress3[rank]= "Unranked"; } print "<tr class='mainrow'><td><a href='profileform.php?ID=$getaddress3[cname]'>$getaddress3[cname]</a></td><td>$getaddress3[rank]</td></tr>"; } print "</table>"; print "</td></tr></table>"; ?> Quote Link to comment Share on other sites More sharing options...
Wolphie Posted July 9, 2008 Share Posted July 9, 2008 You're re-declaring $search, thus replacing the value of it. If somebody has used the GET method, that value will be stored and then replaced by a POST method which will contain no value at all. Try this: <?php //Connect to mysql server include 'connect.php'; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } if(isset($_GET['ID'])) { $search = clean($_GET['ID']); } else if(isset($_POST['search'])) { $search = clean($_POST['search']); } $qry = "SELECT * FROM battle_users WHERE cname='$search'"; $result = mysql_query($qry); if($result) { $result_array = mysql_fetch_assoc($result); if($result_array > 0) { include "side.php"; print "</td>"; print "<td valign='top' width=70%>"; print "<table class='maintable'><tr class='headline'><td><center>View Profile</center></td></tr>"; print "<tr class='mainrow'><td>"; print "<br> Character's Profile <br> <br><br>"; ?> <table width="300" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <center><h2><?php print $result_array["cname"]; ?></h2> </center> <tr> <th> Character's Name :-</th> <td><?php print $result_array["cname"]; ?></td> </tr> <tr> <th> Rank :-</th> <td><?php if($result_array["rank"] == 0){$result_array["rank"] = "Unranked";} print $result_array["rank"]; ?></td> </tr> Bear in mind you also need to sanitize GET data too! Quote Link to comment Share on other sites More sharing options...
TheFreak Posted July 9, 2008 Author Share Posted July 9, 2008 Oh yes,how could i not get this,Thanks man and yes ill do it..Thanks for that too Quote Link to comment Share on other sites More sharing options...
Wolphie Posted July 9, 2008 Share Posted July 9, 2008 Remember to hit "Topic Solved"! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.