Jump to content

[SOLVED] $_GET not responding

TheFreak

By TheFreak
in PHP Coding Help

 Share

Recommended Posts

TheFreak Member

TheFreak

Posted
Posted

I am trying to print a list of users and when someone clicks on the username i want to show him the profile of that username.I am using showprofile.php?ID=username and in the showprofile.php i am using $_GET['username'] along with $_POST['username'] as profile can be viewed by searching too.It is working fine when i search a username but whenever i try to see profile from the list it says "Username not found".

 

Here is a peice of my profileform.php (It shows the profile of the person)

 

<?php

//Connect to mysql server
      include 'connect.php';

   	//Function to sanitize values received from the form. Prevents SQL injection
   function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

         $search= $_GET['ID'];
                 
	$search = clean($_POST['search']);
       	$qry = "SELECT * FROM battle_users WHERE cname='$search'";
$result = mysql_query($qry);
if($result) {
	$result_array = mysql_fetch_assoc($result);
	if($result_array > 0) {
                 include "side.php";
   print "</td>";
   print "<td valign='top' width=70%>";
   print "<table class='maintable'><tr class='headline'><td><center>View Profile</center></td></tr>";
   print "<tr class='mainrow'><td>";
   print "<br>   Character's Profile  <br>   <br><br>";  ?>

	<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
    <center><h2><?php print $result_array["cname"]; ?></h2>
    </center>
    <tr>
      <th>  Character's Name :-</th>
      <td><?php print $result_array["cname"]; ?></td>
    </tr>
    <tr>
      <th>  Rank :-</th>
      <td><?php if($result_array["rank"] == 0){$result_array["rank"] = "Unranked";}
print $result_array["rank"]; ?></td>
    </tr>

 

Here is rank.php ( It shows the list of players )

 

<?php
  include "side.php";
   print "</td>";
   print "<td valign='top' width=70%>";
   print "<table class='maintable'><tr class='headline'><td><h3><center>Rank<center></h4></td></tr>";
   print "<tr class='mainrow'><td>";
   print "<br>Chatacter's Name <br><td>Rank</td>";

    $getaddress="SELECT * FROM battle_users ORDER BY rank ASC";
   $getaddress2=mysql_query($getaddress) or die("Could not get address");
   
   while($getaddress3=mysql_fetch_array($getaddress2))
   {
if($getaddress3[rank]== 0)
   {
  $getaddress3[rank]= "Unranked";
}
      print "<tr class='mainrow'><td><a href='profileform.php?ID=$getaddress3[cname]'>$getaddress3[cname]</a></td><td>$getaddress3[rank]</td></tr>";
   }
   print "</table>";

   print "</td></tr></table>";
  ?>

Link to comment
Share on other sites
Wolphie Member

Wolphie

Posted
Posted

You're re-declaring $search, thus replacing the value of it. If somebody has used the GET method, that value will be stored and then replaced by a POST method which will contain no value at all.

 

Try this:

<?php

//Connect to mysql server
      include 'connect.php';

   	//Function to sanitize values received from the form. Prevents SQL injection
   function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

                
        if(isset($_GET['ID'])) {
                  $search = clean($_GET['ID']); 
                }
                else if(isset($_POST['search'])) {
                  $search = clean($_POST['search']);
                }
                 
       	$qry = "SELECT * FROM battle_users WHERE cname='$search'";
$result = mysql_query($qry);
if($result) {
	$result_array = mysql_fetch_assoc($result);
	if($result_array > 0) {
                 include "side.php";
   print "</td>";
   print "<td valign='top' width=70%>";
   print "<table class='maintable'><tr class='headline'><td><center>View Profile</center></td></tr>";
   print "<tr class='mainrow'><td>";
   print "<br>   Character's Profile  <br>   <br><br>";  ?>

	<table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
    <center><h2><?php print $result_array["cname"]; ?></h2>
    </center>
    <tr>
      <th>  Character's Name :-</th>
      <td><?php print $result_array["cname"]; ?></td>
    </tr>
    <tr>
      <th>  Rank :-</th>
      <td><?php if($result_array["rank"] == 0){$result_array["rank"] = "Unranked";}
print $result_array["rank"]; ?></td>
    </tr>

 

Bear in mind you also need to sanitize GET data too!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.