Jump to content

Trying to veiw other members


farban

Recommended Posts

Got a userlists.php script that paginates all the users of a site. When clicking on view profile on a user it will direct to a veiwprofile.php which will display all the info of that user. I cant explain very well in detail but i want it so that the url represents the user id so that the veiwprofile.php page is dynamic and it will show the user that was selected from the userlist.php page.

 

i have this so far but when i click on view profile all i get is a blank page

userlist.php

 

 <tr><td><a href='viewprofile.php?='".$id."'>View Profile</a></tr></td>

 

viewprofile.php

 

<?php
session_start();

if (!isset($_SESSION['user_id'])) {


	$url = absolute_url();
	header("Location: $url");

	exit();



}

include("includes/start.php");
require_once("includes/_connect.inc.php");


if (isset($_GET['user_id'])) {	

 $q = " SELECT 
   
   user.user_first_name,
   user.user_surname,
   user.user_photo,
   user.user_age,
   user.user_sex,
   user.user_city,
   user.user_home_phone,
   user.user_mobile_phone,
   user.user_profession,
   user.user_specialist_area,
   user.user_email,
   user.user_password,
   user.user_username


FROM


user

WHERE user.user_id= '".$_GET['user_id']."'";

$result = @mysqli_query($dbc, $q);

if ($result) {



	while ($row =mysqli_fetch_array($result, MYSQLI_ASSOC)) {

	 echo "<table class='pictable'>


  <tr>
  <td><img src='images/".$row[user_photo]."' width='100%' height='100%'></img></td>  </tr></table>
  <table class='profiletable'>
	   <tr><td>First Name</td> <td>".$row[user_first_name]."</td>  </tr>
	  <tr><td>Surname</td> <td>".$row[user_surname]."</td></tr>
	 <tr><td>Age</td> <td>".$row[user_age]."</td></tr>
	  <tr><td>Email</td> <td>".$row[user_email]."</td></tr>
	  <tr><td>Sex</td> <td>".$row[user_sex]."</td></tr>
	    <tr><td>City</td><td>".$row[user_city]."</td></tr>
	  <tr><td>Home Phone</td> <td>".$row[user_home_phone]."</td></tr>
	  <tr><td>Mobile Phone</td> <td>".$row[user_mobile_phone]."</td></tr>
	  <tr><td>Profession</td> <td>".$row[user_profession]."</td></tr>
	  <tr><td>Specialist area</td> <td>".$row[user_specialist_area]."</td></tr>


	  </table>";
	  
	  }
	  if (isset($_SESSION ['user_id']))  {
	  	echo "<div class='usereditprofile'><a href='editprofile.php'>Edit Profile</a></div>";
	  }


	  
	  mysqli_free_result($result);
	  
	  }
}
	  
	  











include("includes/footer.php");
?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/149851-trying-to-veiw-other-members/
Share on other sites

1st this won't work:

<tr><td><a href='viewprofile.php?='".$id."'>View Profile</a></tr></td>

Should be.

<tr><td><a href='viewprofile.php?=<?php echo $id; ?>' >View Profile</a></tr></td>

you need to break into php and then back out.

 

Also you should be screening your incoming variables like $_GET for sql injection, least they sabotage you and delete your database.

ill post up the code for the userlist.php

 

<?php
session_start();

if (!isset($_SESSION['user_id'])) {


	$url = absolute_url();
	header("Location: $url");

	exit();



}

include("includes/start.php");
require_once("includes/_connect.inc.php");

echo "<h1>The user list</h1><p>Listing the members of the site</p>";
$id = $_GET['user_id'];
$display= 2;

if (isset($_GET['p']) && is_numeric($_GET['p'])) {


	$pages = $_GET['p'];

}

else	{

	$q = " SELECT COUNT(user_id) FROM user";

	$result = @mysqli_query($dbc, $q);

	$row = mysqli_fetch_array($result, MYSQLI_NUM);

	$records = $row [0];


	if ($records > $display) {

		$pages = ceil ($records/$display);

	}

	else  {

		$pages= 2;

	}

}

if (isset($_GET['s']) && is_numeric ($_GET['s'])) {

	$start =$_GET['s'];

} 	else {

$start =0;

}

 $q = " SELECT 
   
   user.user_first_name,
   user.user_surname,
   user.user_photo,
   user.user_age,
   user.user_sex,
   user.user_city,
   user.user_home_phone,
   user.user_mobile_phone,
   user.user_profession,
   user.user_specialist_area,
   user.user_email,
   user.user_password,
   user.user_username

   FROM
   user
   ORDER BY 
   user.user_id
  ASC LIMIT $start, $display";
  
  $result = @mysqli_query($dbc, $q)or die("Error: ".mysqli_error($dbc));

  while ($row =mysqli_fetch_array($result, MYSQLI_ASSOC)) {



	 echo "<div class='userlist'><table class='pictable'>


  <tr>
  <td><img src='images/".$row[user_photo]."' width='100%' height='100%'></img></td>  </tr></table>
  <table class='profiletable'>
	   <tr><td>First Name</td> <td>".$row[user_first_name]."</td>  </tr>
	  <tr><td>Surname</td> <td>".$row[user_surname]."</td></tr>
	 <tr><td>Age</td> <td>".$row[user_age]."</td></tr>
	  <tr><td>Email</td> <td>".$row[user_email]."</td></tr>
	  <tr><td>Sex</td> <td>".$row[user_sex]."</td></tr>
	    <tr><td>City</td><td>".$row[user_city]."</td></tr>
	  <tr><td>Home Phone</td> <td>".$row[user_home_phone]."</td></tr>
	  <tr><td>Mobile Phone</td> <td>".$row[user_mobile_phone]."</td></tr>
	  <tr><td>Profession</td> <td>".$row[user_profession]."</td></tr>
	  <tr><td>Specialist area</td> <td>".$row[user_specialist_area]."</td></tr>
	  <tr><td><a href='viewprofile.php?='".$id."'>View Profile</a></tr></td>
</table></div>";
	  
	  }

	  mysqli_free_result($result);
	  mysqli_close($dbc);
	  
	  if ($pages > 1) {
		  
		  echo'<div class="userlinklist"><p>';
		  
		  $current_page =($start/$display) +1;
		  
		  if ($current_page !=1) {
			  
			  echo '<a href="userlist.php?s='.($start - $display).'&p='.$pages.'">Previous</a>';
			  
		  }
		  
		  
		  for ($i =1; $i <= $pages; $i++) {
			  if ($i !=$current_page) {
				  
				  echo ',<a href="userlist.php?s='.(($display * ($i -1))).'&p='.$pages.'">'.$i.'</a>,';

			  }
			  
			  else {  
				  
				  echo $i.'';
				  
			  }
		  }
		  
		  
		  if ($current_page !=$pages) {
			  
			  echo '<a href="userlist.php?s='.($start + $display).'&p'.$pages.'">Next</a>';
			  
			  
		  }
		  
		  echo '</p></div>';
		  
	  }
	  
	  include("includes/footer.php"); ?>

<tr><td><a href='viewprofile.php?='".$id."'>View Profile</a></tr></td>

 

change this to

 

<tr><td><a href='viewprofile.php?user_id='".$row[user_id]."''>View Profile</a></tr></td>

 

in viewprofile.php

if (isset($_SESSION ['user_id']))  {
  echo "<div class='usereditprofile'><a href='editprofile.php'>Edit Profile</a></div>";
}

 

this will allow the user to edit any profile, he should have access to edit only his own profile..

 

if (isset($_SESSION ['user_id']) && ($_SESSION ['user_id'] == $_GET['user_id']))  {
  echo "<div class='usereditprofile'><a href='editprofile.php'>Edit Profile</a></div>";
}

 

 

I have done the changes and it seems to be navigating to the correct id numbers which is great but nothting appears on the viewprofile.php page. arghh so close !!

 

viewprofile.php

 

<?php
session_start();

   if (!isset($_SESSION['user_id'])) {
      
      
      $url = absolute_url();
      header("Location: $url");
      
      exit();
      
      
      
   }
   
   include("includes/start.php");
   require_once("includes/_connect.inc.php");
   
   
   if (isset($_GET['user_id'])) {   
    
    $q = " SELECT 
   
   user.user_first_name,
   user.user_surname,
   user.user_photo,
   user.user_age,
   user.user_sex,
   user.user_city,
   user.user_home_phone,
   user.user_mobile_phone,
   user.user_profession,
   user.user_specialist_area,
   user.user_email,
   user.user_password,
   user.user_username

   
FROM


user

WHERE user.user_id= '".$_GET['user_id']."'";

$result = @mysqli_query($dbc, $q);

if ($result) {


      
      while ($row =mysqli_fetch_array($result, MYSQLI_ASSOC)) {
      
       echo "<table class='pictable'>


     <tr>
     <td><img src='images/".$row[user_photo]."' width='100%' height='100%'></img></td>  </tr></table>
     <table class='profiletable'>
         <tr><td>First Name</td> <td>".$row[user_first_name]."</td>  </tr>
        <tr><td>Surname</td> <td>".$row[user_surname]."</td></tr>
       <tr><td>Age</td> <td>".$row[user_age]."</td></tr>
        <tr><td>Email</td> <td>".$row[user_email]."</td></tr>
        <tr><td>Sex</td> <td>".$row[user_sex]."</td></tr>
          <tr><td>City</td><td>".$row[user_city]."</td></tr>
        <tr><td>Home Phone</td> <td>".$row[user_home_phone]."</td></tr>
        <tr><td>Mobile Phone</td> <td>".$row[user_mobile_phone]."</td></tr>
        <tr><td>Profession</td> <td>".$row[user_profession]."</td></tr>
        <tr><td>Specialist area</td> <td>".$row[user_specialist_area]."</td></tr>
      
      
        </table>";
        
        }
        if (isset($_SESSION ['user_id']) && ($_SESSION ['user_id'] == $_GET['user_id']))  {
  echo "<div class='usereditprofile'><a href='editprofile.php'>Edit Profile</a></div>";
}

      
        
        mysqli_free_result($result);
        
        }
   }
        
        
      
      
      







   
   include("includes/footer.php");
?>

doing something like this in viewprofile.php works fine cause its static

 

    $q = " SELECT 
   
   user.user_first_name,
   user.user_surname,
   user.user_photo,
   user.user_age,
   user.user_sex,
   user.user_city,
   user.user_home_phone,
   user.user_mobile_phone,
   user.user_profession,
   user.user_specialist_area,
   user.user_email,
   user.user_password,
   user.user_username

   
FROM


user

WHERE user.user_id=3";

 

but i need it to be dynamic to represent the user that has been selected

 

    $q = " SELECT 
   
   user.user_first_name,
   user.user_surname,
   user.user_photo,
   user.user_age,
   user.user_sex,
   user.user_city,
   user.user_home_phone,
   user.user_mobile_phone,
   user.user_profession,
   user.user_specialist_area,
   user.user_email,
   user.user_password,
   user.user_username

   
FROM


user

WHERE user.user_id='".$_GET['user_id']."'";

 

this code dosent work. really need some help soo close to fixing this

try turning error reporting on by adding this code to the top of the page

ini_set('error_reporting', E_ALL); 			
ini_set('display_errors', TRUE);

 

and when doing the actual query you have error supressing by the @ sign

 

$result = @mysqli_query($dbc, $q);

should be this, to show what the query error is.

$result = 2mysqli_query($dbc, $q);

 

echoing the actual query that need to be run also helps to see if its working

 

should be this, to show what the query error is.

$result = 2mysqli_query($dbc, $q);

ofcourse this is not right,i have made a typo here

$result = mysqli_query($dbc, $q);

 

 

Notice: Undefined index: user_id in C:\xampp\htdocs\testsite\community\viewprofile.php on line 44

means the the user_id index from the $_GET variable is not defined.

in other words your not linking to the page as you should.

for example http://website.com/viewprofile.php?user_id=5 url will define the user_id $_GET variable in your script with number 5

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.