Help with web site

[vund0]

I am making a company web site with a login system which I have already completed.  I need to make a page that lists all of the current members(updates itself when a user changes his/her profile) with links to each users individual page, then another page that lets a user edit his/her profile.  Any ideas or suggestions would be appreciated.

-Brad

[Chips]

Both would be queries from your database - for member list:
[code]
<table width="800" border="0" cellpadding="1" cellspacing="1">
<tr><th>Username</th><th>Other heading</th><th>Another one</th>
</tr>
<?php
$query = mysql_query("SELECT * from USERDATABASE"); // of course can do order by etc here, limit - whatever.
while($rows = mysql_fetch_array($query, MYSQL_ASSOC)){
echo "<tr><td>" . $rows['username'] . "</td><td> " . $rows['fieldhere'] . "</td><td>" . $rows['fieldname'] ."</td></tr>";
}
?>
</table>
[/code]

That would list out all the members in the database via your query, outputting a row in a table for every row returned by the query. It could, of course, get rather long... so you could do a limit in the query, to only return say results 0 - 20. A link at the bottom of the page (if there were more than 20 results) could include the values of your limit for the next results - 21 - 40, self propogating through pages, using the same code as above - but just with different limit values.

As for editing the users profile, that would require checking whom they are. You have a login method, so obviously you set cookies or sessions - by which I guess you can ID whom they are.
Using that method of ID, you could set up a page which gets their ID from their session/cookie (for instance, when they login you store their unique ID from the database perhaps in a session variable) which can be used to get their details.
[code]
$query = mysql_query("SELECT * from USERDATABASE where userId = " . $_SESSION['userId']);
if(mysql_num_rows($query) > 0){ //match found
displayForm($query);
} else {
//some form of redirect of disallowed message
}

function displayForm($query){
$array = mysql_fetch_array($query, MYSQL_ASSOC);
//now put in your form details
?>
<table width="800" cellpadding="1" cellspacing="0">
<form name="updateform" method="post" action="whatever.php">
<tr><td>
Name: <input type="text" value="<?php echo $array['name']; ?>" name="name" />
</td></tr>
<tr><td>
Email: <input type="text" value="<?php echo $array['email']; ?>" name="email" />
</td></tr>
<tr><td>
<input type="hidden" value="<?php echo $_SESSION['userId']; ?>" name="id" />
<input type="submit" value="submit" name="submit" />
</td></tr>
</form>
</table>
<?php
}
[/code]
Obviously you can submit to where-ever, where you can check their variables have been entered and then update them into the database (escaping them for characters with mysql_real_escape_string i think it is).

I am sure some will point out flaws/issues with my code, but that's because I am fairly new to all this and not aware of all the security details that I probabily should be. I hope that they can elaborate where needed, and also comment on better practices :) Hope this helps in the mean time ;)