Jump to content


Help with web site

  • Please log in to reply
1 reply to this topic

#1 vund0

  • Members
  • PipPip
  • Member
  • 14 posts

Posted 24 July 2006 - 07:24 PM

I am making a company web site with a login system which I have already completed.  I need to make a page that lists all of the current members(updates itself when a user changes his/her profile) with links to each users individual page, then another page that lets a user edit his/her profile.  Any ideas or suggestions would be appreciated.


#2 Chips

  • Members
  • PipPipPip
  • Advanced Member
  • 68 posts

Posted 24 July 2006 - 09:52 PM

Both would be queries from your database - for member list:
<table width="800" border="0" cellpadding="1" cellspacing="1">
<tr><th>Username</th><th>Other heading</th><th>Another one</th>
$query = mysql_query("SELECT * from USERDATABASE"); // of course can do order by etc here, limit - whatever.
while($rows = mysql_fetch_array($query, MYSQL_ASSOC)){
echo "<tr><td>" . $rows['username'] . "</td><td> " . $rows['fieldhere'] . "</td><td>" . $rows['fieldname'] ."</td></tr>";

That would list out all the members in the database via your query, outputting a row in a table for every row returned by the query. It could, of course, get rather long... so you could do a limit in the query, to only return say results 0 - 20. A link at the bottom of the page (if there were more than 20 results) could include the values of your limit for the next results - 21 - 40, self propogating through pages, using the same code as above - but just with different limit values.

As for editing the users profile, that would require checking whom they are. You have a login method, so obviously you set cookies or sessions - by which I guess you can ID whom they are.
Using that method of ID, you could set up a page which gets their ID from their session/cookie (for instance, when they login you store their unique ID from the database perhaps in a session variable) which can be used to get their details.
$query = mysql_query("SELECT * from USERDATABASE where userId = " . $_SESSION['userId']);
if(mysql_num_rows($query) > 0){ //match found
} else {
//some form of redirect of disallowed message

function displayForm($query){
 $array = mysql_fetch_array($query, MYSQL_ASSOC);
//now put in your form details
<table width="800" cellpadding="1" cellspacing="0">
<form name="updateform" method="post" action="whatever.php">
Name: <input type="text" value="<?php echo $array['name']; ?>" name="name" />
Email: <input type="text" value="<?php echo $array['email']; ?>" name="email" />
<input type="hidden" value="<?php echo $_SESSION['userId']; ?>" name="id" />
<input type="submit" value="submit" name="submit" />
Obviously you can submit to where-ever, where you can check their variables have been entered and then update them into the database (escaping them for characters with mysql_real_escape_string i think it is).

I am sure some will point out flaws/issues with my code, but that's because I am fairly new to all this and not aware of all the security details that I probabily should be. I hope that they can elaborate where needed, and also comment on better practices :) Hope this helps in the mean time ;)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users