Php Profile

[Danny620]

Hi i just want to ask a question about a profile script.

 

this is what i would like to do;

 

build a log-in; done that

build a sign up; done that

build a profile page for the user; need help

 

would this be how i go about creating a profile

when the user logs in, store the user names in a session

then build a a profile page when the user go's to the profile retrieve the session as a varable and query the database e.g select username, email, lastname from users where username = 'session id'

would this work and would it be secure

 

thanks for your time

[aggrav8d]

- When the user signed up you created a profile for them.

- You've already let them log in so you already have session info on them (be sure to watch out for XSS)

- The profile page is simply a form to view/alter the default profile set up for that user.

 

if($_SESSION['user_id']==$_GET['id']) edit_profile();
else view_profile($_GET['id']);

[Danny620]

thanks so should i create the fields in the users table like.eg first name second name, email, things like that then if they want to change there profile just create a form with them textbox and use the session id to update the correct user is xss cross-sited-scripting meaing that people can enter bad stuff in my textbox that danger the database and i need to protect myself by vaidating things and using trim to make sure its safe to enter into the database thanks anyways for that