Jump to content


Photo

** solved ** user profile


  • Please log in to reply
14 replies to this topic

#1 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 21 August 2006 - 04:05 AM

hey! i am creating an online community and whenever someone pulls up a profile it displays information from a database... duh! but when someone puts a fake url or non-existant user id into the url it shows a profile page with nothing in it... how can i instead of a blank page have a message saying invalid user or somthing like that... this is what i was thinking...
<?php
require 'db_connect.php';
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM users WHERE id=$id");
while($num=mysql_num_rows($result))
{if ($num == 0){ die('This user does not exist!'); } 
}
?>

tell me what u think

#2 desithugg

desithugg
  • Members
  • PipPipPip
  • Advanced Member
  • 281 posts
  • LocationScarborough

Posted 21 August 2006 - 04:09 AM

umm i dont really understand what you have above ive never used die before but heres something simpler if u need
<?php
require 'db_connect.php';
$id = $_GET['id'];
$query = mysql_query("SELECT count(id) FROM users WHERE id=$id");
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$id_count = $row['id'];
if($id_count =< "0")
{
echo"The user does not exist";
exit;
}
?>

#3 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 21 August 2006 - 04:17 AM

no.... okay... the user does not exist... a 10 year old kid messes around with the url and makes it http://somthing.com/?user=4534 and the real users id is like 3.... i want it to say invalid user only if the user does not exist but there are other people... it just needs to attempt to find a row and if it does not exist say invalid user...

#4 desithugg

desithugg
  • Members
  • PipPipPip
  • Advanced Member
  • 281 posts
  • LocationScarborough

Posted 21 August 2006 - 04:21 AM

well than the above should work if not try this added Or $id_count == "" to it so if its blank
<?php
require 'db_connect.php';
$id = $_GET['id'];
$query = mysql_query("SELECT count(id) FROM users WHERE id=$id");
    $result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$id_count = $row['id'];
if($id_count =< "0" OR $id_count == "")
{
echo"The user does not exist";
exit;
}
?>
and im certain this will work works for me im using it in my site.

#5 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 21 August 2006 - 04:27 AM

Parse error: parse error, unexpected $ in /var/www/user.php on line 363

there is no 363...  ???

#6 Jervous

Jervous
  • Members
  • Pip
  • Newbie
  • 9 posts

Posted 21 August 2006 - 04:27 AM

For your original example, you wouldn't put mysql_num_rows() in the while() part because it doesn't return an array or anything like that, just a number. For the second example by desithugg, that wouldn't work if my table key was p_id or something like that. Here is what I would use:

<?php
include("db_connect.php");

$query = "SELECT * FROM users WHRE id = '{$id}'";
$result = mysql_query($query) or die(mysql_error());

$count = mysql_num_rows($result);

if ($count > 0){
    while ($user = mysql_fetch_assoc($result)){
        // Do stuff here....
    }
} else {
    echo "This user does not exist.";
     // Template stuff, if any.

     exit();
}

?>


#7 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 21 August 2006 - 04:28 AM

<?

$sql_name_check = mysql_query("SELECT * FROM users WHERE id='$id'");
$name_check = mysql_num_rows($sql_name_check);

if($name_check == 0){

     print "No such user!";

     exit;
}

?>

This works for me.

#8 desithugg

desithugg
  • Members
  • PipPipPip
  • Advanced Member
  • 281 posts
  • LocationScarborough

Posted 21 August 2006 - 04:28 AM

o.o yea but i like to keep it simple lol
any ways i see that in almost all your posted ocdes do u mind telling me what it does
 exit(1); why is that 1 there

#9 desithugg

desithugg
  • Members
  • PipPipPip
  • Advanced Member
  • 281 posts
  • LocationScarborough

Posted 21 August 2006 - 04:30 AM

For your original example, you wouldn't put mysql_num_rows() in the while() part because it doesn't return an array or anything like that, just a number. For the second example by desithugg, that wouldn't work if my table key was p_id or something like that. Here is what I would use:

<?php
include("db_connect.php");

$query = "SELECT * FROM users WHRE id = '{$id}'";
$result = mysql_query($query) or die(mysql_error());

$count = mysql_num_rows($result);

if ($count > 0){
    while ($user = mysql_fetch_assoc($result)){
        // Do stuff here....
    }
} else {
    echo "This user does not exist.";
     // Template stuff, if any.

     exit();
}

?>

yea it wouldve lol
WHERE id=$id" see that part :)
so there is a row called id
btw. can som1 read my thread
http://www.phpfreaks...c,105015.0.html
im kinda stuck lol need ome helo no1s answered ive made bout 20 posts waiting for 1 reply

#10 Jervous

Jervous
  • Members
  • Pip
  • Newbie
  • 9 posts

Posted 21 August 2006 - 04:35 AM

What do you mean by yeah it would've? I have fixed the WHERE misspelling, and comment the code so you know what's going on. I have also changed the code a bit, because on a single profile page only one row would have to be returned.

<?php
// Include connect file
include("db_connect.php");

// Setup query and do query
$query = "SELECT * FROM users WHERE id = '{$id}' LIMIT 1"; // Putting your variables in { and } makes them better somehow, it's slipped my mind ATM, but I know it's like a safety net.
$result = mysql_query($query) or die(mysql_error());

// Count the number of rows returned
$count = mysql_num_rows($result);

// If the amount of rows returned is more than 0, continue.
if ($count > 0){
    // Put user info into array.
    $user = mysql_fetch_assoc($result);
    // Do stuff here....
} else {
    // Show error message
    echo "This user does not exist.";
     // Template stuff, if any.
     
     // Exit the script
     exit();
}

?>


#11 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 21 August 2006 - 04:39 AM

That reminds me...you may have to put the {} around the id in my code also. I forgot about that too.

<?php

require 'db_connect.php';
$id = $_GET['id'];

$result = mysql_query("SELECT * FROM users WHERE id='{$id}'");
$name_check = mysql_num_rows($result);

if($name_check == 0){

     print "No such user!";

     exit;
}

?>


#12 pro_se

pro_se
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 21 August 2006 - 04:41 AM

THANKS!!! all you guys rock! poco got it for me though... thanks dude!

#13 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 21 August 2006 - 04:42 AM

Wow...that is my first time successfully helping someone XD Your welcome.

You may want to put *SOLVED* for the subject, it helps people out that go around looking for someone to help.

#14 desithugg

desithugg
  • Members
  • PipPipPip
  • Advanced Member
  • 281 posts
  • LocationScarborough

Posted 21 August 2006 - 04:47 AM

Wow...that is my first time successfully helping someone XD Your welcome.

You may want to put *SOLVED* for the subject, it helps people out that go around looking for someone to help.

o.o lol congrats my time is still to come 114 posts one of that is bound to be helpful to someone

#15 pocobueno1388

pocobueno1388
  • Members
  • PipPipPip
  • Advanced Member
  • 3,369 posts
  • LocationPalm Beach, Florida

Posted 21 August 2006 - 04:48 AM

Haha, goodluck with that :D Hope everything on your site goes well. I am off now, bye.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users