pro_se Posted August 21, 2006 Share Posted August 21, 2006 hey! i am creating an online community and whenever someone pulls up a profile it displays information from a database... duh! but when someone puts a fake url or non-existant user id into the url it shows a profile page with nothing in it... how can i instead of a blank page have a message saying invalid user or somthing like that... this is what i was thinking... [code]<?phprequire 'db_connect.php';$id = $_GET['id'];$result = mysql_query("SELECT * FROM users WHERE id=$id");while($num=mysql_num_rows($result)){if ($num == 0){ die('This user does not exist!'); } }?>[/code]tell me what u think Quote Link to comment Share on other sites More sharing options...
desithugg Posted August 21, 2006 Share Posted August 21, 2006 umm i dont really understand what you have above ive never used die before but heres something simpler if u need<?phprequire 'db_connect.php';$id = $_GET['id'];$query = mysql_query("SELECT count(id) FROM users WHERE id=$id"); $result = mysql_query($query) or die(mysql_error());while($row = mysql_fetch_array($result)){$id_count = $row['id'];if($id_count =< "0"){echo"The user does not exist";exit;}?> Quote Link to comment Share on other sites More sharing options...
pro_se Posted August 21, 2006 Author Share Posted August 21, 2006 no.... okay... the user does not exist... a 10 year old kid messes around with the url and makes it http://somthing.com/?user=4534 and the real users id is like 3.... i want it to say invalid user only if the user does not exist but there are other people... it just needs to attempt to find a row and if it does not exist say invalid user... Quote Link to comment Share on other sites More sharing options...
desithugg Posted August 21, 2006 Share Posted August 21, 2006 well than the above should work if not try this added Or $id_count == "" to it so if its blank[code]<?phprequire 'db_connect.php';$id = $_GET['id'];$query = mysql_query("SELECT count(id) FROM users WHERE id=$id"); $result = mysql_query($query) or die(mysql_error());while($row = mysql_fetch_array($result)){$id_count = $row['id'];if($id_count =< "0" OR $id_count == ""){echo"The user does not exist";exit;}?>[/code]and im certain this will work works for me im using it in my site. Quote Link to comment Share on other sites More sharing options...
pro_se Posted August 21, 2006 Author Share Posted August 21, 2006 Parse error: parse error, unexpected $ in /var/www/user.php on line 363there is no 363... ??? Quote Link to comment Share on other sites More sharing options...
Jervous Posted August 21, 2006 Share Posted August 21, 2006 For your original example, you wouldn't put mysql_num_rows() in the while() part because it doesn't return an array or anything like that, just a number. For the second example by desithugg, that wouldn't work if my table key was p_id or something like that. Here is what I would use:[code]<?phpinclude("db_connect.php");$query = "SELECT * FROM users WHRE id = '{$id}'";$result = mysql_query($query) or die(mysql_error());$count = mysql_num_rows($result);if ($count > 0){ while ($user = mysql_fetch_assoc($result)){ // Do stuff here.... }} else { echo "This user does not exist."; // Template stuff, if any. exit();}?>[/code] Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted August 21, 2006 Share Posted August 21, 2006 [code]<?$sql_name_check = mysql_query("SELECT * FROM users WHERE id='$id'");$name_check = mysql_num_rows($sql_name_check);if($name_check == 0){ print "No such user!"; exit;}?>[/code]This works for me. Quote Link to comment Share on other sites More sharing options...
desithugg Posted August 21, 2006 Share Posted August 21, 2006 o.o yea but i like to keep it simple lolany ways i see that in almost all your posted ocdes do u mind telling me what it does exit(1); why is that 1 there Quote Link to comment Share on other sites More sharing options...
desithugg Posted August 21, 2006 Share Posted August 21, 2006 [quote author=Jervous link=topic=105017.msg419235#msg419235 date=1156134475]For your original example, you wouldn't put mysql_num_rows() in the while() part because it doesn't return an array or anything like that, just a number. For the second example by desithugg, that wouldn't work if my table key was p_id or something like that. Here is what I would use:[code]<?phpinclude("db_connect.php");$query = "SELECT * FROM users WHRE id = '{$id}'";$result = mysql_query($query) or die(mysql_error());$count = mysql_num_rows($result);if ($count > 0){ while ($user = mysql_fetch_assoc($result)){ // Do stuff here.... }} else { echo "This user does not exist."; // Template stuff, if any. exit();}?>[/code][/quote]yea it wouldve lolWHERE id=$id" see that part :)so there is a row called id btw. can som1 read my thread[url=http://www.phpfreaks.com/forums/index.php/topic,105015.0.html]http://www.phpfreaks.com/forums/index.php/topic,105015.0.html[/url]im kinda stuck lol need ome helo no1s answered ive made bout 20 posts waiting for 1 reply Quote Link to comment Share on other sites More sharing options...
Jervous Posted August 21, 2006 Share Posted August 21, 2006 What do you mean by yeah it would've? I have fixed the WHERE misspelling, and comment the code so you know what's going on. I have also changed the code a bit, because on a single profile page only one row would have to be returned.[code]<?php// Include connect fileinclude("db_connect.php");// Setup query and do query$query = "SELECT * FROM users WHERE id = '{$id}' LIMIT 1"; // Putting your variables in { and } makes them better somehow, it's slipped my mind ATM, but I know it's like a safety net.$result = mysql_query($query) or die(mysql_error());// Count the number of rows returned$count = mysql_num_rows($result);// If the amount of rows returned is more than 0, continue.if ($count > 0){ // Put user info into array. $user = mysql_fetch_assoc($result); // Do stuff here....} else { // Show error message echo "This user does not exist."; // Template stuff, if any. // Exit the script exit();}?>[/code] Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted August 21, 2006 Share Posted August 21, 2006 That reminds me...you may have to put the {} around the id in my code also. I forgot about that too.[code]<?phprequire 'db_connect.php';$id = $_GET['id'];$result = mysql_query("SELECT * FROM users WHERE id='{$id}'");$name_check = mysql_num_rows($result);if($name_check == 0){ print "No such user!"; exit;}?>[/code] Quote Link to comment Share on other sites More sharing options...
pro_se Posted August 21, 2006 Author Share Posted August 21, 2006 THANKS!!! all you guys rock! poco got it for me though... thanks dude! Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted August 21, 2006 Share Posted August 21, 2006 Wow...that is my first time successfully helping someone XD Your welcome.You may want to put *SOLVED* for the subject, it helps people out that go around looking for someone to help. Quote Link to comment Share on other sites More sharing options...
desithugg Posted August 21, 2006 Share Posted August 21, 2006 [quote author=pocobueno1388 link=topic=105017.msg419245#msg419245 date=1156135342]Wow...that is my first time successfully helping someone XD Your welcome.You may want to put *SOLVED* for the subject, it helps people out that go around looking for someone to help.[/quote]o.o lol congrats my time is still to come 114 posts one of that is bound to be helpful to someone Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted August 21, 2006 Share Posted August 21, 2006 Haha, goodluck with that :D Hope everything on your site goes well. I am off now, bye. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.