Jump to content

$_GET function problem

DJ_CARO

By DJ_CARO
in PHP Coding Help

Recommended Posts

DJ_CARO Newbie

DJ_CARO

Posted
Posted

First of All hello to all :)

I have done registration login script and when I starting to making the users profiles, I have problem in the $_GET function

well this is the code

 

<?php
$getid = $_GET['id'];

if (!$getid)
	$getid = "1";

require('scripts/connect.php');	
$query = mysql_query("SELECT * FROM users WHERE id='$getid'");
mysql_real_escape_string;
$numrows = mysql_num_rows($query);

if ($numrows == 1){
	$row = mysql_fetch_assoc($query);

	$id = $row['id'];
	$firstname = $row['first_name'];
	$lastname = $row['last_name'];
	$user = $row['username'];
	$avatar = $row['avatar'];
                $city = $row['city'];
                


		echo "<div id='profile'>
		<div id='leftside'>
			<a href='profile.php?$user'><img src='avatars/$avatar' width='100px' 

height='100px' border='0'</a></img><br /><a href='profile.php?$user'>$firstname $lastname <br 

/>($user)<br /></a>$city
			<br /></div>";
                                }
                                
                        else
	                echo " You have to contact administrator";
                              

                             ?>

When I login as user id 1 then it display all right but when I go and  login as another user

it display the first users piture, name, surname & city can someone tell me what the problem is ? I know is this 

if (!$getid)
	$getid = "1";

but why is this happen If someone tell me or point to the right direction I would be thank full :)

 

Link to comment
https://forums.phpfreaks.com/topic/209156-_get-function-problem/
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Simple. If the GET value is not set, you are hard-coding it to "1"

if (!$getid)
$getid = "1";

 

So, I wouold say the GET value is not ever set and the page is always defaulting to 1. And, doing that, is bad from a security point of view. If you don't know who the user is, you should never assume who they are. When you access that page do you see 'id=n' as paramters in the URL? If not, you need to look at the URL the user is selecting to access this page and ensure it is included.

DJ_CARO Newbie

DJ_CARO

Posted
  • Author
Posted

Simple. If the GET value is not set, you are hard-coding it to "1"

if (!$getid)
$getid = "1";

 

So, I wouold say the GET value is not ever set and the page is always defaulting to 1. And, doing that, is bad from a security point of view. If you don't know who the user is, you should never assume who they are. When you access that page do you see 'id=n' as paramters in the URL? If not, you need to look at the URL the user is selecting to access this page and ensure it is included.

Yea men I am stupid :/ I forget to put the  "?id=$userid"  after the url Thanks again :) it working now :))  and for security reasons I have deleted the 

if (!$getid)

$getid = "1";[/php

DJ_CARO Newbie

DJ_CARO

Posted
  • Author
Posted

I have done the profile page :) however I had another problem as you see on the community sites if the user login it has it own picture name city in the index page I have done quiet the same thing but when I am login it dont detect the user id , please chceck it out

the website is

http://www.imprezkamaxxx.eu/polish_site/index.php

 

Login : test

password : test

 

Thank you  for any help :)

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.