JoeBrenan Posted October 31, 2015 Share Posted October 31, 2015 (edited) Hey, I am trying to output a row from my database using PDO where the username is the same as one that I have pulled from the URL, my URL reads: "http://localhost/view_profile.php?username=test\" On the view profile_page.php I am storing the username in $username by using $username = $_GET["username"]; now I want to use a SELECT to retrieve and save the data relating to the username found in the URL. I am struggling to get this to work, the page is already linked to the database any help would be appreciated. Thanks. <?php if(isset($_POST['$row'])) { // check if the username has been set } // First we execute our common code to connection to the database and start the session require("common.php"); // At the top of the page we check to see whether the user is logged in or not if(empty($_SESSION['user'])) { // If they are not, we redirect them to the login page. header("Location: login.php"); // Remember that this die statement is absolutely critical. Without it, // people can view your members-only content without logging in. die("Redirecting to login.php"); } // Everything below this point in the file is secured by the login system // We can display the user's username to them by reading it from the session array. Remember that because // a username is user submitted content we must use htmlentities on it before displaying it to the user. $username = $_GET["username"]; $query = " SELECT id, username, firstname, lastname, password, salt, email, access_level FROM users WHERE username = $username "; try { // These two statements run the query against your database table. $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { // Note: On a production website, you should not output $ex->getMessage(). // It may provide an attacker with helpful information about your code. die("Failed to run query: " . $ex->getMessage()); } // Finally, we can retrieve all of the found rows into an array using fetchAll $rows = $stmt->fetchAll(); ?> Edited October 31, 2015 by JoeBrenan Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) How about posting your code. You are aware of the MySQL WHERE clause right? Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 How about posting your code. You are aware of the MySQL WHERE clause right? I have now added the code from the view_profile.php. Thanks. Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 Let cut out the fluff. Set the username below and run this and tell me what you get. <?php $_GET['username']='someusername'; $query = "SELECT id, username, firstname, lastname, password, salt, email, access_level FROM users WHERE username = {$_GET['username']} "; try { $stmt = $db->prepare($query); $stmt->execute(); $result = $stmt->fetchAll(); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } echo "<pre>"; print_r($result); echo "</pre>"; ?> Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 (edited) I have added your code and change "someusername" to username which is the column in the table, but it is outputting every row rather than the row with the username specified in the URL. the outputted result: Array ( [0] => Array ( [id] => 1 [username] => test [firstname] => test [lastname] => test [password] => 5c73b9801c80c790e4c9b5bf0f55cdf84bea07baa3af1d778845427339d71e12 [salt] => 4f0819657e64c9ed [email] => test@test.com [access_level] => 1 ) [1] => Array ( [id] => 2 [username] => Asuza [firstname] => test3 [lastname] => test3 [password] => 84f94225d0015af33e2a29e71b69db12ec50d98dfde48541d3ae2ec68bb0c746 [salt] => 152a907b12b40692 [email] => test3@test.com [access_level] => 1 ) [2] => Array ( [id] => 3 [username] => Test1 [firstname] => Test1 [lastname] => Test1 [password] => f28b461db1ec030adfa725c6e87a6a287f0034ca973235c5a6b8821bee9aa228 [salt] => 48fb0eab6179dccb [email] => Test1@test.com [access_level] => 1 ) ) Thanks. Edited October 31, 2015 by JoeBrenan Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) Post an sql dump of your DB. "someusername" needs to be an actual username in the database, not the name of the column. Forget the URL for now. The code I gave you has nothing to do with it. Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 Post an sql dump of your DB. "someusername" needs to be an actual username in the database, not the name of the column. Forget the URL for now. The code I gave you has nothing to do with it. when I put "someusername" i get this error: Failed to run query: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'someusername' in 'where clause' Thanks. Quote Link to comment Share on other sites More sharing options...
Barand Posted October 31, 2015 Share Posted October 31, 2015 You need quotes around string values WHERE username = '{$_GET['username']}' Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 (edited) You need quotes around string values WHERE username = '{$_GET['username']}' I implemented this change and I am now getting this: Array ( ) Here is my database: CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `firstname` varchar(50) COLLATE utf8_unicode_ci NOT NULL, `lastname` varchar(50) COLLATE utf8_unicode_ci NOT NULL, `password` char(64) COLLATE utf8_unicode_ci NOT NULL, `salt` char(16) COLLATE utf8_unicode_ci NOT NULL, `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `nationalityid` varchar(128) COLLATE utf8_unicode_ci NOT NULL, `age` date NOT NULL, `access_level` int(2) NOT NULL DEFAULT '1', PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`), UNIQUE KEY `email` (`email`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=6 ; Edited October 31, 2015 by JoeBrenan Quote Link to comment Share on other sites More sharing options...
Barand Posted October 31, 2015 Share Posted October 31, 2015 And as you are using a prepared statement anyway, you should be using a placeholder and binding the parameter value. That's the reason for prepared statements. Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) My bad on the quotes. OP, Post an sql dump of your data as well. when I put "someusername" i get this error: Why?????? I just told you to replace it with an actual username in the DB. "someusername" needs to be an actual username in the database Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 And as you are using a prepared statement anyway, you should be using a placeholder and binding the parameter value. That's the reason for prepared statements. Ok, could you give me an example? i know what you mean I'm just not sure how to implement it, Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 My bad on the quotes. OP, Post your data as well. Why?????? I just told you to replace it with an actual username in the DB. im wanting it to pull the username from the URL rather than me inputting it manually. Thanks Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) Dude! I know what you want. I am first trying to get a result from the DB which you are not getting. We need to find out why. Grabbing it from the URL right now is going to do NOTHING. Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 Dude! I know what you want. I am first trying to get a result from the DB which you are not getting. We need to find out why. Grabbing it from the URL right now is going to do NOTHING. ah, ok my bad. Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 Data dump please..... Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 (edited) Data dump please.... view_profile.php: <?php if(isset($_POST['$row'])) { } require("common.php"); t if(empty($_SESSION['user'])) { header("Location: login.php"); die("Redirecting to login.php"); } $_GET['username']='someusername'; $query = "SELECT id, username, firstname, lastname, password, salt, email, access_level FROM users WHERE username = '{$_GET['username']}' "; try { $stmt = $db->prepare($query); $stmt->execute(); $result = $stmt->fetchAll(); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } echo "<pre>"; print_r($result); echo "</pre>"; ?> Common.php: <?php $username = "root"; $password = "password"; $host = "localhost"; $dbname = "members"; $options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); try { $db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options); } catch(PDOException $ex) { die("Failed to connect to the database: " . $ex->getMessage()); } $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { function undo_magic_quotes_gpc(&$array) { foreach($array as &$value) { if(is_array($value)) { undo_magic_quotes_gpc($value); } else { $value = stripslashes($value); } } } undo_magic_quotes_gpc($_POST); undo_magic_quotes_gpc($_GET); undo_magic_quotes_gpc($_COOKIE); } header('Content-Type: text/html; charset=utf-8'); session_start(); Edited October 31, 2015 by JoeBrenan Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) OMG Dude! I didnt ask for your code. I asked for the data in your users table. * I see you have other issues we can address later. Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 The database table is in a previous comment. Thanks. Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) DUUUUUUUUUUUUUDE! Really? Do you really not understand what I am saying? Am I being punked? The the information that goes IN the table, the actual usernames, the actual first and last names etc... IN SQL INSERT FORMAT. Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 I'm confused, im not trying to insert anything into the table, just read from existing data from a row and output this onto the page. Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) Forget it dude. You are TOTALLY CLUELESS! Some one else can deal with you. In your words "existing data" That is what I was asking you for. How in the world you couldn't understand that is beyond me. I am calling TROLL on this thread. Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 Forget it dude. You are TOTALLY CLUELESS! Some one else can deal with you. In your words "existing data" That is what I was asking you for. How in the world you couldn't understand that is beyond me. I am calling TROLL on this thread. ok, im sorry you feel this way, but i provided the array output in my second comment which shows the existing data in the array already. [0] => Array( [id] => 1 [username] => test [firstname] => test [lastname] => test [password] => 5c73b9801c80c790e4c9b5bf0f55cdf84bea07baa3af1d778845427339d71e12 [salt] => 4f0819657e64c9ed [email] => test@test.com [access_level] => 1 ) the above is the data from the database being pulled out, after i implemented the code you provided. thanks. Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 31, 2015 Share Posted October 31, 2015 (edited) No you did not provide the array output as you have now. Go back and look at your post. This is what you posted: I implemented this change and I am now getting this: Array ( ) Now delete this line $_GET['username']='someusername'; and run the script like localhost/view_profile.php?username=test You should get the same EXACT result as the array you posted. Edited October 31, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
JoeBrenan Posted October 31, 2015 Author Share Posted October 31, 2015 i posted both outputs, the first one was before you posted to edit this line '{$_GET['username']}' 4:57 - 5:09 on the previous page. either way i have now got the page to output the correct row from the database but need to store them as separate variables to call upon later. now im getting this as my output: Array ( [0] => Array ( [id] => 2 [username] => Asuza [firstname] => test [lastname] => test [password] => 84f94225d0015af33e2a29e71b69db12ec50d98dfde48541d3ae2ec68bb0c746 [salt] => 152a907b12b40692 [email] => test@test.com [access_level] => 1 ) ) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.