Jump to content

Recommended Posts

Hello wonderful people!

This one has me about pulling my hair out. All my google research and php help topics I can find, tell me that there is nothing wrong with what I have. Though I fully accept that I am clearly doing something wrong, as this is not working.

Below is my code (simplified). I didn't include the connection info for obvious reasons. And I didn't include all the pages scripting that just shows pictures and stuff that aren't related to this (just images that are embedded and what-not)
The PROBLEM is that when I go to the page (example https://www.website.com/profile.php?id=65) it brings up the profile for the id 218. In fact, I can replace the "65" with ANY number, and it will still bring up the database info for ID 218
Any thoughts on this?

Note: The only parts I'm not including in this entire pages script is just the embedded pictures and still stuff that I typed on the page to read, which has no functions at all

Note 2: If I change the SELECT line to   $sql = "SELECT * FROM users WHERE id = '$user_id' "; OR $sql = "SELECT * FROM users WHERE id = '$id' "; Then I just get "0 Results" writen on the page

Note 3: Keep in mind that ALL of the data shows on the page. The problem is that it is getting id 218 instead of what I put in the url.

<?php 
  session_start();




    $hostname="localhost";
    $username="Removed for posting";
    $password="Removed for posting";
    $dbname="Removed for posting";


  $conn = mysqli_connect($hostname, $username, $password, $dbname);
  if(!$conn){
    echo "Database connection error".mysqli_connect_error();
  }
  $id=$_GET['id'];
  $sql = "SELECT * FROM users";
  
  


$result = $conn->query($sql);

if ($result->num_rows > 0) {
  // output data of each row
  while($row = $result->fetch_assoc()) {
    $user_token =  $row["token"];
    $fname =  $row["fname"];
    $email =  $row["email"];
    $unique_id =  $row["unique_id"];
    $facebook =  $row["facebook"];
    $instagram =  $row["instagram"];
    $twitter =  $row["twitter"];
    $youtube =  $row["youtube"];
    $tiktok =  $row["tiktok"];
    $osite =  $row["osite"];
    $favmovie =  $row["favmovie"];
    $favactors =  $row["favactors"];
    $favbands =  $row["favbands"];
    $favseason =  $row["favseason"];
    $birthday =  $row["birthday"];
    $locationn =  $row["locationn"];
    $sign =  $row["sign"];
    $imageURL = '/chat-v3/public/storage/images/'.$row["img"];
    $bio =  $row["bio"];
  }
} else {
  echo "0 results";
  
  die();
}



?>


////// A bunch of pictures and stuff here within html that show up just fine ////

<font face="Verdana, Arial, Helvetica, sans-serif"><b>User Info</b></font>
<font face="Verdana, Arial, Helvetica, sans-serif"><b><?php echo $fname; ?></b></font>

// The line above repeats to show the rest of the values in the database

 

Edited by PNewCode

ARGH!!! Update! I feel so silly now... it was in the WHERE statement. I typed it right in the description but I wasn't typing it right in the actual script. I was putting the "?" in both ends of it. Problem is solved with

$sql = "SELECT * FROM users WHERE id = '$id'";

Sorry if I wasted anyones time. Problem solved.

The answer is that you are always getting the last row in the result set. 

Consider your current code.  You query, then in a loop fetch every row from the result set and assign the values from the row to various temporary variables of the same name and purpose.

First off, not to fix your problem, but --- there is no reason to do this.  You get an associative array with the values nicely indexed by column name.  Don't make a bunch of temporary variables when you don't need to.  Just use $row['field'] when you need to display the value.

Yes, you absolutely need to change your query to take the id passed to the script.  According to what you provided that should be $_GET['id'].

I don't know why that hasn't worked for you yet, but that's the correct way to do this, although, you should be using a prepared statement and bind variable rather than trying to interpolate the variable.  Do it the right way.

Consider the interpolation example you provided:

SELECT * FROM users WHERE id = '$id' "

This is incorrect if id is an integer, which we have to assume it is, since this is a numeric id.  So you should not put quotes around it, because it is not a string.  With that said, the mysqli_ binding probably allow this but it's sloppy and incorrect SQL.

In summary, there may be an issue with the id, so make sure you debug that you are getting the value you expect from the $_GET array.  (This also assumes you reach this page via an anchor href).  We don't have the code to know for sure what you are doing.

if (empty($_GET['id']) {
  // this page shouldn't be entered, because no valid id was passed
  // maybe redirect?
  exit("invalid");
}

$id = (int)$_GET['id'];

$sql = "SELECT * FROM users WHERE id=?";
$stmt = $conn->prepare($sql); 
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result(); 
$user = $result->fetch_assoc();

 

  • Like 1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.