Hi Everyone. I am having difficulty getting past this little problem, in a website I am making supposed, to be an on-line forum where users can register and post anything worth sharing. So, obviously I am trying to make a profile page for each user to show their details, which is a bit more than I can handle in PHP. Well, In the Index page, I have a series of articles displayed with the name of their responsible users who submitted them in the first place. If you can see in the picture i have attached, there is an " Author " and then the click-able name called " Admin " below the title of the article. Now, since the objective is to display the authors profile in full order from database, such as Age, Country, Bio, Joined date... I made this link for the username Code: Author: <a href='profiles/id.php?user=$nt[author]'> </a> This means, if you click on the " author " in this case who is the " Admin ", the page will take you to profiles/id.php Here is the tough part, I have tried everything I could to show full detail of the user in the id.php, but i am unable to and would love your help on this one. Thanks in advance.
Using <a href='profiles/id.php?user=$nt[author]'>Blah</a> Will place the value of $nt[author] (which is "Admin") in $_GET['user'] in id.php simply use this for your key to retrieve your information via an sql query.
I would just send the author ID, not the author name in the user parameter. $button = '<a href="profiles/id.php?user='.$nt['authorID'].'">'; in id.php you receive the authorID in the GET global, which you can insert in the SQL query. SELECT * FROM authors WHERE authorId = '$_GET['authorID']' LIMIT 1; of course don't forget to escape the value before inserting it to the SQL query!!!
Thanks for both your responses. But, I placed this link in index.php [COED] <a href='profiles/id.php?user=$nt[user]'> abcd [/CODE] And, then this query on the profiles/id.php @$userid = $_GET['user']; @$query = "SELECT bio from users WHERE username = $userid LIMIT 1"; $rt=mysql_query($query); echo mysql_error(); while($nt=mysql_fetch_array($rt)){ echo " $nt[username]"; } Code (markup): So, when i clicked on the username in index.php it takes me to profiles/id.php and displays thiserror. Unknown column 'abcd' in 'where clause' Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\DIRECTORY\Library\id.php on line 15 I don't know where I might have made a mistake. btw, Line 15 is supposed to be [COLOR=#FF0000][/COLOR]while($nt=mysql_fetch_array($rt)){ Code (markup):
something wrong with the SQL query. print it out(echo $query; ) so you can see what is going to the mysql, and try to execute it in phpmyadmin, that prints out more information about the error. Edit: oh yes... you inserted the $userid without quotes and the value is seen as a column name which is obviously wrong... try this: "SELECT bio FROM users WHERE username = '".$userid."' LIMIT 1";
As for the SQL injection - told you to escape! Change to this: @userid = mysqli_real_escape_string($_GET['user']); and you're fine Notice that I used the function from the MySQLi extension because MySQL is deprecated, so better to use the functions with the i on the end. http://www.php.net/manual/en/book.mysqli.php
hello dont use @ to error suppression this is very slow , and no need while due username are unique value correct ? $nt = mysql_fetch_array(mysql_query("SELECT username,bio from users WHERE username = '".mysql_real_escape_string($_GET['user'])."'")); echo $nt['username']." - ".$nt['bio']; Best