PHP Assistance

**Glee** · 06-02-18

Hello!

I need help with my PHP Code

I was figuring out why I can't visit other people home page! and I figured yeah me and stupid me... whatever learning

I'm using $_SESSION which means it will always redirects to my information because it's using my session.

PHP Code:


<?php 

                                $getUserInfo = mysql_query("SELECT * FROM `users` WHERE id = '".$_SESSION[user][id]."'");

                                while ($userInfo= mysql_fetch_assoc($getUserInfo))

                                     {

                                echo ' 

<tbody>

<tr>

<td valign="middle" width="25">

<img style="margin-top: -10px;" src="http://www.habbo.com/habbo-imaging/avatarimage?figure=' .$userInfo['look'] . '&size=m&gesture=sml">

</td>

<td valign="top">

<p style="font-size: 90%;">Username: <strong>' .$userInfo['username'] . '</strong>

<br>Motto: <strong>' .$userInfo['motto'] . '</strong>

<br><i>Last Online: {lastSignedIn}</i></p>

<br/></td>

<td valign="top" style="float: right;">

' . (($userInfo['online'] == "1") ? '

<img src="../app/tpl/skins/Habbo/web-gallery/v2/images/habbo_online.gif"/>':'<img src="../app/tpl/skins/Habbo/web-gallery/v2/images/habbo_offline.gif"/>') . '

</td>

</tr>

</tbody>

</table>

<tbody>

<tr>

';

                               

                               }

                                ?>

**MentaL**

**Aamiainen** · 06-02-18

do something like:
userId = mysql_real_espace_string($_GET['id']);
$getUserInfo = mysql_query("SELECT * FROM `users` WHERE id = '".userId ."'");
...... and so on

Then you should use url like www.example.domain/profile?id=xx where xx is user id.

**Glee** · 07-02-18

Originally Posted by Aamiainen

do something like:
userId = mysql_real_espace_string($_GET['id']);
$getUserInfo = mysql_query("SELECT * FROM `users` WHERE id = '".userId ."'");
...... and so on

Then you should use url like www.example.domain/profile?id=xx where xx is user id.

it breaks the site

**Joorren XD** · 07-02-18

replace 'userId' with '$userId' for both of them, if you didn't already.

And what do you mean with 'It breaks the site'?

**Glee** · 07-02-18

Originally Posted by Joorren

replace 'userId' with '$userId' for both of them, if you didn't already.

And what do you mean with 'It breaks the site'?

Now this happens

**Joorren XD** · 07-02-18

Does the user 'Test' exist?
You should create an if-else statement that checks the amount of rows that the query returns ( if (mysql_num_rows($getUserInfo)) )

**Glee** · 07-02-18

Originally Posted by Joorren

Does the user 'Test' exist?
You should create an if-else statement that checks the amount of rows that the query returns ( if (mysql_num_rows($getUserInfo)) )

User Test does exist. and can you by chance provide me example of if-else statement

**Aamiainen** · 07-02-18

Well if you're using links like habcheer.co/home/username then your query would need to use usernames too. Lets assume that your non rewrited urls would look like habcheer.co/home?username=test, which it possibly does, you can look into your .htaccess file to make sure.

So the problem with my code was that it was assuming that you would provide it with user id, but instead you were providing it with username.

test this:
$username = mysql_real_espace_string($_GET['username']);
$getUserInfo = mysql_query("SELECT * FROM `users` WHERE username = '".$username."'");
...... and so on

If that doesn't work then please provide your .htaccess file or this will be just guessing for me.

But if you're using usernames on your links then it should just be:
$username = mysql_real_espace_string($_GET['NAME OF YOUR GET VARIABLE HERE']);
$getUserInfo = mysql_query("SELECT * FROM `users` WHERE username = '".$username."'");
...... and so on

And NAME OF YOUR GET VARIABLE will most likely just be "id" or "username", but if isn't, can be found in your .htaccess file.

- - - Updated - - -

Originally Posted by Glee

User Test does exist. and can you by chance provide me example of if-else statement

Well it seems that you still have much to learn. but here i made you an example which should work, i currently don't have anything to test it on, but pretty sure it should work if didn't get any typos in it.

PHP Code:


if(!empty($_GET['username'])) {
    //if username is set then go on
$username = mysql_real_espace_string($_GET['username']);
$getUserInfo = mysql_query("SELECT * FROM `users` WHERE username = '".$username."'");
} else {
    //else show own profile page
$getUserInfo = mysql_query("SELECT * FROM `users` WHERE id = '".$_SESSION['user']['id']."'");
}

if(mysql_num_rows($getUserInfo) == 0){
    //if query returns nothing then redirect to 404 user not found or where ever you want to e.g.
header("Location: /404");
}
//and so on

**LeChris** · 09-02-18

Keep in mind using SELECT * can be highly insecure and also slow down the response speed. For basics I would suggest something such as

SELECT id, username, credits, activity_points, vip_points, look, motto

PHP Assistance

Thread Tools

Search Thread

PHP Assistance

Re: PHP Assistance

Re: PHP Assistance

Re: PHP Assistance

Re: PHP Assistance

Re: PHP Assistance

Re: PHP Assistance

Re: PHP Assistance

Re: PHP Assistance

Advertisement