0

I have a register and login code, but i don't know when the user register to automatically make user page.Can anybody help me?

4
Contributors
9
Replies
10
Views
7 Years
Discussion Span
Last Post by Will Gresham
0

Make a seperate page (profile.php perhaps) and use the unique field in the database (Usually an ID of some sort) in the query string, for example, profile.php?user=usersID.

In the profile.php page, pull the required data from the database and display it as required.

1

Just remember to protect it with a session id, so that you can't change anybody else's profile. View but not edit.

Votes + Comments
+1, I assumed he meant a page to display info, not edit :)
0

I now how to echo id but how to echo username, email...
This is my code for profile page:

<?php

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="login4"; // Database name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die(mysql_error());
mysql_select_db("$db_name")or die(mysql_error());
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM users WHERE id=$id");
$sql="SELECT * FROM users";
?>
<?php 
echo $id;
?>
0

I now how to echo id but how to echo username, email...
This is my code for profile page:

<?php

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="login4"; // Database name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die(mysql_error());
mysql_select_db("$db_name")or die(mysql_error());
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM users WHERE id=$id");
$sql="SELECT * FROM users";
?>
<?php 
echo $id;
?>
0

Many problems with your code there...

There appears to be no protection on your query at all...
Try replacing this:

$id = $_GET['id'];

with this:

if (is_int($_GET['id'])) {
  $id = $_GET['id'];
  // Add the rest of the script here.
} else {
  // Display an error message, also stop processing.
  echo "Error message here";
}

Also, this line $sql="SELECT * FROM users"; is redundant, it does nothing...

Instead of this:

$result = mysql_query("SELECT * FROM users WHERE id=$id");

Try this I added a limit as I assume you will only be expecting one result:

$query = mysql_query("SELECT * FROM users WHERE id=$id LIMIT 1");
$result = mysql_fetch_assoc( $query );

You can then call the values from the DB using $result.

So to review, your code should look similar to this:

<?php

$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="login4"; // Database name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die(mysql_error());
mysql_select_db("$db_name")or die(mysql_error());
if (is_int($_GET['id'])) {
  $id = $_GET['id'];
  $query = mysql_query("SELECT * FROM users WHERE id=$id LIMIT 1");
  $result = mysql_fetch_assoc( $query );
  echo $id;
} else {
  // Display an error message, also stop processing.
  echo "Error message here";
}
?>

Also, as ardav said, you will need to add some logic to make sure that the user viewing this page actually has permission to do so, such as creating a session when they login, and check that a session exists when they access this page

Edited by Will Gresham: n/a

0

Thanks, xan!
But i still don't now how echo username or email...

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.