Member Avatar for diafol

Say you have links like these looped from your DB:

echo "<li><a href="profiles.php?id={$row['id']}">{$row['username']}</a></li>";

The receiving page then picks up the id and displays the data accordingly.

if(isset($_GET['id')){

...do your stuff here...

}
Member Avatar for Aser Gado

Um what should I edit?

Member Page:

<?php
 $Id = $_SESSION['Id'];
$r = mysql_query("SELECT * FROM Persons WHERE Id ='$Id'");
while($row = mysql_fetch_array($r))
  {
  echo "Welcome";
  echo " " . $row['FirstName'];
  echo "<br />";
  echo "<br />";
  $location = $row['imagelocation'];
  echo "<img src='$location' width='100' height='100'>";
  echo "<br />";
  echo "<a href='upload.php'>Change Profile Picture</a>";
  echo "<br />";
  echo "Name:";
  echo " " . $row['FirstName'] . " " . $row['LastName'];
  echo "<br />";
  echo "Email:";
  echo " " . $row['Email'];
  echo "<br />";
  }
?>

Login Handler:

<?php
session_start();
include("database.php");

// username and password sent from form 
$Email=$_POST['Email']; 
$Passwrd=$_POST['Passwrd'];

// To protect MySQL injection
$Email = stripslashes($Email);
$Passwrd = stripslashes($Passwrd);
$Email = mysql_real_escape_string($Email);
$Passwrd = mysql_real_escape_string($Passwrd);

$sql="SELECT * FROM Persons WHERE Email='$Email' and password='$Passwrd'";
$result=mysql_query($sql);
 
// Mysql_num_row is counting table row
if(mysql_num_rows($result) > 0){
  $data = mysql_fetch_array($result);
  $_SESSION['Id'] = $data['Id'];
  $_SESSION['Email'] = $data['Email'];
  header("location:member.php");
} else {
  echo "Wrong Username or Password";
}
?>
Member Avatar for diafol

I'm a little confused here. I assumed you wanted members to see each others profiles. That's why you need the querystring. For an user to see his own profile, that should be handled in conjunction with a session var. Make the user's own profile editable, but another member's read only.

Edited by diafol because: n/a
Member Avatar for Aser Gado

yes, thats what I want! only the page owner can edit his profile, but other members can see his page etc..

Query?

Member Avatar for diafol

Well, first of all, process the $_GET var if there is one.

Scenarios:

1) No $_GET -> go to logged-in user view (editable)
2) $_GET not in DB -> go to logged-in user view (editable)
3) $_GET in DB and = logged-in user -> go to logged-in user view (editable)
4) $_GET in DB and not logged-in user -> go to member view (read-only)


Now can I suggest you have a poke at this one yourself?

Member Avatar for Aser Gado 
if(isset($_GET['Id']))

 $Id = $GET['Id'];
$r = mysql_query("SELECT * FROM Persons WHERE Id ='$Id'");
while($row = mysql_fetch_array($r))
  {
  echo "Welcome";
  echo " " . $row['FirstName'];
  echo "<br />";
  echo "<br />";
  $location = $row['imagelocation'];
  echo "<img src='$location' width='100' height='100'>";
  echo "<br />";
  echo "<a href='upload.php'>Change Profile Picture</a>";
  echo "<br />";
  echo "Name:";
  echo " " . $row['FirstName'] . " " . $row['LastName'];
  echo "<br />";
  echo "Email:";
  echo " " . $row['Email'];
  echo "<br />";
  }

Any progress? xD

Member Avatar for diafol

Yeah, well that'll only work when there is an 'id' in the url querystring, but you're assuming that the ID is the logged-in user id as opposed to any random id. I've pretty much given you the possible scenarios, up to you to sort out the 'conditional statements' (if or switch) and the tests.

Member Avatar for diafol

Just to give you an idea. This code isn't tested by the way:

<?php
function getProfile($id){
	$backup_id = $_SESSION['id'];	
	$r = mysql_query("SELECT ...fields... FROM tbl1 WHERE id = '$id'");
	if(mysql_num_rows($r) < 1){
		$r = mysql_query("SELECT ...fields... FROM tbl1 WHERE id = '$backup_id'");
	}
	//assume logged-in user has a profile - this should be set up automatically on registration
	$d = mysql_fetch_array($r);
	return $d; //retuns an array of all the data you requested in the SQL (...fields...) - ensure that id is one of them for the edit/read-only view to work
}

$pid = $_SESSION['id'];

if(isset($_GET['id'])){
	$pid = $intval($_GET['id']);
}

$data = getProfile($pid); // get data from sql into $data array

extract($data, EXTR_PREFIX_ALL, "sql"); //creates unique variables from sql row from function, e.g. $sql_id, $sql_username, $sql_image - makes it easier to use

if($sql_id == $_SESSION['id'])$edit = true; //boolean to say whether we're in edit mode or read-only mode
//Perhaps the easiest way to do this would be to create two different sections - one basic html for read only and one form for edit:
?>

<!--YOUR DTD, HEAD, TOP OF PAGE GOES HERE / ALTHOUGH IT DEPENDS ON WHETHER YOU'RE USING THIS FILE AS AN INCLUDE-->

<?php
if($edit){
?>

<!--SHOW THE FORM FOR EDITABLE-->
<!--use $sql_username etc-->

<?php
}else{
?>

<!--SHOW THE READ ONLY PAGE-->
<!--use $sql_username etc-->

<?php
}
?>

<!--REST OF PAGE / UNLESS THIS IS AN INCLUDE FILE>

There are many ways to skin a cat, this is one, not necessarily the best.

Edited by diafol because: n/a
Member Avatar for Aser Gado

At the start.. you didn't call for the $id variable?

<?php
function getProfile($id){
	$backup_id = $_SESSION['id'];	
	$r = mysql_query("SELECT ...fields... FROM tbl1 WHERE id = '$id'");

in the Query, the $id is not declared yet?

Member Avatar for Aser Gado

Should that work? Cuz it gives me an error,

Warning: extract() [function.extract]: First argument should be an array in /www/99k.org/m/l/s/mlsconnection/htdocs/profile.php on line 22
<?php
include("database.php");
function getProfile($Id){
	$backup_Id = $_SESSION['Id'];
	$r = mysql_query("SELECT * FROM Persons WHERE Id = '$Id'");
	if(mysql_num_rows($r) < 1){
		$r = mysql_query("SELECT * FROM Persons WHERE Id = '$backup_Id'");
	}
	//assume logged-in user has a profile - this should be set up automatically on registration
	$d = mysql_fetch_array($r);
	return $d; //retuns an array of all the data you requested in the SQL (...fields...) - ensure that Id is one of them for the edit/read-only view to work
}

$pId = $_SESSION['Id'];

if(isset($_GET['Id'])){
	$pId = $intval($_GET['Id']);
}

$data = getProfile($pId); // get data from sql into $data array

extract($data, EXTR_PREFIX_ALL, "sql"); //creates unique variables from sql row from function, e.g. $sql_Id, $sql_username, $sql_image - makes it easier to use

if($sql_Id == $_SESSION['Id'])$edit = true; //boolean to say whether we're in edit mode or read-only mode
//Perhaps the easiest way to do this would be to create two different sections - one basic html for read only and one form for edit:
?>

//YOUR DTD, HEAD, TOP OF PAGE GOES HERE / ALTHOUGH IT DEPENDS ON WHETHER YOURE USING THIS FILE AS AN INCLUDE-->

<?php
if($edit){
?>


 echo "Welcome";
  echo " " . $sql_FirstName;
  echo "<br />";
  echo "<br />";
  $location = $sql_imagelocation;
  echo "<img src='$location' width='100' height='100'>";
  echo "<br />";
  echo "<a href='upload.php'>Change Profile Picture</a>";
  echo "<br />";
  echo "Name:";
  echo " " . $sql_FirstName . " " . $sql_LastName;
  echo "<br />";
  echo "Email:";
  echo " " . $sql_Email;
  echo "<br />";
  echo "Relationship Status:";
  echo " " . $sql_relationship;
  echo "<br />";
  echo "Interested In:";
  echo " " . $sql_interests;
  echo "<br />";
  echo "MSN:";
  echo " " . $sql_msn;
  echo "<br />";
  echo "Skype:";
  echo " " . $sql_skype;
  echo "<br />";
  echo "<a href='editprofile.php'>Change Profile Information</a>";
  echo "<br />";

<?php
}else{
?>

 echo "Welcome";
  echo " " . $sql_FirstName;
  echo "<br />";
  echo "<br />";
  $location = $sql_imagelocation;
  echo "<img src='$location' width='100' height='100'>";
  echo "<br />";
  echo "Name:";
  echo " " . $sql_FirstName . " " . $sql_LastName;
  echo "<br />";
  echo "Email:";
  echo " " . $sql_Email;
  echo "<br />";
  echo "Relationship Status:";
  echo " " . $sql_relationship;
  echo "<br />";
  echo "Interested In:";
  echo " " . $sql_interests;
  echo "<br />";
  echo "MSN:";
  echo " " . $sql_msn;
  echo "<br />";
  echo "Skype:";
  echo " " . $sql_skype;
  echo "<br />";

<?php
}
?>
Member Avatar for diafol

Hmm...

Should work - you did include the mysql connection code before all this right?

$data = getProfile($pId); // get data from sql into $data array 
extract($data, EXTR_PREFIX_ALL, "sql");

What your error is saying is that $data is not an array, which it clearly should be if a result set array is being returned.

checkout $data before the extract with a print_r() or echo is that fails.

The extract isn't essential, it just helps with not having to write $data... you can write $sql_username instead - which helps if you're embedding variables in double quotes.

Member Avatar for Aser Gado

Yes I did, I changed it now to this: and I get this error:

Fatal error: Function name must be a string in /www/99k.org/m/l/s/mlsconnection/htdocs/profile.php on line 17
<?php
include("database.php");
function getProfile($Id){
	$backup_Id = $_SESSION['Id'];
	$r = mysql_query("SELECT * FROM Persons WHERE Id = '$Id'");
	if(mysql_num_rows($r) < 1){
		$r = mysql_query("SELECT * FROM Persons WHERE Id = '$backup_Id'");
	}
	//assume logged-in user has a profile - this should be set up automatically on registration
	$d = mysql_fetch_array($r);
	return $d; //retuns an array of all the data you requested in the SQL (...fields...) - ensure that Id is one of them for the edit/read-only view to work
}

$pId = $_SESSION['Id'];

if(isset($_GET['Id'])){
	$pId = $intval($_GET['Id']);
}

$data = getProfile($pId); // get data from sql into $data array


if($data['Id'] == $_SESSION['Id'])$edit = true; //boolean to say whether we're in edit mode or read-only mode
//Perhaps the easiest way to do this would be to create two different sections - one basic html for read only and one form for edit:


//YOUR DTD, HEAD, TOP OF PAGE GOES HERE / ALTHOUGH IT DEPENDS ON WHETHER YOURE USING THIS FILE AS AN INCLUDE-->


if($edit){



 echo "Welcome";
  echo " " . $data['FirstName'];
  echo "<br />";
  echo "<br />";
  $location = $data['imagelocation'];
  echo "<img src='$location' width='100' height='100'>";
  echo "<br />";
  echo "<a href='upload.php'>Change Profile Picture</a>";
  echo "<br />";
  echo "Name:";
  echo " " . $data['FirstName'] . " " . $data['LastName'];
  echo "<br />";
  echo "Email:";
  echo " " . $data['Email'];
  echo "<br />";
  echo "Relationship Status:";
  echo " " . $data['relationship'];
  echo "<br />";
  echo "Interested In:";
  echo " " . $data['interests'];
  echo "<br />";
  echo "MSN:";
  echo " " . $data['msn'];
  echo "<br />";
  echo "Skype:";
  echo " " . $data['skype'];
  echo "<br />";
  echo "<a href='editprofile.php'>Change Profile Information</a>";
  echo "<br />";


}else{


 echo "Welcome to";
  echo " " . $data['FirstName'];
  echo "<br />";
  echo "<br />";
  $location = $data['imagelocation'];
  echo "<img src='$location' width='100' height='100'>";
  echo "<br />";
  echo "Name:";
  echo " " . $data['FirstName'] . " " . $data['LastName'];
  echo "<br />";
  echo "Email:";
  echo " " . $data['Email'];
  echo "<br />";
  echo "Relationship Status:";
  echo " " . $data['relationship'];
  echo "<br />";
  echo "Interested In:";
  echo " " . $data['interests'];
  echo "<br />";
  echo "MSN:";
  echo " " . $data['msn'];
  echo "<br />";
  echo "Skype:";
  echo " " . $data['skype'];
  echo "<br />";


}
?>
Member Avatar for Aser Gado

hahahahahaha! I fixed it! its working now!! I can see other members profile :D

Thanks you a dozen time! thanks for all the help, now I will try and work by myself on a member search :D

Thanks Ardav!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.