Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Nice Profile URL?

  • This topic is empty.
Viewing 6 posts - 16 through 21 (of 21 total)
1 2
  • Author
    Posts
  • February 2, 2012 at 2:13 pm #96025
    bungle
    Member

    What is this line

    $writes = mysql_query(“SELECT `id` FROM `husers` WHERE 1”);

    trying to do? That is the source of your boolean error, I had not noticed it before. WHERE needs a match to look for.

    February 2, 2012 at 2:20 pm #96029
    bungle
    Member

    I can’t see any reason for it being there.

    Also you need to sanitize your get variables to prevent SQL injection

    so the line that reads

    $id = $_GET[“id”];

    needs to become

    $id = mysql_real_escape_string($_GET[“id”]);

    or you are leaving yourself wide open when $id gets used in a query.

    February 2, 2012 at 2:35 pm #96036
    bungle
    Member

    Is the whole site login only? Do you always have access to a session username?

    If so the login page needs to redirect on success to /profile/username

    and then you can just use the session username to fill variables with

    SELECT * from users WHERE username = $username

    If you have session variables always set then you don’t need to be passing the username or id back to the profile page, as they will be set in the session.

    February 2, 2012 at 2:44 pm #96042
    bungle
    Member

    OK well if you have a session you don’t need to be passing the id or username to the profile page as they are already stored in the session

    You can have mod rewrite turn profile/username into profile.php and then at the top of profile.php you can run

    $result = mysql_query(‘SELECT * from users WHERE username = “‘.$_SESSION.'”‘);
    $userinfo = mysql_fetch_array($result);

    to fill $userinfo with all your users details for use on your profile page. You don’t need to pass ?id= or ?username= to profile .php to achieve this, that’s what the session variables are for.

    February 2, 2012 at 3:10 pm #96045
    bungle
    Member

    ok i get what you are doing.

    So if you have profile.php?id=roger

    Then you need to do

    if (isset($_GET) && $_GET!==$_SESSION) {
    $user = mysql_real_escape_string($_GET);
    $result = ‘SELECT * from users where username = ‘”‘.$user.'”‘;
    if (mysql_num_rows($result)==0) {
    echo (‘invalid user’);
    exit;
    }
    }
    else {
    $result = ‘SELECT * from users where username = ‘”‘.$_SESSION.'”‘;
    }

    $profileinfo = mysql_fetch_array($result); //fill array with profile page info
    echo (‘Welcome to ‘.$profileinfo); // write out the profile page

    This will return a third party profile page if their username is passed, and the users own profile if no username is passed or their own is passed

    February 11, 2012 at 1:15 pm #96551
    bungle
    Member

    i am no .htaccess expert at all – i am the king of google when i need to dabble with that but i would have guessed you need something like

    RewriteRule ^profile.php?name=(.*) http://www.yoursite.com/$1

  • Author
    Posts
Viewing 6 posts - 16 through 21 (of 21 total)
1 2
  • The forum ‘Back End’ is closed to new topics and replies.