Public User Profile Page

Question

I am trying to incorporate a public profile page for my website. Basically I have the database all setup and editprofile and stuff. Its all working 100% properly including changing your picture.

What I want to do is make this file "profile.php" make it so that if you goto a link like this for example.

http://local.com/profile.php?id=8

It will bring you to the user with the userid 8 and show the information.

I'm thinking that I could just make it SELECT * FROM users WHERE id='$userid'.

I use the $id for the userid of the person viewing the page but I have to make $userid a variable that holds the id of whatever profile you're viewing.

Next I could do something like this

$id=$_SESSION['id'];
$result3 = mysql_query("SELECT * FROM users where id='$userid'");
while($row3 = mysql_fetch_array($result3))
{ 
$username=$row3['username'];
$email=$row3['email'];
$firstname=$row3['firstname'];
$lastname=$row3['lastname'];
}

I guess my question is how would I make it so $userid is equal to whatever profile you're viewing and make it so the link profile.php?userid=8 would bring you to user 8.

Anyone got ideas? :)

Answer 1

$_GET['$variable']; use this method to fetch data from URL bar. And if you are using post method in your form so then use $_POST['$variable'];

Answer 2

The shortest answer is

$userid = mysql_real_escape_string($_GET['id']);
$result3 = mysql_query(....);
//....

The longer version of answer is that, you shouldn't use mysql_query because it is deprecated and will be removed at the newer version. You can move to PDO or mysqli. Let say that you want to stick with legacy function mysql_*, you need to use mysql_real_escape_string to protect yourself from SQL Injection. However, inproper use of mysql_real_escape_string will cause you to invulnerable to the injection.