CODEWITHSUNDEEP
php
Eugene Stamp
Eugene Stamp

Reputation: 158

PHP files for users

I'm trying to understand a concept that I've been trying to learn the last couple days;

I see many social networks using the user's id in the url after the file (Example: "Socialnetwork.php?id=123") to navigate to a certain user.

I want to make profile.php do the same thing instead of directing me to my homepage everytime.

QUESTION: How can I use the user's id in my database to read out unique profile data for them in a single file? - Furthermore, what should I add to my register_config.php file to allow this?

    <?php

//REQUIRING PASS API CONFIG
require 'password_config.php';
require 'connect.php';
    //VARIABLES FOR POST DATA               //OTHER VARIABLES
    $email = $_POST['register_email'];  
    $username = $_POST['register_username'];        $userlen = strlen($username);
    $password = $_POST['register_password'];        $passlen = strlen($password);
    $submit = $_POST['register_submit'];            $hash_password = password_hash($password,PASSWORD_BCRYPT);

    $query = "SELECT email FROM users WHERE email = '$email'";
    $query2 = mysql_query($query);
    $num_rows_email = mysql_num_rows($query2); 

    $query3 = "SELECT username FROM users WHERE username = '$username'";
    $query4 = mysql_query($query3);
    $num_rows_username = mysql_num_rows($query4);


if(isset($submit))
{
    $errors = array();

    if( $password == $username )
    {
        $errors[] = '-Same Username and Pass. ';
    }
    elseif( $userlen < 8 )
    {
        $errors[] = '-Username must be atleast 8 characters. ';
    }  
    elseif( $userlen > 32 )
    {
        $errors[] = '-Username must only contain 32 characters. ';
    }
    elseif( empty($username) || empty($password) || empty($email) )
    {
        $errors[] = '-Please do not leave fields empty. ';
    }
    elseif( $passlen < 8 )
    {
        $errors[] = '-Password must be atleast 8 characters. ';
    }  
    elseif( $passlen > 32 )
    {
        $errors[] = '-Password must only contain 32 characters. ';
    }
    elseif( $num_rows_email != 0 )
    {
        $errors[] = 'Email already exists';
    }
    elseif( $num_rows_username != 0 )
    {
        $errors[] = 'Username already exists';
    }

    //IF THERE ARE NO ERRORS
    if (count($errors) == 0)
    {
        session_start();
        $_SESSION['username'] = $username;
        $insertUser = "INSERT INTO users (email, username, password) VALUES ('$email','$username','$hash_password')";
        mysql_query($insertUser);

           //trying things I have found, but didnt work
           $getUID = "SELECT id FROM users WHERE email = '$email'";
           $results = mysql_query($getUID);
        while($row = mysql_fetch_array($results)){
        $uid = $row['id'];
        if(!file_exists("user/$uid")){mkdir("user/$uid", 0755);}
        }

        mail($email,'Welcome','Welcome to the site');
        header('Location: ../new_account.php');
        exit();
    }
}
?>

NOTE: -I KNOW I DID NOT CLEAN POST DATA.

PROFILE.PHP CODE:

    <?php
session_start();
require 'include/connect.php';
if(!$_SESSION['key']){die('no key');}
$sql = "SELECT * FROM users WHERE id = '$uid'";
$query = mysql_query($sql);
while($row = mysql_fetch_array($query)){
$user = $row['username'];
}
?>
<html>
   <head>
      <title>Profile</title>
      <link href='css/main.css' rel='stylesheet' />
   </head>
<body>
<div id='container'>
      <?php require 'include/header.php'; ?>
      <?= 'NJM ID # ==>'.$_SESSION['uid'].'<br />'.'Username ==>'.$user; ?>

      <br />
   <p>Try our beta mode<a href='forum/forum.php'> forum</a></p>
      <br />
   <p><a href='find_friends.php'>Find Friends</a></p>   
      <br />
   <p><a href='index.php'>Home</a></p>
   <?php require 'include/footer.php'; ?>
   </div>
</div>
</body>
</html>

Upvotes: 0

Views: 25

Answers (1)

Daniel Waghorn
Daniel Waghorn

Reputation: 2985

The parts of the URL you refer to are known as GET parameters. You can access them in PHP via $_GET.

For example the URL you specified has an id parameter, so in PHP you could get the value of this with $_GET['id'].

In your situation if you wanted to load a user's information via their ID you would take the value from $_GET['id'] and assign it to a variable e.g. $id.

Then in the WHERE clause of your database query you would specify something like WHERE id = $id to make use of this.

This technique assumes that you have an ID as a primary key or similar that you can reference in your users table.

Please note GET parameters are especially susceptible to SQL injection since it's easy to supply values into them. You must sanitise and validate all input. Ideally you might want to look into using PDO and prepared statements to bind any inputs into queries to prevent SQL injections.

Upvotes: 1

Related Questions