Getting values from across pages? 1

[rahulpatel]

I'm making a membership site where none logged in users can view members details but obviously can't update them. I've basically try using the 'Beginning PHP' example by Wrox. It does all but one thing. My members are updated on the main page when another user registers. When I click the member link it is supposed to pull the details from the database according to which link I clicked on the first page. However, all I get is the first member in the list.

<?php
require('config.php');

$conn = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS)
  or die('Could not connect to MySQL database. ' . mysql_error());
mysql_select_db(SQL_DB, $conn);


?>
<html>
<head>
<title>My Title</title>
</head>
<body>

<?php
$sql = "SELECT username " .
       "FROM user_info";

$result = mysql_query($sql) 
  or die(mysql_error());
if (mysql_num_rows($result) > 0) {
  $table = "<table border=\"0\" cellpadding=\"5\">";
  $table .= "<tr bgcolor=\"#FFCCCC\"><th>";
  $table .= "<a href=\"" . $_SERVER['PHP_SELF'] . "?o=1\">Member</a>";
  $table .= "</th></tr>";

  // build each table row
  $bg = '';
  while ($row = mysql_fetch_array($result)) {
   $bg = ($bg=='F2F2FF'?'E2E2F2':'F2F2FF');
    $table .= "<tr bgcolor=\"#" . $bg . "\">" .
              "<td><a href=\"charedit.php?c=" . $row['username'] . "\">" .
              $row['username']. "</a></td></tr>";
  }

}
echo $table;
?>
<br />
</body>
</html>

Page which should receive and include the info

<?php
require('config.php');

if (!isset($_GET['c']) || $_GET['c'] == '' || !is_numeric($_GET['c'])) {

  $char='0';
} else {
 $char = $_GET['c'];
}

$conn = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS)
  or die('Could not connect to MySQL database. ' . mysql_error());
mysql_select_db(SQL_DB, $conn);

$sql = "SELECT * FROM user_info WHERE username = $char";
$result = mysql_query($sql) 
  or die(mysql_error());

$row = mysql_fetch_array($result);

?>
</p>
<table width="322" border="0">
  <tr>
    <td width="158"><strong>First Name: </strong></td>
    <td width="102"><?php echo $row['first_name']; ?></td>
  </tr>
  <tr>
    <td><strong>Last Name: </strong></td>
    <td><?php echo $row['last_name']; ?></td>
  </tr>
  <tr>
    <td><strong>City: </strong></td>
    <td><?php echo $row['city']; ?></td>
  </tr>
  <tr>
    <td><strong>State: </strong></td>
    <td><?php echo $row['state']; ?></td>
  </tr>
  <tr>
    <td><strong>Email: </strong></td>
    <td><?php echo $row['email']; ?></td>
  </tr>
  <tr>
    <td><strong>Hobbies/Interests: </strong></td>
    <td><?php echo $row['hobbies']; ?></td>
  </tr>
  <tr>
    <td><strong>Tryout:</strong></td>
    <td><?php echo $row['tryout']; ?></td>
  </tr>
  <tr>
    <td valign="top"><strong>About: </strong></td>
    <td><?php echo $row['about'];?></td>
  </tr>
 
</table>
</body>
</html>

Any pointers would be gratefully taken onboard.

TIA.

 

[feherke]

Hi

If it is username then why do you check it with [tt]!is_numeric($_GET['c'])[/tt]. Are your usernames just numbers like the stupid ICQ identifiers ? If not, remove that part of the conditional expression :

[gray]// ...[/gray]
if (!isset($_GET['c']) || $_GET['c'] == '') {
  $char='0';
} else {
  $char = $_GET['c'];
}
[gray]// ...[/gray]

Feherke.

http://rootshell.be/~feherke/

 

[jpadie]

your code will only work for numeric usernames. is this intended?

 

[rahulpatel]

The code was cut and pasted from an example where 'id' was a numerical field. I'll try adding a numerical field and see if I can do it that way.

Feherke, when I paste your code I get this displayed on the page..

Unknown column 'rahulpatel' in 'where clause'

where rahulpatel is the user name I registered with.

I can't see anything wrong with the SQLs.

Any further ideas?

 

[feherke]

Hi

Yep, if you changed from numeric to string, then you need to change the SQL query too :

$sql = "SELECT * FROM user_info WHERE username = [red]'[/red]$char[red]'[/red]";

[gray]// or better[/gray]

$sql = "SELECT * FROM user_info WHERE username = [red]'".mysql_real_escape_string([/red]$char[red])."'"[/red];

Feherke.

http://rootshell.be/~feherke/

 

[jpadie]

it's more than what feherke pointed out to you above. the key problem you face is this line

if (!isset($_GET['c']) || $_GET['c'] == '' || !is_numeric($_GET['c'])) {

this is saying that if the incoming value is not a number, it should basically be ignored.

change the code to this

if (  empty($_GET['c']) {
  $char = "";
} else {
 $char = mysql_escape_string (trim($_GET['c']));
}

and, as Feherke pointed out, remember to enquote your variables in the where clause.

 

[rahulpatel]

OK, I think I'm understanding what's needed. I did manage to get it to run properly using a numerical 'id' field. I have two questions regarding this though.

1. Is there a preferred method of passing the information? Would it be better using a username or a numerical id field?

2. It wouldn't work at first using the numerical id field. It only gave me two usernames, neither matched up with the link I clicked in the first page. As soon as I changed

$sql = "SELECT * FROM user_info WHERE username = [COLOR=red]![/color red]$char";
$result = mysql_query($sql) 
  or die(mysql_error());

to this

$sql = "SELECT * FROM user_info WHERE username = $char";
$result = mysql_query($sql) 
  or die(mysql_error());

it worked. What's the ! there for? (I know it wasn't in my original code but it was in the code on my pc)

 

[feherke]

Hi

1. Is there a preferred method of passing the information? Would it be better using a username or a numerical id field?

Personally I think that unique identifiers are for uniquely identifying. So I would use them.

What's the ! there for?

As you already found out, is just to mess up the query. I would expect to receive syntax error from MySQL for that.

Feherke.

http://rootshell.be/~feherke/

 

[rahulpatel]

feherke, thanks for all your input.