PHP files for users -


i'm trying understand concept i've been trying learn last couple days;

i see many social networks using user's id in url after file (example: "socialnetwork.php?id=123") navigate user.

i want make profile.php same thing instead of directing me homepage everytime.

question: how can use user's id in database read out unique profile data them in single file? - furthermore, should add register_config.php file allow this?

    <?php  //requiring pass api config require 'password_config.php'; require 'connect.php';     //variables post data               //other variables     $email = $_post['register_email'];       $username = $_post['register_username'];        $userlen = strlen($username);     $password = $_post['register_password'];        $passlen = strlen($password);     $submit = $_post['register_submit'];            $hash_password = password_hash($password,password_bcrypt);      $query = "select email users email = '$email'";     $query2 = mysql_query($query);     $num_rows_email = mysql_num_rows($query2);       $query3 = "select username users username = '$username'";     $query4 = mysql_query($query3);     $num_rows_username = mysql_num_rows($query4);   if(isset($submit)) {     $errors = array();      if( $password == $username )     {         $errors[] = '-same username , pass. ';     }     elseif( $userlen < 8 )     {         $errors[] = '-username must atleast 8 characters. ';     }       elseif( $userlen > 32 )     {         $errors[] = '-username must contain 32 characters. ';     }     elseif( empty($username) || empty($password) || empty($email) )     {         $errors[] = '-please not leave fields empty. ';     }     elseif( $passlen < 8 )     {         $errors[] = '-password must atleast 8 characters. ';     }       elseif( $passlen > 32 )     {         $errors[] = '-password must contain 32 characters. ';     }     elseif( $num_rows_email != 0 )     {         $errors[] = 'email exists';     }     elseif( $num_rows_username != 0 )     {         $errors[] = 'username exists';     }      //if there no errors     if (count($errors) == 0)     {         session_start();         $_session['username'] = $username;         $insertuser = "insert users (email, username, password) values ('$email','$username','$hash_password')";         mysql_query($insertuser);             //trying things have found, didnt work            $getuid = "select id users email = '$email'";            $results = mysql_query($getuid);         while($row = mysql_fetch_array($results)){         $uid = $row['id'];         if(!file_exists("user/$uid")){mkdir("user/$uid", 0755);}         }          mail($email,'welcome','welcome site');         header('location: ../new_account.php');         exit();     } } ?> 

note: -i know did not clean post data.

profile.php code:

    <?php session_start(); require 'include/connect.php'; if(!$_session['key']){die('no key');} $sql = "select * users id = '$uid'"; $query = mysql_query($sql); while($row = mysql_fetch_array($query)){ $user = $row['username']; } ?> <html>    <head>       <title>profile</title>       <link href='css/main.css' rel='stylesheet' />    </head> <body> <div id='container'>       <?php require 'include/header.php'; ?>       <?= 'njm id # ==>'.$_session['uid'].'<br />'.'username ==>'.$user; ?>        <br />    <p>try our beta mode<a href='forum/forum.php'> forum</a></p>       <br />    <p><a href='find_friends.php'>find friends</a></p>          <br />    <p><a href='index.php'>home</a></p>    <?php require 'include/footer.php'; ?>    </div> </div> </body> </html> 

the parts of url refer known get parameters. can access them in php via $_get.

for example url specified has id parameter, in php value of $_get['id'].

in situation if wanted load user's information via id take value $_get['id'] , assign variable e.g. $id.

then in where clause of database query specify where id = $id make use of this.

this technique assumes have id primary key or similar can reference in users table.

please note get parameters susceptible sql injection since it's easy supply values them. must sanitise , validate input. ideally might want using pdo , prepared statements bind inputs queries prevent sql injections.


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -