PHP Member Pages... Need major help...
-
I can't promise you'll like this answer, however - To use an analogy or a metaphor: When you've learned to run, I'll be happy to teach you how to do the hurdles. But if you're still getting the hand of walking, the idea of hurdles is somewhat ludicrous...
Well... Thats okay, I don't think I shall put it on the site right away, but I would've made sure I code finish the coding by myself, and test it until it works, then save the code for when the site has more activity. Thanks though. Also, I was wondering if it was okay to exchange emails through the site, so I could exchange with you, to let you know when I am ready for the help on this topic. Thanks.
-
Well... Thats okay, I don't think I shall put it on the site right away, but I would've made sure I code finish the coding by myself, and test it until it works, then save the code for when the site has more activity. Thanks though. Also, I was wondering if it was okay to exchange emails through the site, so I could exchange with you, to let you know when I am ready for the help on this topic. Thanks.
-
Okay... I've seemed to have used some common sense in putting this together... Now all I need is some help to finish it. The "memberlist" page shows fine... it's just the "profile" page... Here is the code for the part of the "memberlist" that will be used with the "profile" page... I want to know if I've done it practically right...
That is what I use to print out the table of members...
And here is the complete php for the "profile.php" page:
-
Okay... I've seemed to have used some common sense in putting this together... Now all I need is some help to finish it. The "memberlist" page shows fine... it's just the "profile" page... Here is the code for the part of the "memberlist" that will be used with the "profile" page... I want to know if I've done it practically right...
That is what I use to print out the table of members...
And here is the complete php for the "profile.php" page:
The error message is about the
<span style="font-size: 14pt; color: rgb(0, 0, 0);">bit on line 42 - since it is inside a double-quoted string, the double-quotes have to be escaped with backslashes:<span style=\"font-size: 14pt; color: rgb(0, 0, 0);\">
This kind of thing is dangerous though:
$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
I suggest you Google for "SQL injection".
-
The error message is about the
<span style="font-size: 14pt; color: rgb(0, 0, 0);">bit on line 42 - since it is inside a double-quoted string, the double-quotes have to be escaped with backslashes:<span style=\"font-size: 14pt; color: rgb(0, 0, 0);\">
This kind of thing is dangerous though:
$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
I suggest you Google for "SQL injection".
Well... Thanks on the first one, but the second one is supposed to be used with the "memberlist" page, to where when they click "visit" it will link them to the profile page of which will take the hidden input of the ".list[id]." which is the id number of the user they chose to visit, as the "'".$_GET['user']."'" so that on the profile page it will automatically "get the id" and print out only the information for that id. So the url will in turn turn out to be like this..... "profile.php?user=IDOFUSERTHEYCHOSETOVISIT" I need some help with that part of it... I don't know if where I put all the GETs if they should be POSTs... or any other implementation that would help me to get this to work. Thanks. EDIT: I also added the backslashes to all the "spans" and it now loads the page... but it doesn't print any of the information out... Please help... I would like the finished profile page to look like... This is what it does read... so I'm not that far into a hole I think... profile.php?username=USERNAMEOFCHOSENMEMBER&user=IDOFCHOSENMEMBER "profile.php?user=IDOFUSERTHEYCHOSETOVISIT"
modified on Saturday, January 23, 2010 10:40 AM
-
Well... Thanks on the first one, but the second one is supposed to be used with the "memberlist" page, to where when they click "visit" it will link them to the profile page of which will take the hidden input of the ".list[id]." which is the id number of the user they chose to visit, as the "'".$_GET['user']."'" so that on the profile page it will automatically "get the id" and print out only the information for that id. So the url will in turn turn out to be like this..... "profile.php?user=IDOFUSERTHEYCHOSETOVISIT" I need some help with that part of it... I don't know if where I put all the GETs if they should be POSTs... or any other implementation that would help me to get this to work. Thanks. EDIT: I also added the backslashes to all the "spans" and it now loads the page... but it doesn't print any of the information out... Please help... I would like the finished profile page to look like... This is what it does read... so I'm not that far into a hole I think... profile.php?username=USERNAMEOFCHOSENMEMBER&user=IDOFCHOSENMEMBER "profile.php?user=IDOFUSERTHEYCHOSETOVISIT"
modified on Saturday, January 23, 2010 10:40 AM
It's not printing anything because of this:
$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
$list = mysql_fetch_array( $list_memberinfo );
while($list = mysql_fetch_array( $list_memberinfo ))Presumably the id is unique, so the first (and only) record is retrieved with the first call to
mysql_fetch_array, then it gets called again for the while loop where the value you got first in$listis thrown away. Then the while condition will fail, because you've already got the one record out. Try changing it to this:$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
while($list = mysql_fetch_array( $list_memberinfo ))- or you could remove the "while" line instead, maybe replacing it with
if(!empty($list))
As for
$_POSTand$_GET- GET is the one you want for this. In the GET method, the parameters are passed in as part of the URI. In the POST method, the parameters are passed in the body of the request, and you would need to use a form to do that in HTML. Or you could use$_REQUESTinstead, which contains everything from POST and GET, and the cookies too. -
It's not printing anything because of this:
$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
$list = mysql_fetch_array( $list_memberinfo );
while($list = mysql_fetch_array( $list_memberinfo ))Presumably the id is unique, so the first (and only) record is retrieved with the first call to
mysql_fetch_array, then it gets called again for the while loop where the value you got first in$listis thrown away. Then the while condition will fail, because you've already got the one record out. Try changing it to this:$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
while($list = mysql_fetch_array( $list_memberinfo ))- or you could remove the "while" line instead, maybe replacing it with
if(!empty($list))
As for
$_POSTand$_GET- GET is the one you want for this. In the GET method, the parameters are passed in as part of the URI. In the POST method, the parameters are passed in the body of the request, and you would need to use a form to do that in HTML. Or you could use$_REQUESTinstead, which contains everything from POST and GET, and the cookies too.Okay thanks... I guess the first part was just a stupid mistake... even though it worked in the "memberlist" file..... But thanks, it now works. The "Edit Profile" page should include... Such like:
mysql_query("UPDATE `DBNAME`.`TABLE` SET VARIABLE = '$_POST[VARIABLE]'
WHERE username = '$SINGEDINUSERNAME' AND password = '$DIGNEDINUSER'SPASSWORD'");I believe, and then it would be edited to where the user can edit multiple profile fields of which would be displayed on their profile!! Thanks so much for your help. Also, how would I be able to make the "Profile" page not include the "username=" in the url... Also, I tried adding more profile fields to make it seem as though there was 4 tables, when there is actually 1... I tried making it print it all out, now I need help to get it fixed... here is the code:
-
Okay thanks... I guess the first part was just a stupid mistake... even though it worked in the "memberlist" file..... But thanks, it now works. The "Edit Profile" page should include... Such like:
mysql_query("UPDATE `DBNAME`.`TABLE` SET VARIABLE = '$_POST[VARIABLE]'
WHERE username = '$SINGEDINUSERNAME' AND password = '$DIGNEDINUSER'SPASSWORD'");I believe, and then it would be edited to where the user can edit multiple profile fields of which would be displayed on their profile!! Thanks so much for your help. Also, how would I be able to make the "Profile" page not include the "username=" in the url... Also, I tried adding more profile fields to make it seem as though there was 4 tables, when there is actually 1... I tried making it print it all out, now I need help to get it fixed... here is the code:
thebiostyle wrote:
Print "".$list['username']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Email</u></b></center></td><td><a href='mailto:".$list['email']."'>Send Message</a></td></tr><tr class="alt"><td class="alt"><center><b><u>Member Title</u></b></center></td><td><b>
".$list['title']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Country</u></b></center></td><td>".$list['country']."</td></tr><tr class="alt"><td class="alt"><center><b><u>Company</u></b></center></td><td><b>
".$list['company']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Website</u></b></center></td><td>".$list['www']."</td></tr><tr class="alt"><td class="alt"><center><b><u>Joined On: </u></b></center></td><td><b>
".$list['date']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Browser</u></b></center></td><td>".$list['browser']."</td></tr><br /><br /><br /><tr class="alt"><td class="alt"><center><b><u>About</u></b></center></td><td><b>
".$list['about']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Intrests</u></b></center></td><td>".$list['intrests']."</td></tr>";Graham gave you the solution earlier. You still have unescaped double quotes in your string,
<td class="alt">in particular.If at first you don't succeed, you're not Chuck Norris.
-
thebiostyle wrote:
Print "".$list['username']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Email</u></b></center></td><td><a href='mailto:".$list['email']."'>Send Message</a></td></tr><tr class="alt"><td class="alt"><center><b><u>Member Title</u></b></center></td><td><b>
".$list['title']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Country</u></b></center></td><td>".$list['country']."</td></tr><tr class="alt"><td class="alt"><center><b><u>Company</u></b></center></td><td><b>
".$list['company']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Website</u></b></center></td><td>".$list['www']."</td></tr><tr class="alt"><td class="alt"><center><b><u>Joined On: </u></b></center></td><td><b>
".$list['date']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Browser</u></b></center></td><td>".$list['browser']."</td></tr><br /><br /><br /><tr class="alt"><td class="alt"><center><b><u>About</u></b></center></td><td><b>
".$list['about']."</b></td><td bgcolor=\"#000000\" colspan=\"2\"></td><td class=\"alt\"><td class="alt"><center><b><u>Intrests</u></b></center></td><td>".$list['intrests']."</td></tr>";Graham gave you the solution earlier. You still have unescaped double quotes in your string,
<td class="alt">in particular.If at first you don't succeed, you're not Chuck Norris.
Okay... Thanks, it now shows the page and loads the information... But how do I fix the... "profile.php?username=USERNAMEOFCHOSENUSER&user=IDOFCHOSENUSER" to "profile.php?user=IDOFCHOSENUSER" THANKS! EDIT: There is something... "humorously fatal" on the profile page... The first two "columns in the first row"... Are turning "Background Color = limegreen, Font Color = red"... Here is the code:
<td bgcolor=\"#FF0000\" color=\"#000000\"><center><b><u>Username</u></b></center></td><td bgcolor=\"#FF0000\" color=\"#000000\"><b>';
Print "".$list['username']."</b></td>So obviously somethings wrong... I can take a screenshot and post a link to it if ya'd like... Thanks.
modified on Saturday, January 23, 2010 4:16 PM
-
Okay... Thanks, it now shows the page and loads the information... But how do I fix the... "profile.php?username=USERNAMEOFCHOSENUSER&user=IDOFCHOSENUSER" to "profile.php?user=IDOFCHOSENUSER" THANKS! EDIT: There is something... "humorously fatal" on the profile page... The first two "columns in the first row"... Are turning "Background Color = limegreen, Font Color = red"... Here is the code:
<td bgcolor=\"#FF0000\" color=\"#000000\"><center><b><u>Username</u></b></center></td><td bgcolor=\"#FF0000\" color=\"#000000\"><b>';
Print "".$list['username']."</b></td>So obviously somethings wrong... I can take a screenshot and post a link to it if ya'd like... Thanks.
modified on Saturday, January 23, 2010 4:16 PM
thebiostyle wrote:
Okay... Thanks, it now shows the page and loads the information... But how do I fix the... "profile.php?username=USERNAMEOFCHOSENUSER&user=IDOFCHOSENUSER" to "profile.php?user=IDOFCHOSENUSER"
You change the link, obviously. eg.
<a href="profile.php?username=USERNAMEOFCHOSENUSER&user=IDOFCHOSENUSER">Link</a>
Will be:
<a href="profile.php?user=IDOFCHOSENUSER">Link</a>
thebiostyle wrote:
<td bgcolor=\"#FF0000\" color=\"#000000\"><center><b><u>Username</u></b></center></td><td bgcolor=\"#FF0000\" color=\"#000000\"><b>';
Print "".$list['username']."</b></td>It's obviously not that line. Do you have any other styles affecting it i.e. from a Style Sheet?
If at first you don't succeed, you're not Chuck Norris.
-
thebiostyle wrote:
Okay... Thanks, it now shows the page and loads the information... But how do I fix the... "profile.php?username=USERNAMEOFCHOSENUSER&user=IDOFCHOSENUSER" to "profile.php?user=IDOFCHOSENUSER"
You change the link, obviously. eg.
<a href="profile.php?username=USERNAMEOFCHOSENUSER&user=IDOFCHOSENUSER">Link</a>
Will be:
<a href="profile.php?user=IDOFCHOSENUSER">Link</a>
thebiostyle wrote:
<td bgcolor=\"#FF0000\" color=\"#000000\"><center><b><u>Username</u></b></center></td><td bgcolor=\"#FF0000\" color=\"#000000\"><b>';
Print "".$list['username']."</b></td>It's obviously not that line. Do you have any other styles affecting it i.e. from a Style Sheet?
If at first you don't succeed, you're not Chuck Norris.
Well, when I took out that line it showed as BG=black FC=red, but I don't know, maybe you can find the mistake... Here is the code for "profile.php":
<?
include_once"CONFIGPAGE.php";$fetch_users_data = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE username='".$_REQUEST['username']."'"));
$fetch_users_id = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'"));
?>
<html>
<head>
<title>Members - Profile - <? echo "".$fetch_users_data->username.""; ?> ~ Bio-Designs</title><style type="text/css"> <!-- a {color: #000000; text-decoration: none;}a:link {color: #000000} a:visited {color: #000000} a:hover {color:#000000; width:7em} body{color: #FF0000} .dockmenu{ text-align: center; height: 50px; position: relative;}a.dockItem { text-align: center; color: #000;font-weight: bold; text-decoration: none; width: 50px; position: absolute; display: block; bottom: 0;}.dockItem img { border: none; margin: 0 auto 5px auto; width: 75%;}.dockItem span { display: none; positon: absolute;}.dockmenuContainer { height: 50px; left: 76px; position: absolute; top: 40px;}font {color: FF0000;}<!--BODY { scrollbar-arrow-color:#000000; scrollbar-track-color:#000000; scrollbar-shadow-color:#000000; scrollbar-face-color:#FF0000; scrollbar-highlight-color:#FF0000; scrollbar-darkshadow-color:#000000; scrollbar-3dlight-color:#FF0000; } table, td, th{border:0px 1px 0px 1px dashed #FF0000; padding:2px 2px 2px 2px;} td.alt {font-size:14pt; color: #000000;} tr.alt { background-color: #FF0000; color: #000000; border: 1px dotted red;}//-->
</style><link rel="icon" type="image/gif" href="http://i248.photobucket.com/albums/gg195/Bio-Gfx/thebiostylefavicon.gif">
</head>
<body bgcolor="#000000" onload="$_GET['user']">
<br /><div> <div style="text-align: center;"> <img src="http://www.thebiostyle.com/biologoblackv1.0.png" /><br /><br /><div align="center">
<span style=\"font-size: 24pt; color: rgb(255, 0, 0);\"><font size=\"20pt\" color=\"#FF0000\"><u><b>Profile</b></u></font></span><br /><br />
<table cellspacing="4" cellpadding="4" style=" border:1px dotted red;">
<?
$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
while($list = mysql_fetch_array( $list_memberinfo ))
{
Print '<tr class=\"alt\"><td class=\"alt -
Well, when I took out that line it showed as BG=black FC=red, but I don't know, maybe you can find the mistake... Here is the code for "profile.php":
<?
include_once"CONFIGPAGE.php";$fetch_users_data = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE username='".$_REQUEST['username']."'"));
$fetch_users_id = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'"));
?>
<html>
<head>
<title>Members - Profile - <? echo "".$fetch_users_data->username.""; ?> ~ Bio-Designs</title><style type="text/css"> <!-- a {color: #000000; text-decoration: none;}a:link {color: #000000} a:visited {color: #000000} a:hover {color:#000000; width:7em} body{color: #FF0000} .dockmenu{ text-align: center; height: 50px; position: relative;}a.dockItem { text-align: center; color: #000;font-weight: bold; text-decoration: none; width: 50px; position: absolute; display: block; bottom: 0;}.dockItem img { border: none; margin: 0 auto 5px auto; width: 75%;}.dockItem span { display: none; positon: absolute;}.dockmenuContainer { height: 50px; left: 76px; position: absolute; top: 40px;}font {color: FF0000;}<!--BODY { scrollbar-arrow-color:#000000; scrollbar-track-color:#000000; scrollbar-shadow-color:#000000; scrollbar-face-color:#FF0000; scrollbar-highlight-color:#FF0000; scrollbar-darkshadow-color:#000000; scrollbar-3dlight-color:#FF0000; } table, td, th{border:0px 1px 0px 1px dashed #FF0000; padding:2px 2px 2px 2px;} td.alt {font-size:14pt; color: #000000;} tr.alt { background-color: #FF0000; color: #000000; border: 1px dotted red;}//-->
</style><link rel="icon" type="image/gif" href="http://i248.photobucket.com/albums/gg195/Bio-Gfx/thebiostylefavicon.gif">
</head>
<body bgcolor="#000000" onload="$_GET['user']">
<br /><div> <div style="text-align: center;"> <img src="http://www.thebiostyle.com/biologoblackv1.0.png" /><br /><br /><div align="center">
<span style=\"font-size: 24pt; color: rgb(255, 0, 0);\"><font size=\"20pt\" color=\"#FF0000\"><u><b>Profile</b></u></font></span><br /><br />
<table cellspacing="4" cellpadding="4" style=" border:1px dotted red;">
<?
$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
while($list = mysql_fetch_array( $list_memberinfo ))
{
Print '<tr class=\"alt\"><td class=\"altthebiostyle wrote:
<form action='profile.php' method='GET'>
Do you know what the GET method of submitting a form actually does? Every input within the form, has their value displayed in the URL on the action page (the page the form is submited to). E.g.
<form action="submit.php" method="get">
<input type="hidden" name="fieldName" value="fieldValue" />
<input type="hidden" name="fieldName2" value="fieldValue2" />
</form>Would direct to
submit.php?fieldName=fieldValue&fieldName2=fieldValue2If at first you don't succeed, you're not Chuck Norris.
-
thebiostyle wrote:
<form action='profile.php' method='GET'>
Do you know what the GET method of submitting a form actually does? Every input within the form, has their value displayed in the URL on the action page (the page the form is submited to). E.g.
<form action="submit.php" method="get">
<input type="hidden" name="fieldName" value="fieldValue" />
<input type="hidden" name="fieldName2" value="fieldValue2" />
</form>Would direct to
submit.php?fieldName=fieldValue&fieldName2=fieldValue2If at first you don't succeed, you're not Chuck Norris.
-
Well, when I took out that line it showed as BG=black FC=red, but I don't know, maybe you can find the mistake... Here is the code for "profile.php":
<?
include_once"CONFIGPAGE.php";$fetch_users_data = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE username='".$_REQUEST['username']."'"));
$fetch_users_id = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'"));
?>
<html>
<head>
<title>Members - Profile - <? echo "".$fetch_users_data->username.""; ?> ~ Bio-Designs</title><style type="text/css"> <!-- a {color: #000000; text-decoration: none;}a:link {color: #000000} a:visited {color: #000000} a:hover {color:#000000; width:7em} body{color: #FF0000} .dockmenu{ text-align: center; height: 50px; position: relative;}a.dockItem { text-align: center; color: #000;font-weight: bold; text-decoration: none; width: 50px; position: absolute; display: block; bottom: 0;}.dockItem img { border: none; margin: 0 auto 5px auto; width: 75%;}.dockItem span { display: none; positon: absolute;}.dockmenuContainer { height: 50px; left: 76px; position: absolute; top: 40px;}font {color: FF0000;}<!--BODY { scrollbar-arrow-color:#000000; scrollbar-track-color:#000000; scrollbar-shadow-color:#000000; scrollbar-face-color:#FF0000; scrollbar-highlight-color:#FF0000; scrollbar-darkshadow-color:#000000; scrollbar-3dlight-color:#FF0000; } table, td, th{border:0px 1px 0px 1px dashed #FF0000; padding:2px 2px 2px 2px;} td.alt {font-size:14pt; color: #000000;} tr.alt { background-color: #FF0000; color: #000000; border: 1px dotted red;}//-->
</style><link rel="icon" type="image/gif" href="http://i248.photobucket.com/albums/gg195/Bio-Gfx/thebiostylefavicon.gif">
</head>
<body bgcolor="#000000" onload="$_GET['user']">
<br /><div> <div style="text-align: center;"> <img src="http://www.thebiostyle.com/biologoblackv1.0.png" /><br /><br /><div align="center">
<span style=\"font-size: 24pt; color: rgb(255, 0, 0);\"><font size=\"20pt\" color=\"#FF0000\"><u><b>Profile</b></u></font></span><br /><br />
<table cellspacing="4" cellpadding="4" style=" border:1px dotted red;">
<?
$list_memberinfo = mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'");
while($list = mysql_fetch_array( $list_memberinfo ))
{
Print '<tr class=\"alt\"><td class=\"altBefore you continue, I suggest you tidy up your code and get into some good practices.
thebiostyle wrote:
include_once"CONFIGPAGE.php";
Encapsulate the target file in brackets:
include_once('CONFIGPAGE.php');. And use single quotes, as it is quicker.thebiostyle wrote:
$fetch_users_data = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE username='".$_REQUEST['username']."'"));
$fetch_users_id = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'"));You need to check first whether or not 'user' and 'username' are set. If they aren't then it will throw errors.
$username = isset( $_REQUEST['username'] ) ? $_REQUEST['username'] : '';
$user = isset( $_GET['user'] ) ? $_GET['user'] : '';You seriously need to sanitise your data inputs to protect from SQL injection attacks. Use the mysql_real_escape_string[^] function.
$username = mysql_real_escape_string( $username );
$user = mysql_real_escape_string( $user );Then use those sanitized values as your SQL inputs.
thebiostyle wrote:
echo "".$fetch_users_data->username."";
There is no need for the
""around the value. It will work just fine without it:echo $fetch_users_data->username;thebiostyle wrote:
There is no need to have an onload attribute, with
$_GET['user']. It is also bad practice to use bgcolor. Use the style attribute instead, or better still use CSS classes.thebiostyle wrote:
</div>
</table>From what I can see you haven't opened a div; therefore there is no need to close one. Note that you should also have a DOCTYPE which you should work from. http://www.w3schools.com/tags/tag_DOCTYPE.asp[^]
If at first you don't succeed, you're not Chuck Norris.
-
Yes, I know that, but in an earlier post, it said that I was right to use the "GET" method. Also, Did you find anything out about the "color" issue...?
thebiostyle wrote:
Yes, I know that, but in an earlier post, it said that I was right to use the "GET" method.
thebiostyle wrote:
Okay... Thanks, it now shows the page and loads the information... But how do I fix the... "profile.php?username=USERNAMEOFCHOSENUSER&user=IDOFCHOSENUSER" to "profile.php?user=IDOFCHOSENUSER"
ALL the inputs in your form are sent to the URL, if you don't want them in the URL then don't have them in the form!
If at first you don't succeed, you're not Chuck Norris.
-
Before you continue, I suggest you tidy up your code and get into some good practices.
thebiostyle wrote:
include_once"CONFIGPAGE.php";
Encapsulate the target file in brackets:
include_once('CONFIGPAGE.php');. And use single quotes, as it is quicker.thebiostyle wrote:
$fetch_users_data = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE username='".$_REQUEST['username']."'"));
$fetch_users_id = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'"));You need to check first whether or not 'user' and 'username' are set. If they aren't then it will throw errors.
$username = isset( $_REQUEST['username'] ) ? $_REQUEST['username'] : '';
$user = isset( $_GET['user'] ) ? $_GET['user'] : '';You seriously need to sanitise your data inputs to protect from SQL injection attacks. Use the mysql_real_escape_string[^] function.
$username = mysql_real_escape_string( $username );
$user = mysql_real_escape_string( $user );Then use those sanitized values as your SQL inputs.
thebiostyle wrote:
echo "".$fetch_users_data->username."";
There is no need for the
""around the value. It will work just fine without it:echo $fetch_users_data->username;thebiostyle wrote:
There is no need to have an onload attribute, with
$_GET['user']. It is also bad practice to use bgcolor. Use the style attribute instead, or better still use CSS classes.thebiostyle wrote:
</div>
</table>From what I can see you haven't opened a div; therefore there is no need to close one. Note that you should also have a DOCTYPE which you should work from. http://www.w3schools.com/tags/tag_DOCTYPE.asp[^]
If at first you don't succeed, you're not Chuck Norris.
Okay, everything is fixed, except the color issue... With the DOCTYPE, I think it fixed the colors, but now they're BG=black and FC=red, when they need to be BG=red and FC=black..... BTW, the whole site is filled with errors, but it works for me, lol so it's okay. Though with the site being used for web design and computer graphic design, I will make sure not to include errors in any other page. Thanks!
-
Okay, everything is fixed, except the color issue... With the DOCTYPE, I think it fixed the colors, but now they're BG=black and FC=red, when they need to be BG=red and FC=black..... BTW, the whole site is filled with errors, but it works for me, lol so it's okay. Though with the site being used for web design and computer graphic design, I will make sure not to include errors in any other page. Thanks!
-
I'd really recommend removing all the
bgcolor=stuff (and thespan,center,b,utags)and putting it into the style sheet. You can apply multiple classes to an element if you want to, you just need to separate them with spaces, like this:<td class="alt dark">some stuff</td>
Where "dark" is your new class specifying the correct background and font colours:
td.dark {
background-color: #FF0000;
color: #000000;
font-size: 16pt;
text-align: center;
font-weight: bold;
text-decoration: underline
}If you move all the style information into the style sheet it becomes a lot easier to spot problems in the PHP and HTML.
-
I'd really recommend removing all the
bgcolor=stuff (and thespan,center,b,utags)and putting it into the style sheet. You can apply multiple classes to an element if you want to, you just need to separate them with spaces, like this:<td class="alt dark">some stuff</td>
Where "dark" is your new class specifying the correct background and font colours:
td.dark {
background-color: #FF0000;
color: #000000;
font-size: 16pt;
text-align: center;
font-weight: bold;
text-decoration: underline
}If you move all the style information into the style sheet it becomes a lot easier to spot problems in the PHP and HTML.
