DJ_CARO Posted July 28, 2010 Share Posted July 28, 2010 First of All hello to all I have done registration login script and when I starting to making the users profiles, I have problem in the $_GET function well this is the code <?php $getid = $_GET['id']; if (!$getid) $getid = "1"; require('scripts/connect.php'); $query = mysql_query("SELECT * FROM users WHERE id='$getid'"); mysql_real_escape_string; $numrows = mysql_num_rows($query); if ($numrows == 1){ $row = mysql_fetch_assoc($query); $id = $row['id']; $firstname = $row['first_name']; $lastname = $row['last_name']; $user = $row['username']; $avatar = $row['avatar']; $city = $row['city']; echo "<div id='profile'> <div id='leftside'> <a href='profile.php?$user'><img src='avatars/$avatar' width='100px' height='100px' border='0'</a></img><br /><a href='profile.php?$user'>$firstname $lastname <br />($user)<br /></a>$city <br /></div>"; } else echo " You have to contact administrator"; ?> When I login as user id 1 then it display all right but when I go and login as another user it display the first users piture, name, surname & city can someone tell me what the problem is ? I know is this if (!$getid) $getid = "1"; but why is this happen If someone tell me or point to the right direction I would be thank full Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 28, 2010 Share Posted July 28, 2010 Simple. If the GET value is not set, you are hard-coding it to "1" if (!$getid) $getid = "1"; So, I wouold say the GET value is not ever set and the page is always defaulting to 1. And, doing that, is bad from a security point of view. If you don't know who the user is, you should never assume who they are. When you access that page do you see 'id=n' as paramters in the URL? If not, you need to look at the URL the user is selecting to access this page and ensure it is included. Quote Link to comment Share on other sites More sharing options...
DJ_CARO Posted July 28, 2010 Author Share Posted July 28, 2010 Simple. If the GET value is not set, you are hard-coding it to "1" if (!$getid) $getid = "1"; So, I wouold say the GET value is not ever set and the page is always defaulting to 1. And, doing that, is bad from a security point of view. If you don't know who the user is, you should never assume who they are. When you access that page do you see 'id=n' as paramters in the URL? If not, you need to look at the URL the user is selecting to access this page and ensure it is included. Yea men I am stupid :/ I forget to put the "?id=$userid" after the url Thanks again it working now ) and for security reasons I have deleted the if (!$getid) $getid = "1";[/php Quote Link to comment Share on other sites More sharing options...
DJ_CARO Posted July 30, 2010 Author Share Posted July 30, 2010 I have done the profile page however I had another problem as you see on the community sites if the user login it has it own picture name city in the index page I have done quiet the same thing but when I am login it dont detect the user id , please chceck it out the website is http://www.imprezkamaxxx.eu/polish_site/index.php Login : test password : test Thank you for any help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.