I have a PHP login/register system and it’s working fine. I also have a profile.php page which is used to show the currently logged in user’s informations. For now, I want to do this, if the user is logged in and goes to profile.php, they will see their own profile page with their informations, but if the user navigates to profile.php?id=2 page, they must see the profile whose ID is 2. It is almost done, but when I change the id?=2, only the ID changes. Any idea why is it not working?
profile.php CODE:
<?php
session_start();
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: /admin/index.php');
exit;
}
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'phplogin';
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if (mysqli_connect_errno()) {
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$stmt = $con->prepare('SELECT username, realname, password, email, second_email, sex, age, country, city, timestamp FROM accounts WHERE id = ?');
$stmt->bind_param('i', $_SESSION['id']);
$stmt->execute();
$stmt->bind_result($username, $realname, $password, $email, $second_email, $sex, $age, $country, $city, $timestamp);
$stmt->fetch();
$stmt->close();
if (isset($_GET['id']) && $_GET['id'] != "") {
$id = $_GET['id'];
} else {
$id = $_SESSION['user_id'];
}
$mysqli = $con;
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
## query database
# fetch data from mysql database
$sql = "SELECT * FROM accounts WHERE id = {$id} LIMIT 1";
if ($result = $mysqli->query($sql)) {
$user = $result->fetch_array();
} else {
echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
require_once($_SERVER['DOCUMENT_ROOT'].'/admin/includes/header.php');
if ($result->num_rows == 1) {
echo "
<section class='prfileMenu tabcontent' id='Profiles'>
<div class='profile_header'>
<span class='page_title'>Profile Page</span>
<hr class='page_title_hr'>
<div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>Basic Infos</div>
<div class='profile-datas-container'>
<table>
<tr>
<td>Username:</td>
<td id='profileUsername'>{$username}</td>
<td>
<a class='prov-delete-prof'>Delete</a>
<a class='edit-data'>Edit</a>
</td>
</tr>
<tr>
<td>User ID:</td>
<td>{$id}</td>
<td></td>
</tr>
<tr>
<td>Priority:</td>
<td id='priority'>unknow</td>
<td></td>
</tr>
<tr>
<td>Joined:</td>
<td>{$timestamp}</td>
<td></td>
</tr>
<tr>
<td>Status:</td>
<td><span class='prof-status'>active<span></td>
<td></td>
</tr>
</table>
</div>
</div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>General</div><br>
<div class='profile-datas-container'>
<table>
<tr>
<td>Real Name:</td>
<td>{$realname}</td>
<td></td>
</tr>
<tr>
<td>Email:</td>
<td>{$email}</td>
<td></td>
</tr>
<tr>
<td>Second Email:</td>
<td>".$second_email."</td>
<td></td>
</tr>
<tr>
<td>Age:</td>
<td>".$age."</td>
<td></td>
</tr>
<tr>
<td>Sex:</td>
<td>".$sex."</td>
<td></td>
</tr>
<tr>
<td>Country:</td>
<td>".$country."</td>
<td></td>
</tr>
<tr class='exception-border'>
<td>City:</td>
<td>".$city."</td>
<td></td>
</tr>
</table>
</div>
</div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>Security</div>
<div class='profile-datas-container'>
<table>
<tr>
<td>New Email:</td>
<td>Changes to this email address are delayed by 1 week.</td>
<td class='edit-data'>Get</td>
</tr>
<tr>
<td>New Password</td>
<td>unknown</td>
<td class='edit-data'>Get</td>
</tr>
<tr>
<td>New Passkey:</td>
<td>Unavailable</td>
<td class='edit-data'>Get</td>
</tr>
<tr>
<td>2FA:</td>
<td>Disabled</td>
<td></td>
</tr>
</table>
</div>
</div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>Advanced</div>
<div class='profile-datas-container'>
<table>
<tr>
<td>Activation Code:</td>
<td>6058bf4fa2c2a</td>
<td></td>
</tr>
<tr>
<td>Beta Program:</td>
<td>Disabled</td>
<td class='edit-data'>Enable</td>
</tr>
</table>
</div>
</div>
</section>
</main>
";
} else {
echo "
<section class='prfileMenu tabcontent' id='Profiles'>
<div class='profile_header'>
<span class='page_title'>Error: 404</span>
<hr class='page_title_hr'>
<div>
<div class='centered-tag'>
<h1 class='error-blank'>404</h1>
<p>Page not found</p>
<span>The page you're looking for may have been removed, renamed, or temporarily unavailable. </span>
<div class='forbidden-backto-button-container'>
<a>Back to Dashboard</a>
</div>
</div>
</div>
</div>
</section>
</main>
";
}
?>
<script src='/admin/includes/assets/js/adminrank.js'></script>
<script src='/admin/includes/assets/js/productivity_meter.js'></script>
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/admin/includes/footer.php'); ?>
Advertisement
Answer
You must bind $id to your query and check $_GET[“id”] exist before it
if (isset($_GET['id']) && $_GET['id'] != "") {
$id = $_GET['id'];
} else {
$id = $_SESSION['user_id'];
}
$stmt = $con->prepare('SELECT username, realname, password, email, second_email, sex, age, country, city, timestamp FROM accounts WHERE id = ?');
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->bind_result($username, $realname, $password, $email, $second_email, $sex, $age, $country, $city, $timestamp);
$stmt->fetch();
$stmt->close()
;