I have a PHP login/register system and it’s working fine. I also have a profile.php
page which is used to show the currently logged in user’s informations. For now, I want to do this, if the user is logged in and goes to profile.php
, they will see their own profile page with their informations, but if the user navigates to profile.php?id=2
page, they must see the profile whose ID is 2. It is almost done, but when I change the id?=2
, only the ID
changes. Any idea why is it not working?
profile.php
CODE:
<?php session_start(); // If the user is not logged in redirect to the login page... if (!isset($_SESSION['loggedin'])) { header('Location: /admin/index.php'); exit; } $DATABASE_HOST = 'localhost'; $DATABASE_USER = 'root'; $DATABASE_PASS = ''; $DATABASE_NAME = 'phplogin'; $con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME); if (mysqli_connect_errno()) { exit('Failed to connect to MySQL: ' . mysqli_connect_error()); } $stmt = $con->prepare('SELECT username, realname, password, email, second_email, sex, age, country, city, timestamp FROM accounts WHERE id = ?'); $stmt->bind_param('i', $_SESSION['id']); $stmt->execute(); $stmt->bind_result($username, $realname, $password, $email, $second_email, $sex, $age, $country, $city, $timestamp); $stmt->fetch(); $stmt->close(); if (isset($_GET['id']) && $_GET['id'] != "") { $id = $_GET['id']; } else { $id = $_SESSION['user_id']; } $mysqli = $con; if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } ## query database # fetch data from mysql database $sql = "SELECT * FROM accounts WHERE id = {$id} LIMIT 1"; if ($result = $mysqli->query($sql)) { $user = $result->fetch_array(); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } require_once($_SERVER['DOCUMENT_ROOT'].'/admin/includes/header.php'); if ($result->num_rows == 1) { echo " <section class='prfileMenu tabcontent' id='Profiles'> <div class='profile_header'> <span class='page_title'>Profile Page</span> <hr class='page_title_hr'> <div> <div class='profile-container-wrapper'> <div class='prof-datas-title'>Basic Infos</div> <div class='profile-datas-container'> <table> <tr> <td>Username:</td> <td id='profileUsername'>{$username}</td> <td> <a class='prov-delete-prof'>Delete</a> <a class='edit-data'>Edit</a> </td> </tr> <tr> <td>User ID:</td> <td>{$id}</td> <td></td> </tr> <tr> <td>Priority:</td> <td id='priority'>unknow</td> <td></td> </tr> <tr> <td>Joined:</td> <td>{$timestamp}</td> <td></td> </tr> <tr> <td>Status:</td> <td><span class='prof-status'>active<span></td> <td></td> </tr> </table> </div> </div> <div class='profile-container-wrapper'> <div class='prof-datas-title'>General</div><br> <div class='profile-datas-container'> <table> <tr> <td>Real Name:</td> <td>{$realname}</td> <td></td> </tr> <tr> <td>Email:</td> <td>{$email}</td> <td></td> </tr> <tr> <td>Second Email:</td> <td>".$second_email."</td> <td></td> </tr> <tr> <td>Age:</td> <td>".$age."</td> <td></td> </tr> <tr> <td>Sex:</td> <td>".$sex."</td> <td></td> </tr> <tr> <td>Country:</td> <td>".$country."</td> <td></td> </tr> <tr class='exception-border'> <td>City:</td> <td>".$city."</td> <td></td> </tr> </table> </div> </div> <div class='profile-container-wrapper'> <div class='prof-datas-title'>Security</div> <div class='profile-datas-container'> <table> <tr> <td>New Email:</td> <td>Changes to this email address are delayed by 1 week.</td> <td class='edit-data'>Get</td> </tr> <tr> <td>New Password</td> <td>unknown</td> <td class='edit-data'>Get</td> </tr> <tr> <td>New Passkey:</td> <td>Unavailable</td> <td class='edit-data'>Get</td> </tr> <tr> <td>2FA:</td> <td>Disabled</td> <td></td> </tr> </table> </div> </div> <div class='profile-container-wrapper'> <div class='prof-datas-title'>Advanced</div> <div class='profile-datas-container'> <table> <tr> <td>Activation Code:</td> <td>6058bf4fa2c2a</td> <td></td> </tr> <tr> <td>Beta Program:</td> <td>Disabled</td> <td class='edit-data'>Enable</td> </tr> </table> </div> </div> </section> </main> "; } else { echo " <section class='prfileMenu tabcontent' id='Profiles'> <div class='profile_header'> <span class='page_title'>Error: 404</span> <hr class='page_title_hr'> <div> <div class='centered-tag'> <h1 class='error-blank'>404</h1> <p>Page not found</p> <span>The page you're looking for may have been removed, renamed, or temporarily unavailable. </span> <div class='forbidden-backto-button-container'> <a>Back to Dashboard</a> </div> </div> </div> </div> </section> </main> "; } ?> <script src='/admin/includes/assets/js/adminrank.js'></script> <script src='/admin/includes/assets/js/productivity_meter.js'></script> <?php require_once($_SERVER['DOCUMENT_ROOT'].'/admin/includes/footer.php'); ?>
Advertisement
Answer
You must bind $id to your query and check $_GET[“id”] exist before it
if (isset($_GET['id']) && $_GET['id'] != "") { $id = $_GET['id']; } else { $id = $_SESSION['user_id']; } $stmt = $con->prepare('SELECT username, realname, password, email, second_email, sex, age, country, city, timestamp FROM accounts WHERE id = ?'); $stmt->bind_param('i', $id); $stmt->execute(); $stmt->bind_result($username, $realname, $password, $email, $second_email, $sex, $age, $country, $city, $timestamp); $stmt->fetch(); $stmt->close()
;