0

I am using PHP header redirect to redirect users from account/?id=$id to user/$username

Successfully it takes for instance account/?id=1 to user/samuel as long as the user exists. Now, this page user/samuel is quite empty ( 404 ).

How do I make it return the user data in the user/samuel using something like isset($_GET[]) manual? in addition of course to adding MYSQL query to retrieve data for the user which has username extracted from the URL, and get their data from database table. and I will be placing all the code in user/index.php

As long as I could make account/?id=$id get the $id from URL ( parameter ) and do other db stuff I think it is also possible to get $username from the URL.. even though user/?username could do it but I don't want to include an ? in the URL..

Any thoughts?

Coding Enthusiast
  • 3,865
  • 1
  • 27
  • 50
Ismail
  • 725
  • 8
  • 23

2 Answers2

3

This is a pretty broad topic, what you need to do is parse the url - IE break it into parts and then match the url to a set of actions. This is commonly known as routing.

A naive implementation would be a:

$parts = explode($_SERVER['REQUEST_URI'], '/');

if ( $parts[-2] === 'user' && $parts[-1] ) {
   $stmt = $pdo->prepare("SELECT * FROM 'users' WHERE username = ? OR id = ?");
   $result = $stmt->execute(array($parts[-1], array($parts[-1]));
   // ... do something if the user is found or not.
}

But this would fail if the url contains query parameters (?foo=bar) or a hash (#foo).

Instead you can use parse_url to make sure you only use the path.

$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$parts = null;

// Match the url with a regular expression.
preg_match(/^\/user\/(\w*)$/, $path, $parts);

if ( count($parts) == 2 ) {
   $stmt = $pdo->prepare("SELECT * FROM 'users' WHERE username = ? OR id = ?");
   $result = $stmt->execute(array($parts[-1], array($parts[-1]));
   // ... do something if the user is found or not.
}

But in the end you might want consider using a micro framework such as Silex, Slim or using the Routing component from Symfony2 so that you can concentrate on building your application rather than reinventing the wheel.

max
  • 96,212
  • 14
  • 104
  • 165
  • Also not that I use [prepared statements](http://php.net/manual/en/pdo.prepare.php), extremely important if you are using user input in a database query. – max May 26 '15 at 16:21
1

It might be better if you use Url Rewriting (aka friendly urls)

You can see this link which answers this same question, although your case is a little bit different. Apache friendly urls

Since you can't convert $id to $username (both are different values) I would recommend to change the link to 'user/ID' instead of 'user/USERNAME'.

Community
  • 1
  • 1
Eric Martinez
  • 31,277
  • 9
  • 92
  • 91
  • Thanks for your input. Actually I tried rewriting first, but it did not success as I was trying to redirect for instance user/index.php?id=1 to user/samuel ( I can not find a dynamic way to do that, because you know user IDs and usernames vary ) it does redirecting but only for users you provide IDs and usernames and I couldn't include PHP in htaccess.. so, I thought it would be better doing it with PHP and Mysql. Thank you Eric :) – Ismail May 26 '15 at 15:50
  • 1
    I understand. You could use in that case, when you are in 'user/USERNAME' read the entire URL and do an end/explode. It would be something like this `$var = end(explode("/", $url));` This way $var will contain the last "argument" although this can be dangerous since I can add anything to your URL and try to match it against your DB. Why is it wrong to you to add a '?' to the URL? – Eric Martinez May 26 '15 at 15:55
  • oh thanks for the edit. maybe that's exactly what I need. working on it. thanks once again. – Ismail May 26 '15 at 16:03