-3

In the process off making an Admin panel to my website i have run into a problem..

I'm trying to do, so that under the "members.php", you can click the image off the person you want to read more about and be directed to his site, via ID... Like member.php?id=1 for the person with the number 1 id in the database... And when you do come to the persons site, how do you make so that you see his info and not someone elses?.. So that you don't see number 2's info under member.php?id=1.. I have tried but so fare, i haven't "cracked the code" ;-)

Hope some off u guys can help!

Members.php:

<?php

    include 'admin/include/db.php';

    $query = mysql_query("SELECT * FROM members WHERE active = '1' ");

    while($rows = mysql_fetch_array($query)) :

        $iname = $rows['iname'];
        $id = $_GET['id'];

        echo "<tr>";
        echo "<td align='middle'><br><h3><a href='member.php?id=$id'>$iname</a></h3><br></td>";
        echo "<td align='middle'><br><h3><a href='member.php?id=$id'>$iname</a></h3><br></td>";
        echo "</tr>";
        echo "<tr>";
        echo "<td><a href='member.php?id=$id'><img class='center fit' src='billeder/members/standin.jpg' alt='$iname'></a></td>";
        echo "<td><a href='member.php?id=$id'><img class='center fit' src='billeder/members/standin.jpg' alt='$iname'></a></td>";
        echo "</tr>";

    endwhile;
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Anders
  • 105
  • 1
  • 9
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Dec 14 '15 at 16:39
  • 1
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Dec 14 '15 at 16:39
  • 1
    Is this script supposed to list all the members with links to their profiles? Or is this script supposed to show the member's profile? You are looping through a set of mysql results, but ALWAYS setting in the links the ID provided in the URL ($_GET['id']) It is not clear what this script is supposed to do, the code is wrong in both cases. – Dragos Dec 14 '15 at 16:45
  • I think you need to site down **and have a good think** about what you are actually trying to do in this script. Currently it does not do either of the possibly actions properly and you seem to have mashedup 2 ideas but failed to code either properly – RiggsFolly Dec 14 '15 at 17:48

2 Answers2

0

Your solution is involving the $_GET['id'] into the SQL query.

$query = mysql_query("SELECT * FROM members WHERE id='$id' ");

Not sure if the quotes around id are necesarry (also adjust id to the row name in your database where the id's are stored).

Also what was mentoined before: Stop using mysql_* functions, these are removed from PHP version 7 Use MySQLi or PDO. There's plenty of tutorials and docs online to help you.

peer
  • 1,001
  • 4
  • 13
  • 29
0

You're looping over results from a query to your database, so in the while loop you're saying $id = $_GET['id']. This has nothing to do with the results that are fetched out of the database, $_GET is used to fetch values from an url. Use the values from the query inside your while loop:

echo "<td align='middle'><br><h3><a href='member.php?id=".$rows['id']."'>$iname</a></h3><br></td>";

$rows['id'] (assuming the field name in your database is 'id') will contain their id.

Santy
  • 387
  • 2
  • 7