PHP/SQL Per-Person Search

Question

How would i do a 'per-person search' using PHP? I have it at the moment working, but i want to be able to go to this: /profile/JohnSmith, or something similar. At the moment i have it like this (probs not the most efficient way but it works):

        $sql = "SELECT * FROM data_players_sg WHERE player LIKE '%" . $name . "%'";
        $result = $conn->query($sql);

        echo "<br /><h3>Survival Games Stats</h2>";
        echo "<div id=containter class=CSSTableGenerator>";
        echo "<table id=player_profile cellspacing=15><tr><th>Points</th><th>Wins</th><th>Losses</th><th>Kills</th><th>Deaths</th><th>KDR</th></tr>";
        if ($result->num_rows > 0) {
             while($row = $result->fetch_assoc()) {
                 if($row["player"] == $name) {
                     $UUID = $row["uuid"];

                     echo "<tr><td>" . $row["points"] . "</td>";
                     echo "<td>" . $row["wins"] . "</td>";
                     echo "<td>" . $row["losses"] . "</td>";
                    $kills = $row["kills"];
                    $deaths = $row["deaths"];
                    $kdr = $deaths != 0 ? $kills / $deaths : $kills;
                    echo "<td>" . $kills. "</td>";
                    echo "<td>" . $deaths. "</td>";
                    echo "<td>" . $kdr. "</td></tr>";
                 }
            }
        } else {
            echo "<tr><td>Player not found</td><td></td><td></td><td></td></tr>";
        }
        echo "</table></div>";

Which is called when they search, and this works fine. Except it means you have to search in the search bar every time you want to get to this page, instead of being able to go straight to the page with a URL.

So in short i want it to create a page per person, which is their profile.

You are can use a get method in a url like this profile.php?name=anyname — Pranavadurai, Dec 28 '15 at 03:52
@David is that because i dont use prepared statements? I made this code a while ago and just came back to it, without realising haha, i should change that, that could be deadly — Erouax, Dec 28 '15 at 04:01
A simple solution is to create an anchor for each player. But that may not be what you want if you don't want the users to download all the data. — SOFe, Dec 28 '15 at 04:11

score 1 · Accepted Answer · answered Dec 28 '15 at 04:13

First of all, you can start by creating a new page, called profile.php or something similar. Next, use a combination of a .htaccess rewrite of the url (for example, example.com/player-name will be rewritten to example.com/profile.php?url=player-name, and a GET statement in your profile.php to retrieve this player-name. Use this name, id or url to match with data in your database. Use a query like this:

$x=$_GET["url"];
$query = "SELECT * FROM data_players_sg WHERE playername =".$x;
if ($result = mysqli_query($link, $query)) 
{
while ($row = mysqli_fetch_assoc($result)) 
{
  $UUID = $row["uuid"];

  echo "<tr><td>" . $row["points"] . "</td>";
  echo "<td>" . $row["wins"] . "</td>";
  echo "<td>" . $row["losses"] . "</td>";
  $kills = $row["kills"];
  $deaths = $row["deaths"];
  $kdr = $deaths != 0 ? $kills / $deaths : $kills;
  echo "<td>" . $kills. "</td>";
  echo "<td>" . $deaths. "</td>";
  echo "<td>" . $kdr. "</td></tr>";
}
}

Hope this helps.

Best regards, Motbrok

Invalid SQL and open to SQL injections. That also won't search, that requires an exact match. — chris85, Dec 28 '15 at 05:20
Exactly what im looking for! Thanks so much! I changed it around a bit and got it :) — Erouax, Dec 28 '15 at 05:40
Glad to be of help :) It's true that this code is prone to SQL injections, so I recommend using http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php to solve that problem. As for the query being invalid, I can vouch that it will work. Best wishes, Motbrok — Stef Nielandt, Dec 28 '15 at 14:41

PHP/SQL Per-Person Search

1 Answers1