how to echo my users information in a profile page

Question

i am trying to create a user profile page,and what i want right is how to echo the users information from the database to display in a profile page once they login from the login page,but the problem is that will echo The user ID is not defined.ilease i need help anyone can help me fix my code am new to php and sql.

profile.php

<?php
include('db.php');
?>
<!DOCTYPE html">
<html>
    <head>
        <title>Profile of an user</title>
    </head>
    <body>

        <div class="content">
<?php
//We check if the users ID is defined
if(isset($_GET['id']))
{
        $id = intval($_GET['id']);
        //We check if the user exists
        $sql = mysql_query('SELECT fst, las, uid, pass,sts,ocp FROM users WHERE id="'.$id.'"');
        if(mysql_num_rows($sql)>0)
        {
                $res = mysql_fetch_array($sql);
                //We display the user datas
?>
This is the profile of "<?php echo htmlentities($res['fst']); ?>" :
<table style="width:500px;">
        <tr>

        <td class="left"><h1><?php echo htmlentities($res['fst']); ?></h1>
        Email: <?php echo htmlentities($dnn['las']); ?><br />
        This user joined the website on <?php echo htmlentities($res['uid']); ?></td>
    </tr>
</table>
<?php
        }
        else
        {
                echo 'This user dont exists.';
        }
}
else
{
        echo 'The user ID is not defined.';
}
?>
                </div>
                 </body>
</html>

login.php

<?php
include 'db.php';

$uid = $_POST['uid'];
$pass = $_POST['pass'];



$sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
$result = mysqli_query($conn,$sql);

if($row = mysqli_fetch_assoc($result)){
   header("Location: profile.php");

}else{
     echo "invalid username or password";
}
?>

why are you mixing **mysqli_** and **mysql_** function? Don't use **mysql_** it is deprecated. — ArtOsi, May 19 '17 at 11:34

score 1 · Accepted Answer · edited May 23 '17 at 11:54

My advice to you is to use sessions instead to identify the user that have just logged in, also don't mix the apis see here : Can I mix MySQL APIs in PHP?

so this is how you login would look like :

login.php

<?php
session_start();
include 'db.php';

$uid = $_POST['uid'];
$pass = $_POST['pass'];



$sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
$result = mysqli_query($conn,$sql);

if($row = mysqli_fetch_assoc($result)){

    $_SESSION['user'] = $row['uid'];
   header("Location: profile.php");

}else{
     echo "invalid username or password";
}
?>

Now when the user have logged in successfully, you have set a session, on the profile page what you need is to check if a session isset and is not empty, then query you database to give you the data you want based on the current logged in session.

profile.php

<?php
session_start();
include('db.php');
?>
<!DOCTYPE html">
<html>
    <head>
        <title>Profile of an user</title>
    </head>
    <body>

        <div class="content">
<?php
//We check if the users session is set
    if(isset($_SESSION['user']) && !empty($_SESSION['user'])){


        // select what you need where uid = $_SESSION['user']
    }else{

        //the user did not login

        header("location:login.php");
    }

    ?>
</html>

NB: also don't store passwords in plain text, use password_hash() and password_verify(), all this info is available from the manual, and better use prepared statements.

hans-könig · Answer 2 · 2017-05-19T12:31:28.347

Please remember to protect your data before inserting in the database to avoid injection attacks.

Also remember to avoid using myqsl functions. But just mysqli functions.

I've just bought the idea of @Cokile that it is better to use sessions for saving username. Hence my updating from $_GET as copied from your code.

Profile page

<?php
session_start();
include('db.php');
?>
<!DOCTYPE html">
<html>
<head>
    <title>Profile of an user</title>
</head>
<body>

    <div class="content">
<?php
//We check if the users ID is defined
if(isset($_SESSION['userid']))
{
    $id = $_SESSION['userid'];
    //We check if the user exists
    $sql = mysqli_query($conn,'SELECT fst,las,uid,pass,sts,ocp FROM users WHERE uid="'.$id.'"');

    if(mysqli_num_rows($sql)>0)
    {

    while($res = mysqli_fetch_array($sql)){

    // Save the data
    $fst = $res['fst'];
    $las = $res['las'];
    $uid = $res['uid'];
    $sts = $res['sts'];
    // I find it confusing that at the login you use uid as username and
    // at the profile you are using it as date.
    // In my answer I am assuming sts as date data. Change it if is not.

    }           

    //We display the user datas
?>
This is the profile of "<?php echo $fst; // I assume this to name ?>" :
<table style="width:500px;">
    <tr>

    <td class="left"><h1><?php echo $fst; ?></h1>
    Email: <?php echo $las; ?><br />
    This user joined the website on <?php echo $sts; ?></td>
  </tr>
</table>
<?php
    }
    else
    {
            echo 'This user dont exists.';
    }
}
else
{
    echo 'The user ID is not defined.';
}
?>
            </div>
             </body>
</html>

Login page

<?php
session_start();
include 'db.php';

$uid = $_POST['uid'];
$uid = mysqli_real_escape_string($conn, $uid);

$pass = $_POST['pass'];
$pass = mysqli_real_escape_string($conn, $pass);



$sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
$result = mysqli_query($conn,$sql);


if(mysqli_num_rows($result) > 0){

$_SESSION['userid'] = $uid;
header("Location: profile.php");
exit();

}else{

 echo "invalid username or password";
}
?>

how to echo my users information in a profile page

2 Answers2