-1

I currently have a user page where it will show the user's most recent post (this is a non-Wordpress site). To access the page, I have it setup as site.com/user.php?id=1 so that it will show any user's page if their ID is entered.

However, what I would like to accomplish is getting the page to display as site.com/user.php?username=namehere so someone can type in the username instead of the user's ID to go to the user page. This page can be accessed by anyone, not just logged in users.

I have everything working perfectly with the site.com/user.php?id=1 method. When I try the site.com/user.php?username=namehere method, I am able to access a blank page of user.php, but none of the user-specific content will show. I believe this is because the id attributed to that username is not being called for correctly.

Hopefully this explanation of the issue makes sense.

Does anyone have any suggestions on how I can accomplish what I want to?

I have been looking over similar topics on this forum and on others for the past couple hours, but I haven't had any luck with fixing my particular issue.I'm still new to working with PHP, so I'm probably assuming that I am missing something simple.

I will show what I've tried and what I'm currently working with below this explanation of my issue.

Here is the top portion of my user.php for when I am able to successfully use site.com/user.php?id=1 without error: 

<?php
include('../includes/db_connect.php');

if(isset($_GET['id'])){
 $id=$_GET['id'];
}else{ 

}
?>

Here is the top portion of my user.php for when I am am trying to get the username for site.com/user.php?username=namehere: 

<?php
include('../includes/db_connect.php');

if(isset($_GET['id'])){
 $id=$_GET['id'];
  echo "ID YES";
}else{
echo "this is not getting an id";
}


if(isset($_GET['username'])){
    $username = $_GET['username'];
    echo "USERNAME YES";
}else{
  echo "this is not getting a username";
}

?>

I included the $_GET['id'] as well in the hopes of being able to call for it so the content shows, but that returns that the page is not getting an id.

It shows the error Undefined index: id on line 47. Line 47 comes from the code chunk below where I am calling for a user's post. That line singled out is: $queryString = "SELECT post_id, title, description, link FROM post WHERE user_id='$id' ORDER BY post_id DESC LIMIT 1";

Here is the rest of user.php from the HTML where it shows the page content if anyone wants to see that for any reason:

<?php
                      $queryString = "SELECT post_id, title, description, link FROM post WHERE user_id='$id' ORDER BY post_id DESC LIMIT 1"; 
                      $query = $db->prepare($queryString);
                      $query->execute();
                      $query->store_result();
                      $query->bind_result($post_id, $title, $description, $link);

                            while ($query->fetch()):
                        ?>

                      <h2><?php echo $title?></h2> 
                      <a href="<?php echo $link?>"><?php echo $link?></a>
                      <div class="description"><?php echo $description?></div>
                        <?php endwhile?>

Then if I try site.com/user.php?id=1&username=namehere with both the $_GET['id'] and $_GET['username'] in the top portion of PHP, the page displays the correct content without error. The id and username are both being returned as being there.

Vel
  • 69
  • 7
  • 1
    Sorry if this is a stupid question, but I presume with the username version you've modified your queryString to reflect that? What does that query look like? I imagine it would something like: "SELECT post_id, title, description, link FROM post LEFT JOIN users ON user.id = post.user_id WHERE users.username = '$username'"; – Michael Beeson Mar 28 '18 at 00:21
  • Are you sure you're showing us the whole code and you're echoing something in another part of your page, such as in the HTML? What you posted won't cause that error. Or included files somewhere. Your post is unclear and stands to get closed with a possible duplicate. – Funk Forty Niner Mar 28 '18 at 01:40
  • You're not doing anything with `$post_id`, so that's another undefined error. – Funk Forty Niner Mar 28 '18 at 01:45
  • @MichaelBeeson I had changed the query, and it turns out that I had forgotten to put `user.username = '$username'`. I feel so stupid for missing that, but thank you so much for saying what you did to make me realize I was missing it! – Vel Mar 30 '18 at 01:43

2 Answers2

0

Alter your SQL to look something like this:

SELECT * FROM post WHERE username='$username' ORDER BY post_id DESC LIMIT 1

Also, please look into prepared statements, otherwise you'll end up with a clusterf*ck lot of opportunities for SQL Injection to happen, and that is never a good thing if your top priority is user security (which it always should be)...

GROVER.
  • 4,071
  • 2
  • 19
  • 66
-2

simply add username column in your query string
but I doubt you have two tables "users" and "posts", so you have to create inner join logic between them

Fahim Siddiqui
  • 20
  • 3
  • 1
    I feel like this is more of a comment than an answer. Maybe try giving him a suggestion in code format? Telling him to create _"inner join logic between them"_ is a bit of a broad statement for someone who may be a newcomer to **PHP**. – GROVER. Mar 28 '18 at 00:34
  • About your *"but I doubt you have two tables "users" and "posts", so you have to create inner join logic between them"* - Huh? What 2 tables? I see one. You're probably referring to a comment under the question, [being this one](https://stackoverflow.com/questions/49524201/displaying-a-username-in-the-url-rather-than-the-users-id#comment86054389_49524201). – Funk Forty Niner Mar 28 '18 at 01:37