0

currently I'm stuck with how I should identify/differentiate a particular account from many accounts that exists in my database. Let's say I am in home page and I click an account and I want the information to be displayed of that particular account that I viewed, but I couldn't display it as I don't know how to identify that particular account that I try to view.

Here's my php code to display all the accounts.

$username = $_SESSION['username'];
$sql1 = "SELECT username, address, country, zipcode, photo, bio FROM user WHERE NOT username = '$username'";
        $result = $conn->query($sql1);
        if($result->num_rows > 0)
        {
            while($row = $result->fetch_assoc())
            {
                echo "<div id = 'account'>";
                    echo "<span id = 'image'><a id = 'accounts' href = 'accounts.php'><img src = '".$row['photo']."' alt = 'profile photo' width = '100px' height = '100px' style = 'margin-right:40px; margin-top: 5px;'></span>";
                    echo "<div id = 'username'><big><b style='text-transform:lowercase;'>".$row['username']."</big></a></b><br><small><i><q>".$row['bio']."</q></i></small><br>Lives in <b style='text-transform: capitalize;'>".$row['address']."</b><br>From <b>".$row['country']."</b></div><button id = 'addFriend' type = 'button' onclick = 'addFriends()'>Add friend</button>";
                echo "</div>";
            }
        }

From the above code I can easily identify the user(person who logged in) account by storing his/her username in session from the input text while signing up. But now as theres no textfield or anything from where I can get the username to store in session, I am stuck on how to identify a user. And to retrieve it from database too, I think I pretty much need to identify the user first. Hope I am clear. Thank You in advance.

Sang Tonsing
  • 137
  • 3
  • 14
  • @Nick, username is also a unique key. But that's not my problem, the problem is I cant identify that particular account that I viewed/selected. – Sang Tonsing Mar 12 '19 at 19:31

1 Answers1

1

From what I understood you have an home page and when you click an account you want to display a page specific to that account. Supposing that this is what you are looking for, you can identify the account using their id or user name. What I usually do I use GET parameters to get the information and then I run a query to get the information. So what you need is a specific link https://example.com/user?id=3 like this.

As you can see after the domain and the page (https://example.com/user) we have a question mark and a name id in this case (can be whatever you want) and a value =3 this means that I have a value in the superglobal array $_GET which is accessible using id as key, so if I do this echo $_GET["id"]; //3 the output will be 3. By doing so you can use this value to query the DB and get a specific account.

REMEMBER TO SANITIZE INPUT!!! other wise user can hack into you DB ( use this link for more info) after you can run a query to get the information. Detailed example:

-Home.php

/**/
<a href="https://example.com/user.php?id=1">Visit This Account!!</a>
/**/

--User.php

/**/
$id = $_GET["id"]; //SANITIZE INPUT!!!!!!
$sql1 = "SELECT username, address, country, zipcode, photo, bio FROM user WHERE id = '$id'";
        $result = $conn->query($sql1);
        if($result->num_rows > 0)
        {
            while($row = $result->fetch_assoc())
            {
                echo "<div id = 'account'>";
                    echo "<span id = 'image'><a id = 'accounts' href = 'accounts.php'><img src = '".$row['photo']."' alt = 'profile photo' width = '100px' height = '100px' style = 'margin-right:40px; margin-top: 5px;'></span>";
                    echo "<div id = 'username'><big><b style='text-transform:lowercase;'>".$row['username']."</big></a></b><br><small><i><q>".$row['bio']."</q></i></small><br>Lives in <b style='text-transform: capitalize;'>".$row['address']."</b><br>From <b>".$row['country']."</b></div><button id = 'addFriend' type = 'button' onclick = 'addFriends()'>Add friend</button>";
                echo "</div>";
            }
        }
/**/

P.S. You should use PDO and prepered statement to prevent from attacks.

Leonardo Drici
  • 749
  • 3
  • 11
  • 32
  • Does that mean the id in the home page is incremented? Because if its not then I believe all the accounts will have the same id leading to displaying all the accounts information from the database. – Sang Tonsing Mar 12 '19 at 19:33
  • The id is the one you use in the database, so if the table is done right it won't – Leonardo Drici Mar 12 '19 at 20:22
  • i don't have an id, instead ill replace id with username(also unique). Can I put it like this ----- ---- the a tag is inside while loop – Sang Tonsing Mar 13 '19 at 12:21
  • Yes you can do that, if the answer was correct please mark it as correct – Leonardo Drici Mar 17 '19 at 13:45