#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2013
    Location
    The Netherlands
    Posts
    12
    Rep Power
    0

    Generating a link to SQL information


    Okay once again; sorry if I fail to make myself clear but I am new to SQL and I am still learning..

    So if I make a SQL table with profiles of users who use my website, I want other people to be able to see their profiles.


    If I check the link to my own profile on this forum, it's this:

    domain.com/member.php?u=481940

    As far I understand it, the "u" is a variable(???) that I use to search for a profile while the 481940 is the primary key of my account in the table (???). Now how can I create a similair system?

    So in example:
    mywebsite.com/profile.php?u=Player

    would lead to the account of the player.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    it's actually very simple. The "u=..." stuff after the question mark is indeed a parameter. In PHP, you can retrieve the value of the parameter with

    PHP Code:
    $_GET['u'
    This value can then be used in a database query.

    Check out this tutorial on PDO which explains how to do this securely. Note that you cannot simply insert the variable into the query string, because then any visitor would be able to manipulate the query and access the database directly.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2013
    Location
    The Netherlands
    Posts
    12
    Rep Power
    0
    So in fact I can do it like this:

    "anypage.php?u=SomethingHere"

    Then at anypage.php I will process the "u"?
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Yes. You specify any number of parameters in the URL.

    For example, my URL currently says

    Code:
    http://forums.devshed.com/newreply.php?do=newreply&noquote=1&p=2907876
    So there's three parameters: do, noquote and p. This tells the current script what to do.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2013
    Location
    The Netherlands
    Posts
    12
    Rep Power
    0
    Thank you! I tried it on a page without the queries and it seems to work so far! I guess I can figure out the rest myself. Thanks a lot!

IMN logo majestic logo threadwatch logo seochat tools logo