0

I'm trying to create a SQL query that takes the values of an entire table and dumps them into an array that I can call based the value of a URL parameter.

The parameter passed into the url will be ?username=User1.

I need the query to filter results in the database that are related to the that user (for example - their name, email address, interests etc).

I want to then be able to store them in an array that I can use to call and display the values, for example;

<?php echo htmlentities($row['profiles']['username'], ENT_QUOTES, 'UTF-8'); ?>
<?php echo htmlentities($row['profiles']['location_city'], ENT_QUOTES, 'UTF-8'); ?>

I use the following PHP to set the $u variable in PHP

My SQL query so far is as follows 

 $query = " 
        SELECT 
            user_id,
            username, 
            displayname, 
            displayage,
            location_city,
            language
        FROM profiles WHERE username='$u'
    ";

I then use the following PHP code to try and pass the data into an array;

try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll();

My full code for profile.php;

<?php $_GET['u'] = 'u'; ?>

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
        // If they are not, we redirect them to the login page. 
        header("Location: index.php"); 

        // Remember that this die statement is absolutely critical.  Without it, 
        // people can view your members-only content without logging in. 
        die("Redirecting to index.php"); 
    } 

    // Everything below this point in the file is secured by the login system 

    // We can retrieve a list of members from the database using a SELECT query. 
    // In this case we do not have a WHERE clause because we want to select all 
    // of the rows from the database table. 
    $query = " 
        SELECT 
            id, 
            username, 
            email 
        FROM profiles WHERE username='$u'
    "; 

    try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll(); 
?> 

<?php include('header.php') ?>

<div class="pages navbar-through toolbar-through">
<div class="page" data-page="profile">

<div class="page-content">

<div class="content-block">
<div class="content-block-inner">

<p>Profile content will go here</p>


<a href="private.php">Go Back</a><br />
</div>

</div>
</div>

</div>
</div>

<?php include('footer.php') ?>
Improve this question
5
  • So you want to search result set $rows based on ?username=User1 and get that particular row, right? Commented Feb 8, 2016 at 9:50
  • @Rajeep - Yes, and be able to display each cell of that users row in the database using an echo. Commented Feb 8, 2016 at 9:54
  • You have been given an answer below. Hopefully that will resolve your issue. I missed that ... WHERE username='$u' part in your query. By the way what's the point of using fetchAll() when you're fetching only a particular row based on WHERE username='$u'? Commented Feb 8, 2016 at 10:03
  • @Rajdeep - Thanks for the answer. Not sure about fetchall - I've adapted a code from an open source login system and now trying to build a profile page. So I need to change WHERE back to include the $u variable? Commented Feb 8, 2016 at 10:17
  • If you're expecting to get only one row from the select operation, then instead of fetchAll() use ->fetch(PDO::FETCH_ASSOC);. By the way I'm not the one who answered this. ;-) Commented Feb 8, 2016 at 10:21

1 Answer 1

Reset to default
1

Change profile.php file contents as shown below:

<?php $username = (isset($_GET['username']))? trim(strip_tags($_GET['username'])) : ""; ?>

<?php 

    // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // At the top of the page we check to see whether the user is logged in or not 
    if(empty($_SESSION['user'])) 
    { 
        // If they are not, we redirect them to the login page. 
        header("Location: index.php"); 

        // Remember that this die statement is absolutely critical.  Without it, 
        // people can view your members-only content without logging in. 
        die("Redirecting to index.php"); 
    } 

    // Everything below this point in the file is secured by the login system 

    // We can retrieve a list of members from the database using a SELECT query. 
    // In this case we do not have a WHERE clause because we want to select all 
    // of the rows from the database table. 
    $query = " 
        SELECT 
            user_id,
            username, 
            displayname, 
            displayage,
            location_city,
            language
        FROM profiles WHERE username = '$username'
    "; 

    try 
    { 
        // These two statements run the query against your database table. 
        $stmt = $db->prepare($query); 
        $stmt->execute(); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Finally, we can retrieve all of the found rows into an array using fetchAll 
    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); 
?> 

<?php include('header.php') ?>

<div class="pages navbar-through toolbar-through">
<div class="page" data-page="profile">

<div class="page-content">

<div class="content-block">
<div class="content-block-inner">

<p>Profile content will go here</p>
<?php foreach($rows as $row): ?>
   <div>Username: <?php echo $row['username'] ?></div>
   <div>Location: <?php echo $row['location_city'] ?></div>

<?php endforeach; ?>

<a href="private.php">Go Back</a><br />
</div>

</div>
</div>

</div>
</div>

<?php include('footer.php') ?>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks for the answer. It doesn't appear to be working, no values are appearing. I added a PHP statement to print all $GET variables and it does show that the variable is being passed and User1 is it's value. Puzzling.
make sure that the record for specified username exists in your table. Also try to add PDO::FETCH_ASSOC as param to fetchAll method and check the resultset with var_dump($rows);
the records do exist but they do not appear to be pulling through for display. I know the variable is definitely set and holding the usernames of several test users. Just can't seem to display them.
@BenYates, what do you mean " holding the usernames of several test users" ? Show me var_dump($username) right before $query variable, please
It's working now, thanks a lot - I had a double semicolon somewhere. Sorry I meant when click on several links it was passing different users as it should have been.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.