Can't fetch information from database with urldecode

StackOverflow https://stackoverflow.com/questions/14743175

  •  07-03-2022
  •  | 
  •  

Question

I have used urldecode to receive a member ID from a previous site. The correct ID is being displayed in the URL but I can't fetch information from the database.

members.php:

   <?php


$query = "SELECT name, memberID FROM members";

if(!$result = $db->query($query)){
    die('There was an error running your query[' . $db->error . ']');
}

while($row = $result->fetch_assoc()){
  printf ('<li><a href="profiles.php?memberID=' . urlencode($row['memberID']) . '">' . $row['name'] . '</a></li>');

}
?>

profiles.php:

  <?php

$id = isset($_GET['memberID']);

$query = "SELECT * FROM members WHERE memberID = '".$id."'";

if ($result = $db->query($query)) {

while ($row = $result->fetch_assoc()){
    printf("%s (%s)\n", $row["memberID"], $row['name']);
}
}
 var_dump($query);
?>

All I get is a blank screen.

Was it helpful?

Solution

I found couple of problems in the code:

members.php

while($row = $result->fetch_assoc()){
  printf ('<li><a href="profiles.php?memberID=' . urlencode($row['memberID']) . '">' . $row['name'] . '</a></li>');

}

Here you are using printf function which have 1st argument for format of string. Correct that with echo statement as below:

while($row = $result->fetch_assoc()){
  echo '<li><a href="profiles.php?memberID=' . urlencode($row['memberID']) . '">' . $row['name'] . '</a></li>';

}

profiles.php

$id = isset($_GET['memberID']);

Here you are setting the $id with isset() function return value. You should instead set the value from GET parameter as below:

if(isset($_GET['memberID']))    $id = $_GET['memberID'];

See now if it's working.

OTHER TIPS

Make sure that you use the correct capitalization of memberId vs. memberID. This is very important.

Do not pass values retrieved from GET/POST through urldecode. They already are.

Please try the following based on your code and let us know the results:

<?php
$id = isset($_GET['memberID']) ? $_GET['memberID'] : 0;
if($id > 0){
    $query = "SELECT * FROM members WHERE memberID = '".$id."'";
    $result = $db->query($query);
    if($result){
        echo "Rows found: " + $result->num_rows;
    } else {
        echo "No rows found";
    }
} else {
    echo "memberID is 0";
}
?>

Is memberID an int field in the database or a string field? If it is an int field then remove the single quotes in your query on profiles.php.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top