$_GET Help!

[NSA]

Hey guys,

Doing a project for College and I need to be able to display information from a database.
I currently have a profile.php page which set's some variables, send's them to another PHP file which acts as a CSS file.
The problem I am having is, it doesn't update unless I "refresh the page". If I go directly to the url profile.php?id=Josh it will still display for instance Anna's username from "profile.php?id=anna". But when I refresh the new one, it updates to "Josh".

I am aware of security issues in my code, but it is just for a College project, so don't bawl on at me about security.

Code:

<?php
$_SESSION['localhostrealname'] = "";
include("ban.php");
session_start();
$id = $_SESSION['localhostid'];
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
 
mysql_select_db("vote", $con);
 
$result = mysql_query("SELECT * FROM layout WHERE username='$id'");
 
while($row = mysql_fetch_array($result))
  {
  $background = $row['background'];
  $profile_picture = $row['profile_picture'];
  $real_name = $row['real_name'];
  $_SESSION['localhostrealname'] = "$real_name";
  }
 
mysql_close($con);
?>
<link rel='stylesheet' type='text/css' href='back.php' />
<div id="profile_picture">
 
</div>
<?php
$id = $_GET['id'];
$_SESSION['localhostid'] = "$id";
?>
<span id="real_name"><?php echo $_SESSION['localhostrealname']; ?></span>

 

[Weasel]

add to the top:
session_destroy();

and remove
$_SESSION['localhostrealname'] = "";

 

[NSA]

Warning: session_destroy(): Trying to destroy uninitialized session in F:\xampp-portable\htdocs\profile.php on line 2

 

[Weasel]

add above session_destroy:
error_reporting(0);

 

[NSA]

I still need to refresh the page to get it to update, not sure why. :S

 

[Weasel]

What does the script needs to do...?
Where did you set this session:
$id = $_SESSION['localhostid'];

 

[NSA]

The script will get the ID from the URL and put it into localhostid then it will get the users real name with that ID and fetch it, and display it on the webpage.

 

[Weasel]

<?php
session_start();
include("ban.php");
 
$userid = $_GET['id'];
 
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
 
mysql_select_db("vote", $con);
 
$result = mysql_query("SELECT * FROM layout WHERE username='".$userid."' ");
 
while($row = mysql_fetch_array($result))
  {
  $background = $row['background'];
  $profile_picture = $row['profile_picture'];
  $real_name = $row['real_name'];
  }
 
mysql_close($con);
?>
<link rel='stylesheet' type='text/css' href='back.php' />
<div id="profile_picture">
 
</div>
<span id="real_name"><?php echo $real_name; ?></span>

 

[Adil]

er...
shouldn't you really be sanitizing the id input?

 

[NSA]

Thanks Holmes!

 

[Weasel]

Thanks Holmes!

No problem.

 

[Ecko]

add above session_destroy:
error_reporting(0);

I just wanted to say that it is dumb to turn off error reporting if you are not logging errors. Only real reason you should turn off error reporting completely is if you are working with legacy code.

 

[Weasel]

I just wanted to say that it is dumb to turn off error reporting if you are not logging errors. Only real reason you should turn off error reporting completely is if you are working with legacy code.

Yes I know, I was only wondering the response of the code.

 

[NSA]

This is only for a college project, I don't care.