2

I just need some help creating a php function out of this code or in other words just to wrap this code in a php function :

if (isset($_GET['id'])){

    $username = mysql_real_escape_string($_GET['id']);

    if(ctype_alnum($username)){

        $check = mysql_query("SELECT username,first_name FROM users WHERE username='$username'");
        if(mysql_num_rows($check)===1){

            $get = mysql_fetch_assoc($check);
            $username = $get['username'];
            $firstname = $get['first_name'];

            echo '<div id="mini_profile">This is '.$username.'\'s profile.</div>';

            }else{

            header("Location: index.php");
            exit();


            }
        }
    }

Thanks.

Improve this question
1
  • May not help with the question but I would recommend that you stop using mysql_ functions as they are being deprecated. Look into mysqli_ or PDO Commented Oct 8, 2012 at 22:56

4 Answers 4

Reset to default
4

Really easy :)

function yourFunc() {
if (isset($_GET['id'])){

$username = mysql_real_escape_string($_GET['id']);

if(ctype_alnum($username)){

    $check = mysql_query("SELECT username,first_name FROM users WHERE username='$username'");
    if(mysql_num_rows($check)===1){

        $get = mysql_fetch_assoc($check);
        $username = $get['username'];
        $firstname = $get['first_name'];

        echo '<div id="mini_profile">This is '.$username.'\'s profile.</div>';

        }else{

        header("Location: index.php");
        exit();


        }
    }
}
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

wow i tried this before didnt work because i didnt go by this order function code() {} but i just went function code() { forgot the } at the end thanks again ... i feel dumb now haha
You might want to pass parameters to the function instead: function login($username) { ... } and pass the $_GET['id']. Like that you can also login from a $_POST, or something else. Also you might want to add AND password='$password'. As it is you are very vulnerable: Someone can enter an url giving any id to the querystring and logon as that person!
this is not a login script ... its just to get the username as and id for the www.website.com/members.php?id=$username its just for the part ?id=$username
Ah yes I see now :) Also check njk's comment: mysql_query is deprecated. From php.net: Suggested alternatives Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: mysqli_query() PDO::query()
Thanks a lot my friend for all your answers
2 
function getMyDivElement($name) {
    $username = mysql_real_escape_string($name);

    if(ctype_alnum($username)) {
        $check = mysql_query("SELECT username,first_name FROM users WHERE username='{$username}'");
        if(is_resource($check) && ($get = mysql_fetch_assoc($check))) {
            $username = $get['username'];
            $firstname = $get['first_name']; //You need this?

            return '<div id="mini_profile">This is '.$username.'\'s profile.</div>';
        }
    }

    return null;
}

//usage
if (isset($_GET['id'])) {
    $div = getMyDivElement($_GET['id']);
    if($div) {
        echo $div;
    } else {
        header("Location: index.php");
        exit();
    }
}
Improve this answer

Comments

1

Another way to do it is to return the echo statement as a string.

Improve this answer

Comments

0

The idea of creating a function is to provide reuseable code. This means you are encapsulating the logic, allowing you to change the inner workings of the code without it affecting the actual usage of the function and to avoid tedious repetition.

In your example you should think about the areas that fall into this category. I personally can see that several functions that could be made here.

Example, not run but should give you ideas.

<?php

  function getUser($username)
  {
    if (is_string($username) && strlen($username)) {
      $query  = "
        SELECT 
          username, firstname 
        FROM 
          users 
        WHERE 
          username = :username
      ";  
      $result = executeQuery($query, array("username" => $username));
      return $result->fetch();
    }
  }

  function getDatabase($host, $db, $user, $password)
  { 
    return new PDO("mysql:host=$host;dbname=$dbname, $user, $pass");
  }

  function executeQuery($sql, array $params = array())
  {
    $db   = getDatabase();
    $conn = $db->prepare($sql);

    return $conn->execute($params);
  }

  function validateInput($input)
  {
    return ctype_alnum($input);
  }

  function advanceTo($page, $params) 
  {
    header("Location: $page.php");
    exit();
  }


if (isset($_GET["username"])){
  if (validateInput($_GET["username"])) {
    $user = getUser($_GET["username"]);
    if (! empty($user)) {
      // authUserAndSetSessionForUser($user);
      /** This page is then directed to and welcome message shown **/
      advanceTo("user-home-page", array($user));
    } else {
      advanceTo("index");
    }
  }
}

?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.