• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

$username how can I save

Hamed

Hamed

Active Member
PHP: 
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:mlogin.php");
}
include "db.php";
//Now serails
//username for welcome
$username = $_GET['username'];
//mean panel page
if($_GET['act'] == 'idx'){
	$username = $_GET['username'];
	include "theme/login.htm";
}
//add new S/N for a simple program but not active
if($_GET['act'] == 'newsn'){
	include "theme/addsn.htm";
	$username = $_GET['username'];
}
if($_GET['act'] == 'addnewsn'){
	$username = $_GET['username'];
	$sql="SELECT * FROM users WHERE username='$username' LIMIT 1";
    $result=mysql_query($sql);
    while ($user = mysql_fetch_array($result)){
    $rate = $user['rate'];
    }
	$sid = '';
	$swname = $_POST['swname'];
	$swsn = $_POST['swsn'];
if($rate >= 25){
	$act = 'YES';
	mysql_query("INSERT INTO `swsn` (
`sid` ,
`swname` ,
`swsn` ,
`act` ,
`username`
)
VALUES (
'', '$swname', '$swsn', 'YES', '$username'
);");
	include "theme/addsn_yes.htm";
	}else{
		$act = 'NO';
		mysql_query("INSERT INTO `swsn` (
`sid` ,
`swname` ,
`swsn` ,
`act` ,
`username`
)
VALUES (
'', '$swname', '$swsn', 'NO', '$username'
);");
		include "theme/addsn_no.htm";
		}
	}
	//make finder
if($_GET['act'] == 'find'){
	$username = $_GET['username'];
	include "theme/find.htm";
}
if($_GET['act'] == 'finder'){
	$username = $_GET['username'];
	$keyword = $_POST['keyword'];
	$sql = "SELECT *
FROM `swsn`
WHERE `swname` LIKE CONVERT( _utf8 '$keyword'
USING latin1 )
COLLATE latin1_general_ci
AND `act` = CONVERT( _utf8 'YES'
USING latin1 )
COLLATE latin1_general_ci";
$swfind=mysql_query($sql);
$count=mysql_num_rows($sql);
if($count==0){
	include "theme/nore.htm";
}else{
	echo '<html dir="rtl">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="theme/css.css">
<title>Finder</title>
</head>
<body>
<br /><br /><br /><br /><br /><br /><br />
<div class="wall">';
while ($finds = mysql_fetch_array($swfind)){
  $swname = $finds['swname'];
  $swsn = $finds['swsn'];
  $users = $finds['username'];
  include "theme/findbit.htm";
 }
include "theme/footer.htm";
}
}
// make alphabet list
if($_GET['act'] == 'list'){
	$username = $_GET['username'];
	include "theme/list.htm";
	}
if($_GET['get']){
	$letter = $_GET['get'];
$sqlruns = mysql_query("
    SELECT *
    FROM swsn
    WHERE swname LIKE '$letter%'
    AND `act` = CONVERT( _utf8 'YES'
USING latin1 )
COLLATE latin1_general_ci
    ORDER BY swname
")or die (mysql_error()); 
echo '<html dir="rtl">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="theme/css.css">
<title>LIST of all</title>
</head>
<body>
<br /><br /><br /><br /><br /><br /><br />
<div class="wall">'; 
while($sws = mysql_fetch_array($sqlruns)){
	$swname = $sws['swname'];
	$swsn = $sws['swsn'];
	$users = $sws['username'];
	include "theme/findbit.htm";
	}
	include "theme/footer.htm";
	}
//now we make all as a list
if($_GET['act'] == 'lists'){
	$username = $_GET['username'];
	$keyword = $_POST['keyword'];
	$sql = "SELECT *
FROM `swsn`
AND `act` = CONVERT( _utf8 'YES'
USING latin1 )
COLLATE latin1_general_ci";
$swfind=mysql_query($sql);
echo '<html dir="rtl">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="theme/css.css">
<title>Finder</title>
</head>
<body>
<br /><br /><br /><br /><br /><br /><br />
<div class="wall">';
while ($finds = mysql_fetch_array($swfind)){
  $swname = $finds['swname'];
  $swsn = $finds['swsn'];
  $users = $finds['username'];
  include "theme/findbit.htm";
  
 }
 $username = $_GET['username'];
include "theme/footer.htm";
}
//now we make what users post
if($_GET['act'] == 'ours'){
	$username = $_GET['username'];
	$keyword = $_POST['keyword'];
	$sql = "SELECT *
FROM `swsn` WHERE username='$username'
AND `act` = CONVERT( _utf8 'YES'
USING latin1 )
COLLATE latin1_general_ci";
$swfind=mysql_query($sql);
echo '<html dir="rtl">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="theme/css.css">
<title>Your Posts</title>
</head>
<body>
<br /><br /><br /><br /><br /><br /><br />
<div class="wall">';
while ($finds = mysql_fetch_array($swfind)){
  $swname = $finds['swname'];
  $swsn = $finds['swsn'];
  $users = $finds['username'];
  include "theme/findbit.htm";
  
 }
include "theme/footer.htm";
}
if($_GET[act] == 'out')
{
session_destroy();
echo "<meta http-equiv=\"refresh\" content=\"0;URL=mlogin.php\" /";
}
?>
these are my code I want to get $username one time and after that when I use $usename it give what I get at 1st with $_GET['username']
 
Woah! SQL injection alert! Use addslashes() when you use variables in SQL statements coming from outside sources such as $_GET! It'll take someone 5 minutes to hack into your database.
 
You must log in or register to reply here.
Back
Top