Home/ Questions/Q 6870463
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T03:41:12+00:00

I have an admin area in an ecommerce website whereby the admin can view

  • 0

I have an admin area in an ecommerce website whereby the admin can view all users on the allusers.php page. The users are listed in a table with their personal information, however i have a ‘view profile’ button near each user whereby if you was to click on it, it would take you to another page where you can view that specific users past orders.

the following is the code i have for allusers.php:

    <?php

$result = mysql_query("SELECT * FROM customers ")
or die(mysql_error()); ;

if (mysql_num_rows($result) == 0) {
       echo 'There Arent Any Orders Yet';
    } else {

echo "<table border='0'><table border width=100%><tr><th>First Name</th><th>Surname</th><th>Address</th><th>E-Mail</th><th>Username</th><th>View Profile</th>";
while($info = mysql_fetch_array($result))
{
        echo "<tr>";
        echo "<td>" . $info['name']. "</td>";
        echo "<td>" . $info['surname']. "</td>";
        echo "<td>" . $info['address1']. $info['address2'].  $info['city'].  $info['postcode']." </td>";
        echo "<td>" . $info['email']. "</td>";
        echo "<td>" . $info['username']. "</td>";
        echo "<td>" . " <a href='view.php'>View</a> </td>";


}
    }
echo "</tr>";
echo "</table>";
?>

the view.php page is as follows:

<?php


$result = mysql_query("SELECT * FROM order WHERE ......dont know what to enter here")
or die(mysql_error()); ;

if (mysql_num_rows($result) == 0) {
       echo 'There Arent Any Orders For This Customer Yet';
    } else {

echo "<table border='0'><table border width=100%><tr><th>Product</th><th>Quantities</th><th>Date</th>";
while($info = mysql_fetch_array($result))
{
        echo "<tr>";
        echo "<td>" . $info['name']. "</td>";
        echo "<td>" . $info['quantity']. "</td>";
        echo "<td>" . $info['date']. " </td>";
}
    }
echo "</tr>";
echo "</table>";
?>

I have a mysql database with the following fields & tables:

Customers – id, name, surname, address1, address2, city, postcode, email, username, password

Products – serial, name, description, price, picture

Order – id, name, quanitity, price, date, username

Thanks for any help provided

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A simple method could be the follow. Replace this line in alluser.php

    echo "<td>" . " <a href='view.php'>View</a></td>";

    with this one

    echo '<td><a href="view.php?username=' . $info['username'] . '">View</a></td>';

    and then, in your view.php have

    if (isset($_GET['username']) && $_GET['username'] != '')
{
   $username = mysql_real_escape_string($_GET['username']);
   $result = mysql_query("SELECT * FROM order WHERE username = '$username'");
}
else
{
  // No user specified. Do other statements
}

    Please note the use of:

    1. The user of the mysql_real_escape_string() function to protect from Sql injection (would be better the use of a prepared statements)
    2. The use of the parameter username in the first page to pass the value of the username to the second page
    3. The use of the $_GET global array to retrieve the parameter
    • 0