From f25e34aa0700891f3c5b7ea2dceb2d38bfbbb1b5 Mon Sep 17 00:00:00 2001 From: INOPIAE Date: Wed, 20 Feb 2013 00:49:48 +0100 Subject: bug 1008: changed query and user output --- pages/account/58.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/pages/account/58.php b/pages/account/58.php index 20e0b59..233f37c 100644 --- a/pages/account/58.php +++ b/pages/account/58.php @@ -16,30 +16,31 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -require_once(dirname(__FILE__).'/../../includes/notary.inc.php'); - if ($_SESSION['profile']['admin'] != 1 || !array_key_exists('userid',$_REQUEST) || intval($_REQUEST['userid']) < 1) { echo _('You do not have access to this page'); } else { $user_id = intval($_REQUEST['userid']); - $query = "select * from `users` where `id`='$user_id' and `users`.`deleted`=0"; + $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname`, from `users` where `id`='$user_id' and `users`.`deleted`=0"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0){ echo _("I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!"); } else { - $query = "select `users`.`fname`, `users`.`mname`, `users`.`lname`, `orginfo`.`o`, `org`.`masteracc` - FROM `users`, `orginfo`, `org` - WHERE `users`.`id` = `org`.`memid` AND `orginfo`.`id` = `org`.`orgid` + while($row = mysql_fetch_assoc($res)){ + $username=sanitizeHTML($row['fname']).' '.sanitizeHTML($row['mname']).' '.sanitizeHTML($row['lname']); + } + $query = "select `orginfo`.`o`, `org`.`masteracc` + FROM `orginfo`, `org` + WHERE `orginfo`.`id` = `org`.`orgid` AND `users`.`id`='$user_id' order by `orginfo`.`o`"; - $res = mysql_query($query);?> + $res1 = mysql_query($query);?> + if (mysql_num_rows($res1) <= 0) {?> - + - + -- cgit v1.2.1