|Before you continue, I suggest you tidy up your code and get into some good practices.
Encapsulate the target file in brackets:
include_once('CONFIGPAGE.php');. And use single quotes, as it is quicker.
$fetch_users_data = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE username='".$_REQUEST['username']."'"));
$fetch_users_id = mysql_fetch_object(mysql_query("SELECT * FROM `members` WHERE id='".$_GET['user']."'"));
You need to check first whether or not 'user' and 'username' are set. If they aren't then it will throw errors.
$username = isset( $_REQUEST['username'] ) ? $_REQUEST['username'] : '';
$user = isset( $_GET['user'] ) ? $_GET['user'] : '';You seriously need to sanitise your data inputs to protect from SQL injection attacks. Use the mysql_real_escape_string[^] function.
$username = mysql_real_escape_string( $username );
$user = mysql_real_escape_string( $user );Then use those sanitized values as your SQL inputs.
There is no need for the
"" around the value. It will work just fine without it:
<body bgcolor="#000000" onload="$_GET['user']">
There is no need to have an onload attribute, with
$_GET['user']. It is also bad practice to use bgcolor. Use the style attribute instead, or better still use CSS classes.
From what I can see you haven't opened a div; therefore there is no need to close one.
Note that you should also have a DOCTYPE which you should work from. http://www.w3schools.com/tags/tag_DOCTYPE.asp[^]
If at first you don't succeed, you're not Chuck Norris.