1

This is the full program code

<?php
include('session.php');
if(!isset($_SESSION['login_user'])){
header("location: index.php");
}
?>

<title>Profile</title>
<link href="style2.css" rel="stylesheet" type="text/css">

<h3 id="welcome">Welcome : <i>**<?php echo $login_session; ?>**</i></h3>
<b id="logout"><a href="logout.php"><center><input class="logout_button" type="submit" name="submit"  value="Logout"></center></a></b>

<?php

$host = "localhost";
$user = "root";
$pass = "";
$database = "login";

$con = mysqli_connect($host , $user , $pass, $database);

$query = "SELECT * from user where username=$login_session";

if ($result = $con->query($query)){
    while ($row = $result->fetch_row()) {
        $field1 = $row["username"];
        $field2 = $row["password"];
        $field3 = $row["first_name"];
        $field4 = $row["last_name"];
        $field5 = $row["email"];
        
        
echo "<table border=1>
        <tr>
            <td width=200 >$field1</td>
            <td width=200 >$field2</td>
            <td width=200 >$field3</td>
            <td width=200 >$field4</td>
            <td width=200 >$field5</td>
        </tr>

        </table>";
    }
mysqli_close($con);
}
?>

I am a beginner to php , mysql. In line 11 ,It prints the value of variable $login_session. I want to retrieve all data related to username. $login_session variable print it value ,but I can't retrieve data related to username from mysql database. What is the reason for that???

Improve this question
2
  • 4
    You should keep an eye out for SQL-Injections. Please start using Prepared, Parameterized Queries. Commented Jul 12, 2020 at 8:42
  • 2
    Your query with the variable substituted for its value is invalid. Strings need to be enclosed in quotes. Using Prepared Statements as stated above, you won't have that issue. Commented Jul 12, 2020 at 8:42

1 Answer 1

Reset to default
1

In your code SQL sytanx is is the main problem.You can write a more safe query by using prepared statements.

$stmt = $con->prepare("SELECT * from user where username=?");
$stmt->bind_param("s", $login_session);
$stmt->execute();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.