MYSQL SELECT query displaying only the data from the logged in user session

Question

I am creating an account settings page for my membership website where the user that is logged can go to edit there username, password and email. This code below shows all the users in my database to every user with the option to edit.

$result = mysql_query("SELECT * FROM user") or die(mysql_error());

I don't want that. I would like only the information for user that is logged in so they can edit there own personal information. Here is my table:

 TABLE user (
  id int(4) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID number of member',
  username varchar(32) NOT NULL COMMENT 'Username of member',
  password varchar(32) NOT NULL COMMENT 'Password of member',
  email varchar(100) NOT NULL COMMENT 'Email of member',
  level int(4) DEFAULT '1' COMMENT 'Permission Level of member',
  PRIMARY KEY (`id`)
) 

Here is the php code for whole page:

<?php
ob_start(); //keep output in buffer

session_start();
require_once( 'database.php' );

include("head.php");

if (!isset($_SESSION['loggedin'])) {

?>
    <body>

DO NOT HAVE ACCESS PRIVILEDGES TO THIS PAGE.   

<?php }
elseif (isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='0' )){  //logged in and NOT an Admin
?>

<body>

        <?php
        $result = mysql_query("SELECT * FROM user") 
                        or die(mysql_error());
        ?>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="center"><strong>UserName</strong></td>
<td align="center"><strong>Password</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>
<?php
while($row = mysql_fetch_array( $result )){
?>
<tr>
<td align="center"><? echo $row['username']; ?></td>
<td align="center"><? echo $row['password']; ?></td>
 <td align="center"><? echo $row['email']; ?></td>
<td align="center"><? echo '<a class="login" href="edit_user.php?id=' . $row['id'] . '">Edit</a>'; ?>&nbsp; &nbsp;</td>
</tr>
<?php
}
?>
<tr>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php
}

elseif (isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='1' )){  //logged in and an Admin

?>
<body class="loggedin">

<?php include("admin_menu.php"); ?>
<?php
$result = mysql_query("SELECT * FROM user") 
                or die(mysql_error());
?>

<table width="600" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="center"><strong>UserName</strong></td>
<td align="center"><strong>Password</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>
<?php
while($row = mysql_fetch_array( $result )){
?>
<tr>
<td align="center"><? echo $row['username']; ?></td>
<td align="center"><? echo $row['password']; ?></td>
 <td align="center"><? echo $row['email']; ?></td>
<td align="center"><? echo '<a class="login" href="edit_user.php?id=' . $row['id'] . '">Edit</a>'; ?>&nbsp; &nbsp;</td>

</tr>
<?php
}
?>
<tr>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?
}
include("footer.php");
ob_flush(); //flush output buffer
?>

I've already tried these two ways to fix my problem and they didn't work:

$result = mysql_query('SELECT * FROM user "'. mysql_real_escape_string(isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='0' )) . '"') 
                        or die(mysql_error());

^ that doesn't show anything except the titles of the columns. I tried this as well and it also didn't work:

$result = mysql_query("SELECT * FROM user '". mysql_real_escape_string($_SESSION['loggedin']) . "'") 
                        or die(mysql_error());

Help please.

Answer 1

SELECT * FROM user WHERE id = UserId

This should solve your problem and please do a thorough search on mysqli or pdo. Stop using mysql