0

enter image description here

I created a query to show username and pass for all users from database. Now i need to use this show data button to show info for specific user. eg. if i click show data button for user Marko it will show me other data for Marko.I'm just totally stuck and can't figure the logic behind this. This is the code for the table i have done so far. Button Show data has name attribute 'subm'.

<?php

$query ="SELECT *FROM loginapp WHERE username='".$username."'";
$result = mysqli_query($link,$query);

if(!$username){
    $query ="SELECT *FROM loginapp";
    $result = mysqli_query($link,$query);
}

while($row = mysqli_fetch_array($result)){
    echo "<tr><td>".$row["id_num"]."</td><td>".$row["username"]."</td><td>".$row["password"]."</td><td id='data-cell'><button id='show-button' name='subm' type='submit'><i class='fa fa-search' aria-hidden='true'></i>SHOW DATA</button></td></tr>"; 
    if(isset($_POST['subm'])){

}
}


?>
Stanimir
  • 51
  • 6
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 18 '17 at 15:48
  • You need to get in the habit of [accepting answers](http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) which help you to solve your issues. You'll earn points and *others will be encouraged to help you*. – Jay Blanchard Jul 18 '17 at 15:49
  • **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jul 18 '17 at 15:49

0 Answers0