I want to display data from mysql for the user but it displays everyone else

Question

I want to display the info of the logged in user aka their ID,firstname,lastname, and so on, after running the code shown below, it shows me everyone else from the DB, and excludes the "user" who's data should be shown.

include("server.php");
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location: login.php");
}


$sql = "select id, username, fname, lname, email from users WHERE username != '{$_SESSION['username']}'";
$result = mysqli_query($db, $sql);
if(mysqli_num_rows($result) > 0 ){

while($row = mysqli_fetch_assoc($result)){


?>



        <tr>
            <td><?=$row['id']?></td>
              <td><?=$row['username']?></td>
            <td><?=$row['fname']?></td>
            <td><?=$row['lname']?></td>
            <td><?=$row['email']?></td>
            <br>

        </tr>

<?php

Yeah per @tim it should be `$sql = "select id, username, fname, lname, email from users WHERE username = '{$_SESSION['username']}'";` instead of `!=` — Patrick Fay, Jun 09 '19 at 23:52

score 0 · Accepted Answer · answered Jun 10 '19 at 01:50

Check your SQL statement, you have WHERE username != whereas your requirements dictate WHERE username =.

Further, you should avoid directly using raw input in SQL statements even if it's the currently logged-in username obtained from the session as that's a security risk. Use prepared statements instead. See How to change from mysql to pdo using prepared statements in PHP? but you can also google, there are many examples online.

Feel free to accept answers from people in the comments if they provide a formal answer. And welcome to SO :).

I want to display data from mysql for the user but it displays everyone else

1 Answers1