0

I have a separate file 'login.php' for logging users into the website, which works perfectly. I have created another file 'loggedin.php' which will display the Logged In user's info from the database. The problem is that every user in the database has their info displayed because I can't find a way to connect the user's id to display this user's info alone using the "WHERE" statement. The entire code is like this.

<?php
reguire 'includes/dbh.inc.php';

$sql = "SELECT * FROM register WHERE registerId=?????";

$query = mysqli_query($conn,$sql);
$queryResult = mysqli_num_rows($query);
if($queryResult > 0){
    while($row = mysqli_fetch_assoc($query)){
        echo "<h4>Hello </h4>".$row['registerName'];
        echo "<a href='profile.php'>Visit Your Profile</a>";
    }
}else{
    exit();
}

 ?>

I need help to be able to connect the Loggedin user's id so the page will display only the loggedin user's info.

  • 3
    Put the ID of the user into the SESSION in the login script if login is successful – RiggsFolly Dec 19 '19 at 13:53
  • Then in this script get it out again and use it in the query – RiggsFolly Dec 19 '19 at 13:55
  • Are you referring to something like this? ``` if(isset($_SESSION['id'])){ require 'includes/dbh.inc.php'; $sql = "SELECT * FROM register WHERE registerId = ".$_SESSION['id']."; } –  Dec 19 '19 at 13:58
  • @KwasiKumi yes, this will return the id of the current user's session. You can use that to find the info relative to the current user. ( where your `????` is. ) Make sure your are [binding your parameters](https://stackoverflow.com/q/60174/5784924) though, don't want to get any SQL injections. – Nicolas Dec 19 '19 at 14:03
  • ANd you have to have a `start_session()` in all scripts and of course set a value in the other script – RiggsFolly Dec 19 '19 at 14:09
  • I've got it. Thanks a lot –  Dec 19 '19 at 14:10
  • 1
    I use prepare statement for all my queries. I will surely do it. Thanks –  Dec 19 '19 at 14:15

0 Answers0