How to retrieve specific data from mysql database via php?

Question

This is the full program code

<?php
include('session.php');
if(!isset($_SESSION['login_user'])){
header("location: index.php");
}
?>

<title>Profile</title>
<link href="style2.css" rel="stylesheet" type="text/css">

<h3 id="welcome">Welcome : <i>**<?php echo $login_session; ?>**</i></h3>
<b id="logout"><a href="logout.php"><center><input class="logout_button" type="submit" name="submit"  value="Logout"></center></a></b>

<?php

$host = "localhost";
$user = "root";
$pass = "";
$database = "login";

$con = mysqli_connect($host , $user , $pass, $database);

$query = "SELECT * from user where username=$login_session";

if ($result = $con->query($query)){
    while ($row = $result->fetch_row()) {
        $field1 = $row["username"];
        $field2 = $row["password"];
        $field3 = $row["first_name"];
        $field4 = $row["last_name"];
        $field5 = $row["email"];
        
        
echo "<table border=1>
        <tr>
            <td width=200 >$field1</td>
            <td width=200 >$field2</td>
            <td width=200 >$field3</td>
            <td width=200 >$field4</td>
            <td width=200 >$field5</td>
        </tr>

        </table>";
    }
mysqli_close($con);
}
?>

I am a beginner to php , mysql. In line 11 ,It prints the value of variable $login_session. I want to retrieve all data related to username. $login_session variable print it value ,but I can't retrieve data related to username from mysql database. What is the reason for that???

Answer 1

In your code SQL sytanx is is the main problem.You can write a more safe query by using prepared statements.

$stmt = $con->prepare("SELECT * from user where username=?");
$stmt->bind_param("s", $login_session);
$stmt->execute();