0

i want to display only login data from database at a time without showing all data from database.

so that when i tried login by giving username and password all the data of that user will show at a time. this is my code connection is working fine help me with query.

<?php

session_start();

$con = mysqli_connect('localhost', 'root', 'Admin#12345');

mysqli_select_db($con, 'userregistration');

$selectquery = " select * from usertable where email";
$query = mysqli_query($con,$selectquery);

$nums = mysqli_num_rows($query);


while($res = mysqli_fetch_array($query)){
    echo $res['user'] . <"br">;//

help me with query please.

Samir Selia
  • 7,007
  • 2
  • 11
  • 30
Rohit Singh
  • 1
  • Are you sure of your query? ( $selectquery =...) – Dri372 Jun 20 '21 at 08:46
  • 4
    @Samir: not good advice, see: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php/60496#60496) – Luuk Jun 20 '21 at 09:08
  • 1
    @Samir: But this SQL injection stuff is too important to ignore. Everyone starting to learn SQL should learn about it from the start, because most are too lazy to change their _solutions_, because the **work**.... – Luuk Jun 20 '21 at 09:17
  • You have to declare a session variable and assign the **user id** to the session variable. Eg. `$_SESSION['id'] = $res['id'];` then you can select user records based on the id (that is the session variable) anywhere or anytime you need to...... so in any other files, you just have to write `session_start();` and this code will resume the session so you can use **$_SESSION['id']** .. if you don't resume the session, you can't use the session variable – ket-c Jun 20 '21 at 10:44

1 Answers1

1

Change the query to:

select * from usertable where email = ?

But then you have to tell PHP which emailaddress you want to show:

something like:

$emailToFind = "someone@example.com";
$selectquery = " select * from usertable where email = ?";
$query = mysqli_prepare($con,$selectquery);
mysqli_stmt_bind_param($query, "s", $emailToFind);
mysqli_stmt_execute($query);

But , in the article How can I prevent SQL injection, you will see also the possibility of using PDO, which also can be used for other database than MySQL.

But if you want to use PDO or MySQLi is a long, and old, discussion, see: mysqli or PDO - what are the pros and cons?

Luuk
  • 12,245
  • 5
  • 22
  • 33