Selecting data from user that is logged in

Question

When a user is logged in, I want him to see the Course he did and his Results.

At the moment I have this:

<?php
  session_start();
  if(isset($_SESSION['user'])) {

  $query = "SELECT applied_cours, stud_res FROM students";
  $result = mysql_query($query);

    while($student = mysql_fetch_array($result)) {
      echo "<p>" . $student['applied_cours'] . "</p>";
      echo "<p>" . $student['stud_res'] . "</p>";
    }
  }
?>

The problem is is that this will show all the courses and results of everybody, not only from the logged in user. Does anybody know how to fix this?

The table I use goes like this:

username, password, stud_id, studgr_id, applied_cours, stud_res
user1, password1, 6567, 2012_1, timemanagement, satisfactory
user2, password2, 8459, 2012_2, timemanagement, satisfactory
etc.

Then you should use a [WHERE-clause](http://dev.mysql.com/doc/refman/5.0/en/select.html) in your SQL-statement. Please learn how to use SQL first before trying to build applications that use it. — feeela, Feb 17 '12 at 14:49
As others have said, use WHERE clause but use it on your primary key to avoid conflicts, e.g if `username` is not your primary key, you'll have problems if you have 2 students named felix — vikki, Feb 17 '12 at 16:15

score 1 · Answer 1 · answered Feb 17 '12 at 14:46

1

Add where clause,

$query = "SELECT applied_cours, stud_res FROM students Where username='$_SESSION[user]'";

answered Feb 17 '12 at 14:46

KV Prajapati

93,659
19
148
186

@john15 If this answer works, you should accept it to 1) acknowledge this user's efforts; and 2) make it easier for everyone else to see that this question has been satisfactorily answered. – SimonMayer Feb 17 '12 at 21:25

score 0 · Answer 2 · answered Feb 17 '12 at 14:47

0

If a user is logged in, store it's ID in the $_SESSION.

$_SESSION['user']['id'] = [insert user ID here]; // the stud_id

Then:

$query = 'SELECT applied_cours, stud_res FROM students WHERE stud_id = "'.$_SESSION['user']['id'].'"';

answered Feb 17 '12 at 14:47

Rene Pot

24,681
7
68
92

score 0 · Answer 3 · answered Feb 17 '12 at 15:20

Use a parametrized sql statement though since you can't trust the input, you should never be writing variables directly into a statement.

$stmt = $dbh->prepare("SELECT applied_cours, stud_res FROM students WHERE stud_id =  ? ");
$stmt->bindParam(1, $_SESSION['user']['id']);

$stmt->execute();

Read here: http://php.net/manual/en/pdo.prepared-statements.php

Selecting data from user that is logged in

3 Answers3