Display only the current user's details using PHP and MySQL

[ThirdYearChild]

In this part of the code, both the score table and the profile page display everything I want, however, it is displaying EVERYBODIES details like

First Name Surname Email Category Username, However, I want it so that when the user is logged in they can only see THEIR OWN details

 

This is score.php

  <?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
require("db_connect.php");
session_start();
?>

<!doctype html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta name="description" content="">
    <meta name="author" content="">
    <link rel="icon" href="../../../../favicon.ico">

<?php
$con=mysqli_connect("localhost","username","Password","Database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}


$result = mysqli_query($con,"SELECT * FROM Score where 'Username' LIKE _['Username']");


echo "<table border='1'>
<tr>
<th>ID</th>
<th>Username</th>
<th>Score</th>
<th>Gamedate</th>
<th>QuizTitle</th>
</tr>";

while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['ID'] . "</td>";
echo "<td>" . $row['Username'] . "</td>";
echo "<td>" . $row['Score'] . "</td>";
echo "<td>" . $row['Gamedate'] . "</td>";
echo "<td>" . $row['QuizTitle'] . "</td>";
echo "</tr>";
}
echo "</table>";

mysqli_close($con);
?>

this is profile.php

 <?php
 require('db_connect.php');
$result = mysqli_query($conn,"SELECT *FROM Users ");
while($row = mysqli_fetch_array($result))
{
       echo "<br />Your <b><i>Profile</i></b> is as follows:<br />";
        echo "<b>First name:</b> ". $row['FirstName'];
        echo "<br /><b>Last name:</b> ".$row['Surname'];
        echo "<br /><b>Email:</b> ".$row['Email'];
        echo "<br /><b>Year:</b> ".$row['Username'];
        echo "<br /><b>Date created :</b> ".$row['Date_Creation'];
}
mysqli_close($conn);
?>
    </main>



</html>

profile.php

 

Score.php

 

[Barand]

How do you know which user is logged in? You have called session_start() but I see no references to any $_SESSION variables.

 

You should be storing the ID of the user on login then using that id in your queries. (... WHERE ID = $_SESSION['userid'] ) or, better yet, use a prepared query passing the id as a parameter.

 

You will be expecting only a single profile result so why have the while() loop? A single fetch is all you need.

 

 

SELECT * FROM Score where 'Username' LIKE _['Username']

The first mention of username in that query is a column name and should NOT be in quotes. Your syntax following LIKE is also wrong.

 

Don't use a nastyfrisk (SELECT * ) in your queries - specify the columns you need.

 

As for your error messages - if your $result contains a boolean (false) value then the query didn't work.