Retrieve a particular row from database based on username or id

Question

Hope some one can help me out here, i created a system with more than 1 user, each user have a unique username and id. My problem now is how can i set my system in such a way that when a user log in, the system will direct the user to view a particular row in the database based on their username or id.

My Code to Access the Database is:

<?php


$con = mysql_connect("localhost","root","");
mysql_select_db("uloaku", $con);
$count = 1;
$y = mysql_query("SELECT * FROM transaction WHERE username = '".$_SESSION['username']."' LIMIT 1");
if(mysql_num_rows($y) != 0){

echo "<table border=\"1\" width=\"800\" >";
echo "<tr id=\"bold\">
<td>No</td>
<td align=\"center\" width=\"120\">Account Owner</td>
<td align=\"center\" width=\"120\">Deposit Date</td>
<td align=\"center\" id=\"bold\" width=\"150\">Current Balance</td>
<td align=\"center\" width=\"150\">Available Balance</td>
<td align=\"center\">Account Status</td>
</tr>";

while ($z = mysql_fetch_array($y, MYSQL_BOTH)){
        echo "<tr>
        <td>".$count++."</td>
        <td id=\"color\" align=\"center\">".$z[1]."</td>
        <td id=\"color\" align=\"center\">".$z[2]."</td>
        <td id=\"color\" align=\"center\">".$z[3]."</td>
        <td id=\"color\" align=\"center\">".$z[4]."</td>
        <td id=\"color3\" align=\"left\">".$z[5]."</td>
        </tr>";
    }
    echo "</table>";
    }
?>

My Login Page Looks Like This:

<?php

session_start();

$_SESSION['username'] = $username;

$username = $_POST['username'];

$password = $_POST['password'];

if ($username&&$password)

{
$connect = mysql_connect("localhost","root","") or die("cannot connect!");
mysql_select_db("uloaku") or die("cannot find data base!");
$query = mysql_query ("SELECT * FROM keyaku WHERE    username='".mysql_real_escape_string($username)."' AND     password='".mysql_real_escape_string($password)."'");
$numrows = mysql_num_rows($query);

if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
    $dbusername = $row['username'];
    $dbpassword = $row['password'];
}
if ($username==$dbusername&&$password=$dbpassword)
{
    echo "Welcome $username";
}
else
    echo "Invalid Password";
}
else
die("Invalid User");

}

else
 die("Please Enter a UserName and Password.");

?>

So far my log-in is working as i want it, and my database retrieves information the only problems is that it retrieves all information which is in the database but i want it to retrieve information based on the username or id of the person that logs in

Answer 1

First of all, I bet this piece of code does not work at all:

$query = mysql_query ("SELECT * FROM keyaku WHERE        username='$username'&&password='$password'");

... there is no such thing as && in MySQL, therefore the query will return empty result. If you want it to work, do it at least this way (prevents SQL injection, too!):

$query = mysql_query ("SELECT * FROM keyaku WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'");

Second of all, you need some way to store your login information, so it can be reused later on. If you can use sessions, the simplest way is to store username (or whichever information is linked to the row you need):

$_SESSION['username'] = $username;

Then, in your first page, update SQL to read as follows (change the column ID per your needs):

$y = mysql_query("SELECT * FROM transaction WHERE username = '".$_SESSION['username']."' LIMIT 1");

... you don't even need the LIMIT 1 part if your username field in transaction table is indexed as a primary/unique key.