Reputation: 11
How to SELECT and display name of active user from MySQLI database
I'm creating a basic address book site. I want the nav bar along the top to greet which ever user is currently signed in. I've figured out the code to retrieve the name from MySQLI database, but the problem is it's displaying every name of everyone in the database. I'm not sure what the code is to narrow it down to display only the current signed in user. I've set it up where you log in with an email and password, so I need to find a way to SELECT the name WHERE the email = (active current user's email in database) but I'm not sure how to do that.
Everything works fine if there's only one user. The problem is when I add users it just displays every users name as a long run on sentence.
I've tried SELECT * FROM users WHERE email = '$_POST['email']';
SELECT * FROM users WHERE email = '$row['email']'; I'm logged in with a session and tried $_SESSION['loggedInUser'] Nothing seems to work. What does work is just SELECT * FROM users; That displays it just fine, but displays every name in the database for users.
<?php
session_start();
?>
<?php
if( $_SESSION['loggedInUser'] ) {
include('includes/connection.php');
$query2 = "SELECT * FROM users";
$result2 = mysqli_query( $conn, $query2);
?>
<ul class="nav navbar-nav">
<li><a href="clients.php">My Clients</a></li>
<li><a href="add.php">Add Client</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<p class="navbar-text">Welcome,
<?php
if( mysqli_num_rows($result2) > 0 ) {
while( $row = mysqli_fetch_assoc($result2) ) {
$name = $row['name'];
echo "<span style='color: #8F8F8F;'>" . $name . "</span>";
}
}
mysqli_close($conn);
?>
!</p>
Upvotes: 1
Views: 600
Answers (2)
Reputation: 44128
You were correct to try to narrow down the rows selected by including a WHERE clause. I can't be sure, however, how you specified the email address since you did not show the complete code. In any case you left yourself open to SQL injection (investigate this topic, please) when you attempt to include user's input literally as part of a SQL query. You should instead rely on a prepared statement:
$query2 = "SELECT * FROM users"; /* this selects ALL users */
$query2 = "SELECT * from users WHERE email = '[email protected]'"; /* select one specific user */
$query2 = "SELECT * from users WHERE email = ?"; /* select one specific user -- details to be specified later */
/* create a prepared statement that will avoid SQL injection: */
$stmt = mysqli_prepare($conn, $query2);
/* $email is obtained from session or $_POST or somewhere else */
mysqli_stmt_bind_param($stmt, "s", $email); /* "s" means this parameter is a string */
mysqli_execute($stmt);
$result = $stmt->get_result();
$row = $result->fetch_assoc();
mysqli_close($stmt);
Upvotes: 1
Reputation: 78
This is very simple just get the user_id stored in session variable (if you have stored it) this write the query below SELECT * FROM users WHERE user_id = $userId
where user_id is your unique column in your users table and $userId is the variable which stores the session variable user_id
Upvotes: 0
Related Questions
- How to get user other data when they login in with thier username?
- display records from db table for specific user logged in
- get ID for a specific user in mysql database in PHP
- Displaying Current User Info on Login
- How to get user's name from the database? MYSQLI newbie
- How to retrieve specific data about user?
- getting information from database with php
- How to show page of current user by id
- Show query result for logged in user
- mysqli to get info from database