如何根据登录用户从 php 中的 MySQL 获取特定用户数据

Question

I'm trying to fetch data of specific (User who is Logged In) User but I'm unable to do that. I have written a code which can fetch complete data, but I want to fetch data of specific user only.

I have tried using WHERE username="$username" and other possible things but none of it worked for me

<?php
include_once 'server.php';
$result = mysqli_query($db,"SELECT * FROM users");
?>
<!DOCTYPE html>
<html>
 <head>
 <title> Admin Panel</title>
    <link rel="stylesheet" type="text/css" href="style.css">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
 </head>
<body>
<h2>Welcome Admin</h2><hr>

<?php
if (mysqli_num_rows($result) > 0) {
?>
  <table id="students">

  <tr>
    <th>ID</th>
    <th>First Name</th>
    <th>Last Name</th>
    <th>Gender</th>
    <th>DateOfBirth</th>
    <th>Contact Number</th>
    <th>Username</th>
    <th>Email id</th>
  </tr>
<?php
$i=0;
while($row = mysqli_fetch_array($result)) {
?>
<tr>
    <td><?php echo $row["id"]; ?></td>
    <td><?php echo $row["fname"]; ?></td>
    <td><?php echo $row["lname"]; ?></td>
    <td><?php echo $row["gender"]; ?></td>
    <td><?php echo $row["dob"]; ?></td>
    <td><?php echo $row["contact"]; ?></td>
    <td><?php echo $row["username"]; ?></td>
    <td><?php echo $row["email"]; ?></td>
</tr>
<?php
$i++;
}
?>
</table>
 <?php
}
else{
    echo "No result found";
}
?>
    <form  method="GET" action="index.php?logout='1'">
            <button type="submit" class="button" name="logout">Logout</button>
    </form>
 </body>
</html>

and here is the server.php I am able to fetch all user data but I want a specific user data based on who is logged In

<?php 
    session_start();

    // variable declaration
    $id = "";
    $fname = "";
    $lname = "";
    $gender="";
    $dob = "";
    $contact = "";
    $username = "";
    $email    = "";
    $errors = array(); 
    $_SESSION['success'] = "";

    // connect to database
    $db = mysqli_connect('localhost', 'root', '', 'registration');

    // REGISTER USER
    if (isset($_POST['reg_user'])) {
        // receive all input values from the form
        $fname = mysqli_real_escape_string($db, $_POST['fname']);
        $lname = mysqli_real_escape_string($db, $_POST['lname']);
        $gender = mysqli_real_escape_string($db, $_POST['gender']);
        $dob = mysqli_real_escape_string($db, $_POST['dob']);
        $contact = mysqli_real_escape_string($db, $_POST['contact']);
        $username = mysqli_real_escape_string($db, $_POST['username']);
        $email = mysqli_real_escape_string($db, $_POST['email']);
        $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
        $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

        // form validation: ensure that the form is correctly filled
        if (empty($fname)) { array_push($errors, "Firstname is required"); }
        if (empty($lname)) { array_push($errors, "Lastname is required"); }
        if (empty($dob)) { array_push($errors, "Date of Birth is required"); }
        if (empty($contact)) { array_push($errors, "Contact Number is required"); }
        if (empty($username)) { array_push($errors, "Username is required"); }
        if (empty($email)) { array_push($errors, "Email is required"); }
        if (empty($password_1)) { array_push($errors, "Password is required"); }

        if ($password_1 != $password_2) {
            array_push($errors, "The two passwords do not match");
        }

        // register user if there are no errors in the form
        if (count($errors) == 0) {
            $password = md5($password_1);//encrypt the password before saving in the database
            $query = "INSERT INTO users (fname, lname, gender, dob,contact, username, email, password) 
                      VALUES('$fname', '$lname','$gender', '$dob','$contact', '$username', '$email', '$password')";
            mysqli_query($db, $query);

            $_SESSION['username'] = $username;
            $_SESSION['success'] = "You are now logged in";
            header('location: index.php');
        }

    }

    // ... 

    // LOGIN USER
    if (isset($_POST['login_user'])) {
        $username = mysqli_real_escape_string($db, $_POST['username']);
        $password = mysqli_real_escape_string($db, $_POST['password']);

        if (empty($username)) {
            array_push($errors, "Username is required");
        }
        if (empty($password)) {
            array_push($errors, "Password is required");
        }

        if (count($errors) == 0) {
            $password = md5($password);
            $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
            $results = mysqli_query($db, $query);

            if (mysqli_num_rows($results) == 1) {
                $_SESSION['username'] = $username;
                $_SESSION['success'] = "You are now logged in";

                header('location: index.php');
            }else {
                array_push($errors, "Wrong username/password combination");
            }
        }
    }

Answer 1

Well you can use session or cookie function in php. In your login page enter the command

setcookie('user', $user, time() + (the time for the user must be logged in), '/');

Then in the page where you want to show the user data assign the variable like

$user = $_COOKIE['user'];

and the sql query:

select * from table_name where user = $user

I hope this might solve your problem