How to avoid loading the data of the user logged on the user.php page?

Navigation
3

I have two pages, perfil.php and user.php , profile.php opens when I log in with my user and I enter my profile and user.php is when I search by user name and it takes me to the profile of the searched user.

How do I prevent the search from the same logged in user to take me to user.php , instead of going to perfil.php

The search is done through a self-complete that shows the users according to what I write.

PHP 

 <?php

include("conexion.php");

if(isset($_POST['query']))
{

 $output = '';
 $query = "SELECT * FROM personas WHERE nombre LIKE '%". 
 $_POST['query']."%'";
 $result = mysqli_query($conn, $query);
 $output = '<ul class="list-unstyled">';

 if(mysqli_num_rows($result) > 0 )
 {

    while($row = mysqli_fetch_array($result))
    {

          $output .= '<li><img style="border-radius:50%;" id="pic-search"
         src="'.$row['Fotos'].'" width ="100px" height="100px"></img><a 
         href="user.php?Id='.$row['Id'].'">'.$row['nombre'].' 
       '.$row['apellido'].'</a></li>';
    }
  }
 else
  {
     $output .= '<li>Not found</li>';
  }

 $output .= '</ul>';
 echo $output;
  }

  ?>
    
asked by luis 09.11.2016 в 16:24
source

1 answer

3

I guess you keep the logged in user a $_SESSION['id_usario'] .

According to the comment of the OP, it has the id of the user in the variable $my_id saved.

Then you look in your query all except the user logged in ... 

$query = "SELECT * 
          FROM personas 
          WHERE nombre LIKE '%". $_POST['query']."%' 
          AND id != '". $my_id."'";

Note apart :

Please use prepared statements to avoid SQL Injections .

    
answered by 09.11.2016 / 16:33
source
How to start Microsoft SQL Server 2014 in Windows 10? Create user in Laravel 5.3 passing data with select