个人资料页面PHP

I seem to experiencing difficulty taking the id from the user on profile.php.

profile.php PHP:

<?php
session_start();
require 'include/connect.php';
if(!$_SESSION['key']){
   header('Location: login.php');
}
$uid = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = '$uid'";
$query = mysql_query($sql);
while($row = mysql_fetch_array($query)){
   $user = $row['username'];
}
?>

As you see, when you add to the url with get data (EX:profile.php?id=3) you visit the appropriate user's profile; however I want to take the id of the user and extract their information from the database so they view their own profile upon going to profile.php.(without adding a GET extension)

Question: What method can I use to query using the user's id #? And also, do I need to store a session for this.

You'll want to someone save the currently logged in user in the session variables. The simplest way is to add to the session array some key, such as user, where the value is the currently logged in user.

Security points:

  1. The mysql database functions you're using are deprecated. Take a look at PDO (google it, find StackOverflow answers). It's pretty similar, but more secure. Particularly, look at using prepared statements rather than executing strings where you've concatenated the arguments. You're vulnerable to something called SQL injection in this case (your searches will tell you what this is!). Here's a starting point.

  2. Before you get/display data to a user, you should make sure that the person is signed in and is signed is as the appropriate user first. A user shouldn't be able to modify to URL (ie change the $_GET variables) and then edit any profile of any user, for example. Generally, you'd want to show a 404 page for pages that the user shouldn't even know about, and 401s/log in redirects for pages they should potentially know about (such as their own profile page, user control centre, etc) but they aren't logged in.

  3. Session hijacking is a real thing! Check out this for some strategies to mitigate your risk. A lot of it is to do with correct configuration.

Best of luck!