Say I have a website like foo.com and have the user be able to enter the username, and gives you back your view count. So if the username is bar, the url would look something like foo.com/index.php?username="bar".
Now if I had another user john, what could prevent bar from entering foo.com/index.php?username="bar" and getting their view count?
what could prevent bar from entering foo.com/index.php?username="bar" and getting their view count?
The short answer is nothing. Cause there are no safe (and consistent along different browsers and systems) ways to prevent user from editing the url. But... You can check if the current logged in user has the permissions to view that data.
If you're using a framework, probably there's already an implementation for RBAC (Role Based Access Control). So you should check the documentation for that.
If you're not and you're on a project with plain PHP, you have to implement that. And it can get quite complicated.
This is one of the downsides of PHP, user can always alter the request (and the forms contents) and you should always check that the data is correct. (that's one of the reasons most PHP programmers use frameworks).