diff --git a/components/header.php b/components/header.php
index 5ebaadee3edd9ff118c6aae779eb4c0713eaacca..20bbfc10176e5c844eb47af88e55bf25d60498af 100644
--- a/components/header.php
+++ b/components/header.php
@@ -1,3 +1,10 @@
+<?php
+session_start();
+include 'components/connect.php';
+
+$user_id = $_SESSION['user_id'] ?? '';
+?>
+
 <header class="header">
 
    <section class="flex">
@@ -8,39 +15,37 @@
          <a href="all_posts.php" class="far fa-eye"></a>
          <a href="index.php" class="fas fa-arrow-right-to-bracket"></a>
          <a href="register.php" class="fa-solid fa-plus"></a>  
-         <?php
-            if($user_id != ''){
-         ?>
-         <div id="user-btn" class="far fa-user"></div>
-         <?php }; ?>
+
+         <!-- ตรวจสอบว่าผู้ใช้ล็อกอินหรือไม่ -->
+         <?php if (!empty($user_id)): ?>
+            <div id="user-btn" class="far fa-user"></div>
+         <?php endif; ?>
       </nav>
 
-      <?php
-         if($user_id != ''){
-      ?>
+      <?php if (!empty($user_id)): ?>
       <div class="profile">
          <?php
             $select_profile = $conn->prepare("SELECT * FROM `users` WHERE id = ? LIMIT 1");
             $select_profile->execute([$user_id]);
-            if($select_profile->rowCount() > 0){
+            if ($select_profile->rowCount() > 0):
                $fetch_profile = $select_profile->fetch(PDO::FETCH_ASSOC);
          ?>
-         <?php if($fetch_profile['image'] != ''){ ?>
-            <img src="uploaded_files/<?= $fetch_profile['image']; ?>" alt="" class="image">
-         <?php }; ?>   
-         <p><?= $fetch_profile['name']; ?></p>
-         <a href="update.php" class="btn">update profile</a>
-         <a href="components/logout.php" class="delete-btn" onclick="return confirm('logout from this website?');">logout</a>
-         <?php }else{ ?>
+         <?php if (!empty($fetch_profile['image'])): ?>
+            <img src="uploaded_files/<?= htmlspecialchars($fetch_profile['image'], ENT_QUOTES, 'UTF-8'); ?>" alt="User Image" class="image">
+         <?php endif; ?>
+         <p><?= htmlspecialchars($fetch_profile['name'], ENT_QUOTES, 'UTF-8'); ?></p>
+         <a href="update.php" class="btn">Update Profile</a>
+         <a href="components/logout.php" class="delete-btn" onclick="return confirm('Logout from this website?');">Logout</a>
+         <?php else: ?>
             <div class="flex-btn">
-               <p>please login or register!</p>
-               <a href="index.php" class="inline-option-btn">login</a>
-               <a href="register.php" class="inline-option-btn">register</a>
+               <p>Please login or register!</p>
+               <a href="index.php" class="inline-option-btn">Login</a>
+               <a href="register.php" class="inline-option-btn">Register</a>
             </div>
-         <?php }; ?>
+         <?php endif; ?>
       </div>
-      <?php }; ?>
+      <?php endif; ?>
 
    </section>
 
-</header>
\ No newline at end of file
+</header>