craisondigital craisondigital - 2 months ago 9
MySQL Question

How do I display/echo the data from an executed mysqli prepared statement

I am attempting to understand how to prevent injections. Prior to this, I would structure my code as follows.

$empid = $_REQUEST['empid']
$query =("SELECT e.first AS first, e.last AS last, e.username AS uname FROM emps e WHERE e.id='$empid'");
$result = mysqli_query($con, $query);?>


Then to display the found username in my body, I would have.

<?php $row = mysqli_fetch_assoc($result);?>
<?php echo $row['uname'] ;?>


I am trying to accomplish this same thing with mysqli prepared statements. So far I have the following.

$query= $con->prepare("SELECT e.first AS first, e.last AS last, e.username AS uname FROM emps e WHERE e.id=?");
$query->bind_param("i", $empid);
$query->execute();
$query->close();


So I am pretty sure that the statement is set up correctly, but need to now echo the returned columns to the body on my webpage

Answer

edit: add those rules after the execute.

$res = $query->get_result();
$row = $res->fetch_assoc();

and after that you can do what ur used to do with it, with the old way.