0

I am trying to return the user's id number from the database but I can't figure out how to return the result of the query. I used to use mysql_result() so what would I need to do now that I'm using mysqli? 

function user_id_from_username($username){
$query = mysqli_query($conn, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");

return (what?);
}
user2180841
  • 57
  • 1
  • 7
  • i'm not looking to select it from the database. I know how to do that. I'm try to pass the query result back from a function so it can be used in other functions – user2180841 Mar 20 '13 at 02:37
  • how is that not selecting the data? you cant use the data with out selecting it. –  Mar 20 '13 at 02:40
  • I've already selected the data. I just dont know how to return it from the function – user2180841 Mar 20 '13 at 03:11
  • no you haven't, you have run a query, there is no 'selected' data in the code posted. –  Mar 20 '13 at 03:13
  • well then how do I select the data if you don't mind me asking. i'm sorry. i'm just trying to figure this out – user2180841 Mar 20 '13 at 03:26
  • My username is `735Tesla' OR ''=''; DROP TABLE users; SELECT * FROM users WHERE ''='` – 735Tesla Mar 25 '14 at 01:21

2 Answers2

1

You haven't reaped one of the main benefits of moving from mysql to mysqli, which is using prepared statements to parameterize your queries and protect yourself from injection.

$query = mysqli_prepare($conn, "SELECT user_id FROM `users` WHERE username = ?");
mysqli_stmt_bind_param($query, "s", $username);
mysqli_stmt_execute($query);
mysqli_stmt_bind_result($query, $userid);
mysqli_stmt_fetch($query);
//$userid is now user_id
Explosion Pills
  • 188,624
  • 52
  • 326
  • 405
0

check this http://php.net/manual/en/mysqli.query.php for myqli_query usage. and this http://www.php.net/manual/en/class.mysqli-result.php on how to get the values from the result.

TravellingGeek
  • 1,581
  • 11
  • 16