How do I process a single result from an sql query in PHP?

Question

I am using the stored $_SESSION username (stored in the $username variable) to obtain the user's id using the following query in PHP:

$query = mysql_query("SELECT id FROM users WHERE username = '".$username."'");

I then process the query result as follows:

$userid = mysql_fetch_row($query);

Because I am logged in as a demo user, the user id that this query should return is: 12. However, when I echo $userid['id'] I get this output:

1111

Is this not a proper way of processing the data from the query? Should I be using mysql_fetch_row() if I am only expecting a single result?

I have also tried running the query in PHPMyAdmin and it returns the expected result just fine.

Answer 1

Your query is vulnerable to SQL injection attacks and you are using deprecated libraries which will be removed from future versions of PHP.

I recommend moving to mysqli (documentation), which will help to protect you from injection attacks with its prepared statements (documentation).

Your query appears correct. If you run SELECT id FROM users WHERE username = 'demo' in PHPMyAdmin or SQL command line, what do you get? Is username a UNIQUE field or do you have two accounts called demo?

Answer 2

fetch the results using:

    $query="SELECT id FROM users WHERE username ='$username'";
    $res=mysql_query($query);
    while($row=mysql_fetch_row($res))
    {
                $id=$row[0]; //change to the column number you are using to store id
    }

Answer 3

try this

   while($userid = mysql_fetch_array($query))
    {
      echo $userid['id'].'<br />';
    }