CODEWITHSUNDEEP
phpmysqlmysqli
teikuei
teikuei

Reputation: 311

Migrating to mysqli

I'm trying to migrate a web to mysqli and have my first question:

In mysql I had this:

$sel_user="SELECT * FROM usuarios WHERE user='$usuario_tienda'";
$rs_user=mysql_query($sel_user);
$tienda=mysql_result($rs_user,0,"tienda");

When I change to mysqli it looks like this:

$consulta_user="SELECT * FROM members WHERE username='$usuario_tienda'";
$query_user = mysqli_query($mysqli,$consulta_user);
$resultado_user = mysqli_fetch_assoc($query_user);
$tienda= $resultado_user['tienda'];

It works, but I don't think this is the best way to do it, can I do more efficient, more compressed?

Upvotes: 1

Views: 48

Answers (1)

Juned Ansari
Juned Ansari

Reputation: 5283

you should use prepared statement, using that you can avoid sql-injection hack

$stmt = $mysqli->prepare("SELECT * FROM usuarios WHERE user=:user");
$stmt->bindParam(':user', $usuario_tienda);
$result = $stmt->execute(); 
$resultado_user = $result->fetch_assoc();
echo $resultado_user['tienda'];

Upvotes: 2

Related Questions