That's incorrect. Do NOT mix match
OOP. People have the tendency to be inconsistent when it comes to database calls. If you want to use
procedural mysqli_*, then use
procedural mysqli_*. If you want to use
OOP mysqli_*, then use
OOP mysqli_*. If you want to use
PDO, then use
PDO. DO NOT MIX MATCH THEM!!
For some reason, new beginners and some intermediate
PHP users seem to really like to mix match things when you shouldn't. Mix matching 2 or 3 different database
API can cause fatal errors and may completely make your application non-usable. And, it's just completely bad design for consistency.
The correct way should be
$stmt = $conn->prepare("SELECT usernames, emails FROM users WHERE usernames = ? OR emails = ?");
What is this? Looks like another mix match of
mysqli_*. The connection is using
mysqli_*. NO WHERE in the snippets indicate that the OP is using
PDO at all. Regardless, it's just bad design on whoever wrote this snippet.
If one were to use
PDO, it's recommended to execute 1 line of array instead of executing each individual bind parameter. It saves you time when you debug and it also saves you space and line when having a very large file.
Another thing that I like to do is escape it using the backslash
\. It works just like escaping any code.