What is this mysqli_fetch_assoc


I just need to get one result like this:

> $resau = mysqli_query($dbconnect, "select * from user where email='" . $_SESSION['sess_name'] . "' and passwd='" . $_SESSION['sess_passwd'] . "' and not cookieran = 0");
> if (mysqli_num_rows($resau) != 0) {
> $userow = mysqli_fetch_assoc($resau);
> $cokkiboogy = $userow['cookieran'];
> }

In old MYSQL I didn’t need to add this extra line mysqli_fetch_assoc. Because MySQLi should be more advanced so I am probably doing this the wrong way.

What’s the short and smart version of this?

Thank you!

Do you want the short version or do you want the smart version? The two are completely different from one another.

In old MYSQL I didn’t need to add this extra line mysqli_fetch_assoc

You did. mysqli_fetch_assoc/mysql_fetch_assoc is the most basic way to get the data returned by a query.

MySQLi should be more advanced

Internally, but not in terms of the API, which is pretty the same.

If you want advanced API, then you need PDO. Here goes the smart and safe way:

$sql = "select cookieran from user where email=? and passwd=? and not cookieran = 0";
$stmt = $dbconnect->prepare($sql);
$cokkiboogy = $stmt->fetchColumn();

Yeh, smart version contains probably 2 times more code.

and PDO feels so alien to me.

and the point here is:

$username = mysql_result($res , 0, "name");

NEW MYSQLi code:

$userow = mysqli_fetch_assoc($res);
$username = $userow['name'];


It is called smart because it is safe. Your current code is WIDE open to SQL injection.
And the only reason why old mysql query were banned, is that it didn’t protect you.

And the problem is, you keep with old unsafe approach even switching to new API. Which makes very little sense. If you don’t use the new safe methods, there is no point in using new API.

So the choice is yours. Either keep with old unsafe code, or learn the real smart code.

To be really safe you’d sanitize the $_SESSION fields before using them just in case they’ve been tampered with.

$username = $stmt->fetchColumn();
if you ask me, that‘s way more expressive than $res[0]['name'] which the mysql_result() basically expresses.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.