> $resau = mysqli_query($dbconnect, "select * from user where email='" . $_SESSION['sess_name'] . "' and passwd='" . $_SESSION['sess_passwd'] . "' and not cookieran = 0");
> if (mysqli_num_rows($resau) != 0) {
> $userow = mysqli_fetch_assoc($resau);
> $cokkiboogy = $userow['cookieran'];
> }
In old MYSQL I didn’t need to add this extra line mysqli_fetch_assoc. Because MySQLi should be more advanced so I am probably doing this the wrong way.
In old MYSQL I didn’t need to add this extra line mysqli_fetch_assoc
You did. mysqli_fetch_assoc/mysql_fetch_assoc is the most basic way to get the data returned by a query.
MySQLi should be more advanced
Internally, but not in terms of the API, which is pretty the same.
If you want advanced API, then you need PDO. Here goes the smart and safe way:
$sql = "select cookieran from user where email=? and passwd=? and not cookieran = 0";
$stmt = $dbconnect->prepare($sql);
$stmt->execute([$_SESSION['sess_name'],$_SESSION['sess_passwd']]);
$cokkiboogy = $stmt->fetchColumn();
It is called smart because it is safe. Your current code is WIDE open to SQL injection.
And the only reason why old mysql query were banned, is that it didn’t protect you.
And the problem is, you keep with old unsafe approach even switching to new API. Which makes very little sense. If you don’t use the new safe methods, there is no point in using new API.
So the choice is yours. Either keep with old unsafe code, or learn the real smart code.