iyop45 wrote

RapidzMoose wrote

iyop45 wrote

RapidzMoose wrote Thank you BILLYDEVOMERT. He clearly doesn't have a clue what he's talking about.

MySQL is outdated, but in this case, the OP is using it. Therefor, I'm not going to use MySQLite:

$query = $db->query("SELECT * FROM users WHERE username = '{$username}'");

That will throw out an error.

It's not solely the fact that he's using outdated extensions but you're suggesting he use them in an insecure manner. The code you suggested on both occasions are vulnerable to SQL injection in the most blunt way and what's the point of using PDO if you're not going to even bother parameterizing your queries?

( MySQLi extensions are not deprecated only mysql_ )

I know MySQLi is not deprecated. And I was only showing the basic way. I'm not going to into security because there is no point. He can figure that out himself, I'm sure he doesn't need me.

Now, stop getting so pathetically dramatic. I tried showing him the simplest way to solve his problem. If you want to correct me on the "Query" then go a head.

But you didn't solve the problem.

Adding the where clause was irrelevant, how are you sure he wanted a specific row from the table when he didn't specify at all what he wanted to achieve from his query? The query itself was perfectly valid in the first place and so that's all you can go by. The fact that he is using arrays to hold his results further enforces the fact that he wasn't expecting a single result, for which your first reply suggests you assumed he did.

@KLArcher
You need to run the sql statement through phpmyadmin and check the results returned are what you expect/want. If so then just parse through your script line by line and var_dump() each variable you're using/setting to see where you're problem lies. At this point nobody in the forum knows what your problem is and so nobody can help you.

Well I truly apologize if I was wrong. Hopefully, you will be able to help him out.