$user_name = "name";
$password = "password";
$database = "words";
$server = "host";
$db_handle = mysql_connect($server, $user_name, $password) or die (mysql_error());
$db_found = mysql_select_db($database, $db_handle) or die (mysql_error());
$randVerb = mysql_query("SELECT * FROM verbs ORDER BY RAND() LIMIT 1");
$db_field = mysql_fetch_assoc($randVerb);
$definition= $db_field['def'];
I have read that to prevent SQL injection, all MySQL statements should actually my mysqli and parametered. The above code connects to a database, selects a random 'verbs' row, and then takes the cell that intersects the 'verb' row and the def column (the definition of that verb) using mysql_fetch_assoc.
How would this be converted to a mysqli piece of code safe from injection? Would I use mysql_fetch_assoc in mysqli?
