0

so I have a database table with some user information, like ID, username, etc. and I have been trying to turn a value, for example, Bob's ID into a variable $id from the table. This is what I have right now:

$db = mysqli_connect(THIS WORKS FINE AND CONTAINS SECRET INFO :));
$sql = "SELECT ID FROM users WHERE username='$prompt'";
$result = mysqli_query($db, $sql);

and I need to turn it into a variable, because I am combining everything into a sentence so it could be $username has the id of $id. Thanks

Francisco F.
  • 111
  • 1
  • 3
  • 14
  • var_dump $result to see what it is, then figure out how to extract the data you need from it. – Andrew Jan 31 '17 at 05:45
  • this might also help http://stackoverflow.com/questions/15617824/result-mysql-query – Andrew Jan 31 '17 at 05:45
  • @Andrew This is what I got: object(mysqli_result)#2 (5) { ["current_field"]=> int(0) ["field_count"]=> int(1) ["lengths"]=> NULL ["num_rows"]=> int(1) ["type"]=> int(0) } – Francisco F. Jan 31 '17 at 05:47
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Jan 31 '17 at 06:15

1 Answers1

1

Try like this.use sprintf().The sprintf() function writes a formatted string to a variable.

$db = mysqli_connect(THIS WORKS FINE AND CONTAINS SECRET INFO :));
$sql = "SELECT ID,username FROM users WHERE username='$prompt'";
$result = mysqli_query($db, $sql);

$row = mysqli_fetch_assoc($result);

$sentence = sprintf("%s has the id of %u.",$row['username'],$row['ID']);

echo $sentence;

For more see sprintf

Hikmat Sijapati
  • 6,869
  • 1
  • 9
  • 19