StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSafe way to fetch data with mysql/php
primarykey
Id
12109270
data
AcceptedAnswerId
12110545
AnswerCount
2
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2012-08-24T12:17:45.943
FavoriteCount
0
LastActivityDate
2012-08-24T17:16:33.507
LastEditDate
2012-08-24T17:16:33.507
LastEditorUserId
1503704
OwnerUserId
1503704
ParentId
0
PostTypeId
1
Score
1
ViewCount
435
LastEditorDisplayName
text
Body
i wrote this code before i was aware of the use of prepared statements and what it does to SQL injections. Now i'm also aware of how messy it is to fetch arrays with prepared statements. So i was wondering if this piece of code is safe to use since it doesn't use any user submitted information to fetch the rows. What it does is to identify the row in the db table by using a session id, session is ensured by a login_check function etc..: <pre><code>$username = $_SESSION['username']; $select = mysqli_query($link, " SELECT product_id, product_title, product_value FROM product WHERE user_id='$username'"); while ($row = mysqli_fetch_assoc($select)) { $product[] = array( 'product_id' => $row['product_id'], 'product_title' => $row['product_title'], 'product_value' => $row['product_value']); } </code></pre> Some information regarding this issue would really be appreciated since things were going so well until i got to know of the prepared statements.. Edit So, i kinda went in another direction and skipped the array part completely for this query. Instead i went with the prepared statement and did something like this..: <code>$select_stmt = $db->prepare("SELECT etc...)</code> <code>$select_stmt->bind_param("CODE")</code> <code>$select_stmt->execute();</code> And so on.. But the thing is that my bind_result got pretty big (?) with 14 variables. Perhaps this is a stupid question but will that slow down my site compared to the old way with using a single array (if 14 even is considered "big")? This is a common query that hopefully many users will use simultaniously and often. Prepared statements are new for me so.. Thanks sofar for the help people. 
Tags
<php><mysql><sql><code-injection>
Title
Safe way to fetch data with mysql/php
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USMarkus
UserOwnerUserId
1. USMarkus
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POSafe way to fetch data with mysql/php
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.