Is this MySQLi safe? [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

This question does not appear to be about programming within the scope defined in the help center.

Closed 8 years ago.

Improve this question

I wanted to do the follow thing with MySQLi statements or PDO but I experienced a lot of errors on my server.

Please check if the follow example to learn code I did myself will be okay for safety and if it is okay to use it. And hopefully the follow code will help new MySQLi users to learn at least how to start with MySQLi:

<?php
$host = "localhost";
$username = "db_user";
$password = "db_pass";
$dbname = "db_name";
@ $db = mysqli_connect($host, $username, $password, $dbname);
if(mysqli_connect_errno())
{
    die("Connection could not be established");
}
$username = mysqli_real_escape_string($db, $_GET['user']);
$query = ("SELECT * FROM members WHERE profile='$username' ORDER BY id DESC LIMIT 1");
$result = mysqli_query($db, $query);
while($row = mysqli_fetch_array($result))
{
?>

PROFILE VIEW

   <br>Name: <?php echo $row['nombre']?> ID: <?php echo $row['Age']?> <br />




<?php
}
?>

All working fine. If somebody can make it safer, I'd appreciate it.

Answer 1

I'd go with this.

<?php
$host = "localhost";
$username = "db_user";
$password = "db_pass";
$dbname = "db_name";
$db = mysqli_connect($host, $username, $password, $dbname);
if(mysqli_connect_errno()) {
 die("Connection could not be established");
}
$username = $_GET['user'];
$query = $db->prepare("SELECT * FROM `members` WHERE `profile` = ? ORDER BY `id` DESC LIMIT 1");
$query->bind_param('s', $username);
$query->execute();
while($row = $query->fetch_row()) { ?>

 <br />Name: <?php echo $row['nombre']; ?> ID: <?php echo $row['Age']; ?> <br /><?php
} ?>