should never EVER chain database operations like that. You are assuming that the query will always succeed. This is BAD practice. Never assume success. Always assume the operations will fail, and treat success as a pleasant surprise.
Since you're daisy-chaining the DB calls like that, you never actually capture the result handle that mysqli_query()
will return, so in effect you're running the query and then throwing away its results.
You should have something more like
$result = mysqli_query($link, "....") or die(mysqli_error());
if (mysqli_num_rows($result)) == 1) {
$row = mysqli_fetch_assoc($result);
$anem = $row['name'];
}
And unless you've taken steps not shown in this code, you are vulnerable to SQL injection attacks.
As for the prepared statement stuff:
$stmt = mysqli_prepare($link, 'SELECT ... WHERE name=?');
mysqli_stmt_bind_param($stmt, 's', $name);
mysqli_stmt_execute($stmt);
$rows = mysqli_stmt_num_rows($stmt);
mysqli_stmt_bind_result($stmt, $fetched_name);
mysqli_stmt_fetch($stmt); // $fetched_name now contains the name from the DB