I have a website to easily generate ProFTPD users. And now, I am securing my website against sql injection attacks, to do that I am changing all mysqli queries to pdo queries with prepared statements.
But I still couldn't find out, how to save sql query results in variable.
.
.
.
username=$_POST['username'];
.
.
.
$pdo = new PDO('mysql:host=localhost;dbname='db', 'root', 'PW');
$query1= $pdo->prepare('select * from users where userid=:username');
$query1->execute(array('username' => $username));
foreach($query1 as $row)
{
$result= $row->userid;
}
if($result == $username)
{
echo "Username is already taken";
}
When I run this code, the variable $result is emtpy.
I hope somebody could help me.
Thanks in advance.