---- problem understanding $mysqli->real escape string
Orangutang - 10:01 am on Apr 28, 2013 (gmt 0)
Thanks for the advice, eliminating sql injection is exactly what I was trying to do.
Due to this I thought I may as well start at the beginning and redo my login script which I've posted below.
It works but I'm not sure if there are any glaring issues? Interestingly I had to do 2 select statements unlike mysql, one to use num_rows and another to get the userid. I don't know if it can be done with one but I couldn't get it to work when I tried.
$mysqli = new mysqli("localhost", "xxx", "xxx", "xxx");