too long

I'm trying to display a users information on a profile page after they get logged in. Here is the code I'm using:

<?php
require_once('connection.inc.php');
$conn = dbConnect('read');
// get the username's details from the database
$sql = ("SELECT firstname, lastname FROM members WHERE username ='".$_SESSION['username']."'");
$_SESSION['firstname'] = 'firstname';
$_SESSION['lastname'] = 'lastname';
// initialize and prepare statement
$stmt = $conn->stmt_init();
$stmt->prepare($sql);
// bind the result,
$stmt->bind_result($_SESSION['firstname'], $_SESSION['lastname']);
$stmt->execute();
$stmt->fetch();

The code runs without any errors but on the profile page the results get displayed as: firstname: firstname lastname: lastname

instead of plugging in the information that was supposed to be pulled from the database.

The display code on the profile page itself is correct, because I can set the session variables above from the user login page, and they work properly. I just don't want to be pulling in all that information at login, if the user isn't going to be doing anything with it. Thanks for any help.

Okay, there are a number of issues regarding your code.

As artiifix already mentioned, you can only bind the results after you've executed the query. It is, however, better to use prepared statements using parameters.

Also, you set $_SESSION['firstname'] to firstname and $_SESSION['lastname'] to lastname, which is why you get that output. You can remove those lines of code.

<?php
require_once('connection.inc.php');
$conn = dbConnect('read');
// get the username's details from the database
$sql = "SELECT firstname, lastname FROM members WHERE username=?";
/* See this? I've put a parameter in the query.
 * You need to do this in order to prepare a statement.
 */

// initialize and prepare statement
$stmt = $conn->stmt_init();
$stmt->prepare($sql);

// Bind parameters and execute the query
$stmt->bind_param("s", $_SESSION['username']);
$stmt->execute();

// Next, bind the results to the variables.
$stmt->bind_result($_SESSION['firstname'], $_SESSION['lastname']);

$stmt->fetch();

[...]

Furthermore, if above code is the top of your php-script, you would need to open the session to access the session variables!

<?php

session_start();

require_once('connection.inc.php');
$conn = dbConnect('read');

[...]

And, to simplify things even more: if the user is already logged in, and the session variables are already set, there is no need to fetch them again.

<?php
session_start();
echo $_SESSION['firstname'] . ' ' . $_SESSION['lastname'];

[...]

Citation from the php manual:

Note that all columns must be bound after mysqli_stmt_execute() and prior to calling mysqli_stmt_fetch(). Depending on column types bound variables can silently change to the corresponding PHP type.

see http://php.net/manual/en/mysqli-stmt.bind-result.php

So just put it that way:

$stmt->execute();
$stmt->bind_result($_SESSION['firstname'], $_SESSION['lastname']);
$stmt->fetch();