I'm trying to turn the below query into a prepared statement, but I'm having no luck so far. I've attached one of my attempts. The idea is I'm using this to check how many rows are returned using mysqli_num_rows afterward.
$sql2=mysqli_query($bd, "SELECT address FROM member WHERE address='".$address."'");
This is my attempt at creating a prepared statement.
$ustmt = $bd->prepare("SELECT username FROM member WHERE username = ?");
$ustmt->bind_param("s", $username);
$sql2 = $ustmt->execute();
Is this correct? And if so, how do I then check the number of rows returned into $sql2 ?
Yes, your preparation and execution is correct.
The execute call returns a boolean value, which will be true if successful else false (if false, the $stmt->error property will be set with error message).
This is worth checking before continuing, cause if its false, there will be no result.
Same with the preparation, if the $mysqli->prepare(...) call returns false, the $mysqli->error will be set with the error message.
After execution, you can fetch the number of affected rows by either the $num_rows property, in case its a SELECT statement, or the $affected_rows property in other cases.
echo $stmt->num_rows;
Or, you can fetch the mysqli_result object from the statement with the get_result() method.
The mysqli_result object contains the public field $num_rows, so you can check row count by:
$res = $stmt->get_result();
echo $res->num_rows;
For other methods in the mysqli_result object, i recommend checking the docs.