Hi I was using a mysql connection to my database and all worked fine, however I've been following a book "Pro PHP Security" by Apress and have decided to follow their chapter on connecting with mysqli instead as it provides added security against sql injection. So I've copied their script and changed the values etc:

PHP Code:
$user "DSAFDSG";
$connection mysqli_connect('localhost''username''password','database');

if (!
$connection) exit('Could not connect: ' mysqli_connect_error());
$stmt mysqli_prepare ($connection"SELECT user FROM user_table WHERE user = ?");
 
 if (
$stmt){
  
mysqli_stmt_bind_param($stmt"s",$user);
  
mysqli_stmt_execute($stmt);
  
mysqli_stmt_bind_result($stmt,$dbuser);
  if (
mysqli_stmt_fetch($stmt)){
      print 
"Found a result $user = $dbuser";
    }else{
      print 
'Sorry no records found';
    }
    
    
mysqli_stmt_close ($stmt);
}    
mysqli_close ($connection); 
The problem that i'm having is that i get "Sorry no records found" when it should successfully pull up a record.

I know it is connecting to the database as it doesn't throw up the "Could not connect.." error and I have tried forcing an error to test this and doesn't seem to be any problem there.

My hosting says there is nothing wrong with mysqli support on their server but will not help me further as to whether anything is wrong with this script. Can anyone see if there is an error in it?


Thanks