//Queries will generally be of this structure->"SELECT * FROM Users WHERE Id ?"

1. //Queries will generally be of this structure->"SELECT * FROM Users WHERE Id ?"
2.  
3. function fetchAssocPreparedStatements($query , $arg , $type) {
4.  
5. $servername = "xxx";
6. $username = "xxx";
7. $password = "xxx";
8. $dbname = "xxx";
9.  
10. $conn = mysqli_connect($servername, $username, $password, $dbname);
11. if ($conn->connect_error) {
12. exit("An error occurred");
13. }
14.  
15. $arg = trim($arg); //try to sanatize
16. $arg = stripslashes($arg);
17. $arg = htmlspecialchars($arg);
18. $arg = preg_replace("/[^a-z0-9-]+/i", "", $arg); //now using preg_replace
19.  
20. $stmt = mysqli_stmt_init($conn); //prepare and execute statement
21. mysqli_stmt_prepare($stmt, $query);
22. mysqli_stmt_bind_param($stmt, $type, $arg);
23. mysqli_stmt_execute($stmt);
24.  
25.  
26. $meta = $stmt->result_metadata(); //create assoc array with data
27. while ($field = $meta->fetch_field()) {
28. $var = $field->name;
29. $$var = null;
30. $parameters[$field->name] = &$$var;
31. }
32.  
33. call_user_func_array(array($stmt, "bind_result"), $parameters);
34.  
35. $copy = create_function('$a', 'return $a;');
36. $results = array();
37.  
38. while ($stmt->fetch()) {
39. $results[] = array_map($copy, $parameters);
40. }
41.  
42.  
43. return $results; //returns results and closes the connections
44. mysqli_stmt_close($stmt);
45. mysqli_close($conn);
46. }