Finding error in code

/** @var mysqli $mysqli Given that we already have a MySQLi connection */
$username = $_POST['username']; // get the input username
$result = $mysqli->query("SELECT `firstName`, `currentAddress`, `city` FROM `users` WHERE `username` = '$username' LIMIT 1");
if ($user = $result->fetch_assoc()) {
    echo $user['firstName'] . ' is living at ' . $user['currentAddress'];
    $city = strtoupper($user['city']);
    if (strpos($city, 'T')) {
        echo "\nThis user's city has a T letter.";

Other than the obvious security violation of not filtering your input? What is the problem? You didn’t really say WHAT problem you need help with.


I have to find an error in the code snippet and suggest how to improve it.

Sorry, we don’t do homework here. :slight_smile:


1 Like