return null in function thst execute query

Question

My problem is my function return null value and doesn't execute my query

function getUsers($username,$fields = '*')
{
    $db_host = "localhost";
    $db_user = "root";
    $db_pass = "";
    $db_name = 'filemanagerusers';
    $connection = new mysqli($db_host,$db_user,$db_pass,$db_name);
    ////////////////////////////////////////////////////////////////
    $query = "select $fields from users where username=".$username;
    $result = $connection->query($query);
    $customers = mysqli_fetch_assoc($result);//etelaate user dar ghalebe yek array be ma barmigarde
    return $customers;
}

Answer 1

A quick unsafe fix for you (but not preferable due to SQL Injection):-

$query = "select $fields from users where username= '$username'";

Note:- enclose $username with quotes to make it string.

The preferred way:-

Always use prepared statements of mysqli_* to prevent from SQL Injection like below:-

function getUsers($username,$fields = '*')
{
    $db_host = "localhost";
    $db_user = "root";
    $db_pass = "";
    $db_name = 'filemanagerusers';
    $connection = mysqli_connect(($db_host,$db_user,$db_pass,$db_name);
    /* check connection */
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }
    if ($stmt = mysqli_prepare($connection, "SELECT $fields FROM users where username=?")) {

        /* bind parameters for markers */
        mysqli_stmt_bind_param($stmt, "s", $username);

        /* execute query */
        mysqli_stmt_execute($stmt);

        /* bind result variables */
        mysqli_stmt_bind_result($stmt, $customers);


        /* close statement */
        mysqli_stmt_close($stmt);

        /* return result*/

        return $customers;
    }
}