Since no one has replied, i thought I'd just jump in and point you in a helpful direction
Latest secure database class created by @judda (owner of TGL):
https://github.com/awjudd/pdo-wrapper
Read through the code in /src/.
Your code would then end up something like:
$config = Configuration::fromArray(["Hostname":"localhost","Database":"","Username":"","Password":""]);
$this -> db = new Database($config);
A basic query would look something like this (although you'd probably do some more validation to ensure you're passing an actual value into it):
$user_id = $_SESSION['user_id'];
$myResult = $this -> db -> query('SELECT username,email FROM users WHERE id={0:ud}', $user_id);
if($myResult -> numberOfRows == 1){
print "Logged in as user " . $myResult -> getArray()['username'];
}
{0:ud} the zero means the first parameter after the query (in this case $user_id). 'ud' represents an unsigned decimal (ie, a non-negative number) If you were using a string you would us "s" instead of "ud". Read the file /src/Database/ValueType.php for more info on the different types. If the value handed in doesnt match the type expected in the query an error with be thrown.
Lastly if you were doing a query that yields multiple results, you could iterate through it using something like:
$myResult = $this -> db -> query('SELECT id,username FROM users ORDER BY id ASC");
foreach($myResult -> retrieveAllRows() as $key = >$value){
print "User ID #".$value['id'].' is username '.$value['username'].'<br />';
}
Disclaimer: None of this code is tested, but theoretically should work.