As I described in my old posts, I’m upgrading my “small” project from MYSQL into MYSQLi. I have successfully upgraded the whole project and I thought everything was working fine, untill I created new user.. The problem is that I can use which username I want and it will say if the data is not correct but when data is correct and login successfull no mater what username I use it always logins me as username with ID = 1.

Here’s my code:

Login:

function login($username, $password) {
    $id = user_id_from_username($username);
    $username = sanitize($username);
    $password = md5($password);

    global $db_connect;

    $result = $db_connect->query("SELECT COUNT(id) FROM `members` WHERE `username` = '$username' AND `password` = '$password'");
    if (false === $result) {
        return false;
    }
    return ($result->num_rows == 1) ? $id : false;
}

User ID from USERNAME:

function user_id_from_username($username) {
    $username = sanitize($username);
    global $db_connect;

    $result = $db_connect->query("SELECT(id) FROM members WHERE username = '$username'");
    if (false === $result) {
        return false;
    }
    return ($result->num_rows == 1) ? true : false;
}

Any help would be appriciated, I tried out so many things, and were comparing all my MYSQLi with MYSQL files and still I can’t find any issue of this.