MYSQLi and PHP **please help**

[poolanex]

I not sure if its possible but i wanna convert this code piece using a prepared statement

 

function list_owner_notes(){

            $id = $this->id;

            $sql = "SELECT nid, title FROM notes JOIN hubs ON notes.hub_url=hubs.hub_url WHERE owner = '$id'";

            $result = mysql_query($sql) or die(mysql_error());

            $notes = array();

 

            for($i=0; $row = mysql_fetch_array($result, MYSQL_ASSOC); $i++){

                $notes[$i]=$row;

            }

 

            return $notes;

        } 

 

this is what i came up with so far but dont know how to handle it to return an array

 

 

        function get_owner_hubs(){

$id = $this->id;

 

            $$stmt = $dbs->stmt_init();

            if($stmt->prepare("SELECT 'nid', 'title' FROM 'notes' JOIN 'hubs' ON 'notes.hub_url' = 'hubs.hub_url' WHERE 'owner' = ?"))

                      {

                              $stmt->bind_param('i', $id);

                              $stmt->execute();

                              $stmt->bind_result($nid, $title);

 

                              while($rows = $stmt->fetch_array())

                              {

                                      $this->nid = $nid;

                                      $this->title = $title;

                                                                      }

                              $stmt->close();

                      } else die(mysql_error());

 

the goal is to prevent script injection for the input value and id like to try and beable to return the results from the qury as an array using the MYSQLI STMT class if possible.  Thanks