update syntax

[cabbie]

What is the proper syntax or method in the prepare update sequence?

 

 

<?php
session_start();
$log_user_id = preg_replace('#[^0-9]#', '', $_SESSION['uid']);
$username = $_SESSION['owner'];

$fileName = $_FILES["uploaded_file"]["name"]; // The file name
$fileTmpLoc = $_FILES["uploaded_file"]["tmp_name"]; // File in the PHP tmp folder
$fileType = $_FILES["uploaded_file"]["type"]; // The type of file it is
$fileSize = $_FILES["uploaded_file"]["size"]; // File size in bytes
$fileErrorMsg = $_FILES["uploaded_file"]["error"]; // 0 for false... and 1 for true
$kaboom = explode(".", $fileName); // Split file name into an array using the dot
$fileExt = end($kaboom); // Now target the last array element to get the file extension
// START PHP Image Upload Error Handling --------------------------------------------------
echo $username, $fileName;
if (!$fileTmpLoc) { // if file not chosen
    echo "ERROR: Please browse for a file before clicking the upload button.";
    exit();
} else if($fileSize > 5242880) { // if file size is larger than 5 Megabytes
    echo "ERROR: Your file was larger than 5 Megabytes in size.";
    unlink($fileTmpLoc); // Remove the uploaded file from the PHP temp folder
    exit();
} else if (!preg_match("/.(gif|jpg|png)$/i", $fileName) ) {
     // This condition is only if you wish to allow uploading of specific file types    
     echo "ERROR: Your image was not .gif, .jpg, or .png.";
     unlink($fileTmpLoc); // Remove the uploaded file from the PHP temp folder
     exit();
} else if ($fileErrorMsg == 1) { // if file upload error key is equal to 1
    echo "ERROR: An error occured while processing the file. Try again.";
    exit();
}
// END PHP Image Upload Error Handling ---------------------------------
// Place it into your "uploads" folder mow using the move_uploaded_file() function
$moveResult = move_uploaded_file($fileTmpLoc, "members/$username/$fileName");
// Check to make sure the move result is true before continuing
if ($moveResult != true) {
    echo "ERROR: File not uploaded. Try again.", $fileName;
    unlink($fileTmpLoc); // Remove the uploaded file from the PHP temp folder
    exit();
}
// ---------- Include Adams Universal Image Resizing Function --------
include_once("scripts/avatar_sizecrop.php");
$target_file = "members/$username/$fileName";
$resized_file = "members/$username/$fileName";
$wmax = 310;
$hmax = 300;
ak_img_resize($target_file, $resized_file, $wmax, $hmax, $fileExt);
//$query = $db->query("UPDATE members SET avatar='$avatar' WHERE username='$username' AND id='$log_user_id' LIMIT 1");
// ----------- End Adams Universal Image Resizing Function ----------
// ------ Start Adams Universal Image Thumbnail(Crop) Function ------
/*$target_file = "members/$username/resized_$fileName";
$thumbnail = "members/$username/thumb_$fileName";
$wthumb = 150;
$hthumb = 150;
ak_img_thumb($target_file, $thumbnail, $wthumb, $hthumb, $fileExt);
// ------- End Adams Universal Image Thumbnail(Crop) Function -------*/
// Display things to the page so you can see what is happening for testing purposes

//header("Location: index.php?$username");    
$updateSQL = $db->prepare("UPDATE members SET avatar=? WHERE username=? LIMIT 1");
                $updateSQL->bindValue(1,$fileName,PDO::PARAM_INT);
                $updateSQL->bindValue(2,$username,PDO::PARAM_INT);
                $updateSQL->execute();
exit();
?>

[ginerjm]

I think the usual process is separated and not all combined into one statement. At least I've not seen it that way previously, but then I'm not a real user of prepared statements. That said I usually see this done in steps:

a) assign a query string to a variable with your arguments in it

b) prepare the query using the variable from a)

c) get your values for the arguments and bind them to the prepared statement variable

d) execute the query statement

 

Makes it easier to modify the query and the variables should you need to. Not to mention decipher it.

 

Just my $.02