/** * * @global type $CFG * @param type $id * @param type $fname * @param type $lname * @param type $student_num * @param type $email * @param type $cohort * @param type $img_file * @return type */ public function update_student($id, $fname, $lname, $student_num, $email, $img_file = null) { global $CFG; $returnStr = 'false'; // $conn = mysqli_connect($CFG->db, $CFG->dbuser, $CFG->dbuserpass, $CFG->schema) or die('<data><error>failed connecting to database</error><detail>' . mysqli_error($conn) . '</detail></data>'); try { $conn = new PDO("mysql:host={$CFG->db};dbname={$CFG->schema}", $CFG->dbuser, $CFG->dbuserpass); } catch (PDOException $e) { die('<data><error>failed connecting to database</error><detail>' . $e->getMessage() . '</detail></data>'); } // Clean up in coming arguments // $updateargs = get_defined_vars(); // foreach ($updateargs as $var_name => $value) { // if (is_string($value)) { // ${$var_name} = mysqli_real_escape_string($conn, $value); // } // } // $query = "SELECT * FROM {$CFG->schema}.students WHERE studentnum = '$student_num';"; // $result = mysqli_query($conn, $query) or die('<data><error>check student query failed</error><detail>' . mysqli_error($conn) . $query . '</detail></data>'); $query = "SELECT * FROM {$CFG->schema}.students WHERE studentnum = :student_num;"; $stmt = $conn->prepare($query); $stmt->bindValue(':student_num', $student_num, PDO::PARAM_STR); $stmt->execute() or die('<data><error>check student for update query failed</error><detail>' . $stmt->errorCode() . '</detail></data>'); $row = $stmt->fetch(PDO::FETCH_ASSOC); //$row = mysqli_fetch_assoc($result); // print_r($row); if (count($row) > 0 && $row['ID'] != $id) { return '<data><error>duplicate student</error><detail>The student number ' . $student_num . ' is already in use</detail></data>'; } else { $updatequery = "UPDATE {$CFG->schema}.students SET fname = :fname, lname = :lname, studentnum = :student_num, email=:email WHERE ID = :id;"; $updatestmt = $conn->prepare($updatequery); $updatestmt->bindValue(':fname', $fname, PDO::PARAM_STR); $updatestmt->bindValue(':lname', $lname, PDO::PARAM_STR); $updatestmt->bindValue(':student_num', $student_num, PDO::PARAM_STR); $updatestmt->bindValue(':email', $email, PDO::PARAM_STR); //$updatestmt->bindValue(':cohort', $cohort, PDO::PARAM_STR); $updatestmt->bindValue(':id', $id, PDO::PARAM_STR); $updatestmt->execute() or die('<data><error>update student query failed</error><detail>' . $updatestmt->errorCode() . '</detail></data>'); // $result = mysqli_query($conn, $query) or die('<data><error>update student query failed</error><detail>' . mysqli_error($conn) . $query . '</detail></data>'); // if ($updatestmt-> > 0) { // load the image to the image table if (isset($img_file)) { if (is_uploaded_file($img_file['tmp_name'])) { $medialib = new MediaLib(); if ($medialib->upload_image($id, $img_file, true)) { $returnStr = 'true'; } else { $returnStr = 'false'; } } } else { $returnStr = 'false'; } } return "<data><status>true</status><upload_image_status>{$returnStr}</upload_image_status></data>"; }