$member_id = $formdata['update']; $surname = $formdata['surname'];$other_name

1. $member_id = $formdata['update'];
2. $surname = $formdata['surname'];
3. $other_name = $formdata['othername'];
4. $contactmethod = $formdata['contactmethod'];
5. $email = $formdata['email'];
6. $mobilenum = $formdata['mobilenum'];
7. $phonenum = $formdata['phonenum'];
8. $occupation = $formdata['occupation'];
9. $userpass = $formdata['userpass'];
10. if(!isset($formdata['magazine']))
11. $magazine = 0;
12. else
13. $magazine = 1;
14.  
15. //Get ready to talk to the DB
16. $db = getDBConnection();
17. //Make a prepared query so that we can use data binding and avoid SQL injections.
18. $insertUser = $db->prepare('INSERT into member VALUES
19. (:surname, :other_name, :contact_method,
20. :email, :mobile, :landline, :magazine, :street,
21. :suburb, :postcode, :password,
22. :occupation) WHERE member_id=$member_id');
23. //Bind the data from the form to the query variables.
24. //Doing it this way means PDO sanitises the input which prevents SQL injection.
25. $insertUser->bindParam(':surname', $surname, PDO::PARAM_STR);
26. $insertUser->bindParam(':other_name', $other_name, PDO::PARAM_STR);
27. $insertUser->bindParam(':contact_method', $contactmethod, PDO::PARAM_STR);
28. $insertUser->bindParam(':email', $email, PDO::PARAM_STR);
29. $insertUser->bindParam(':mobile', $mobilenum, PDO::PARAM_STR);
30. $insertUser->bindParam(':landline', $phonenum, PDO::PARAM_STR);
31. $insertUser->bindParam(':magazine', $magazine, PDO::PARAM_INT);
32. $insertUser->bindParam(':street', $streetaddr, PDO::PARAM_STR);
33. $insertUser->bindParam(':suburb', $suburbstate, PDO::PARAM_STR);
34. $insertUser->bindParam(':postcode', $postcode, PDO::PARAM_INT);
35. $insertUser->bindParam(':password', $userpass, PDO::PARAM_STR);
36. $insertUser->bindParam(':occupation', $occupation, PDO::PARAM_STR);