Hi,
i was wondering if my code below is the right way of doing it with PDO?I've been updating my site using pdo but just wanted to make sure im doing it right before i go ahead thanks.
//////////////////////////SELECT * FROM/////////////////////////////////
$sth = $db->prepare("SELECT * FROM users WHERE user = :user Or mail = :mail");
$query_params = array(
':user' => $_POST['user'],
':mail' => $mail
);
$sth->execute($query_params);
//////////////////////////INSERT INTO/////////////////////////////////
$sth = $db->prepare("INSERT INTO users (user,pass,salt,mail
) VALUES (:user,:pass,:salt,:mail)");
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$pass = hash('sha256', $_POST['pass'] . $salt);
$query_params = array(
':user' => $_POST['user'],
':pass' => $pass,
':salt' => $salt,
':mail' => $_POST['mail']
);
$sth->execute($query_params);
//////////////////////////UPDATE/////////////////////////////////
$sth = $db->prepare("UPDATE users SET user = :user WHERE mail = :mail");
$query_params = array(
':user' => $_POST['user'],
':mail' => $mail
);
$sth->execute($query_params);
//////////////////////////DELETE FROM/////////////////////////////////
$sth = $db->prepare("DELETE FROM users WHERE user = :user");
$query_params = array(
':user' => $_POST['user']
);
$sth->execute($query_params);
