Вот несколько способов загрузки файла с использованием подготовленных операторов PHP:

Метод 1: использование mysqli и подготовленных операторов

<?php
// Assuming you have a form with a file input named 'fileUpload'
// Establish database connection
$mysqli = new mysqli('localhost', 'username', 'password', 'database');
// Prepare the statement
$stmt = $mysqli->prepare("INSERT INTO files (filename, filedata) VALUES (?, ?)");
// Bind parameters
$stmt->bind_param("ss", $filename, $filedata);
// Process the uploaded file
$filename = $_FILES['fileUpload']['name'];
$filedata = file_get_contents($_FILES['fileUpload']['tmp_name']);
// Execute the statement
$stmt->execute();
// Close the statement and connection
$stmt->close();
$mysqli->close();
?>

Метод 2: использование PDO и подготовленных операторов

<?php
// Assuming you have a form with a file input named 'fileUpload'
// Establish database connection
$pdo = new PDO('mysql:host=localhost;dbname=database', 'username', 'password');
// Prepare the statement
$stmt = $pdo->prepare("INSERT INTO files (filename, filedata) VALUES (?, ?)");
// Process the uploaded file
$filename = $_FILES['fileUpload']['name'];
$filedata = file_get_contents($_FILES['fileUpload']['tmp_name']);
// Bind parameters
$stmt->bindParam(1, $filename);
$stmt->bindParam(2, $filedata, PDO::PARAM_LOB);
// Execute the statement
$stmt->execute();
// Close the statement and connection
$stmt = null;
$pdo = null;
?>

Метод 3. Использование подготовленных операторов с file_put_contents

<?php
// Assuming you have a form with a file input named 'fileUpload'
// Prepare the statement
$stmt = $pdo->prepare("INSERT INTO files (filename, filedata) VALUES (?, ?)");
// Process the uploaded file
$filename = $_FILES['fileUpload']['name'];
$filedata = $_FILES['fileUpload']['tmp_name'];
// Bind parameters
$stmt->bindParam(1, $filename);
$stmt->bindParam(2, $filedata);
// Execute the statement
$stmt->execute();
// Close the statement
$stmt = null;
?>