phpmyadmin Question posted in
The official documentation can be found here.

form updating fields that haven't been updated by user – PHP Query – Phpmyadmin

I’m in need of some help with my PHP query. I’m essentially giving users the opportunity to update their own details once they have logged in. The form:

<div class="grid-2"> 
    <p><b>UPDATE MY DETAILS</b></p>
        <form action ="includes/update.inc.php" method ="post">
        <label>S.Name</label>
        <input name="update-surname" type="text" placeholder="Enter new surname...">
        <label>Address</label>
        <input name="update-houseno" type="text" placeholder="Enter house no' or name...">
        <input name="update-ln1" type="text" placeholder="1st Line of Address...">
        <input name="update-town" type="text" placeholder="Town...">
        <input name="update-county" type="text" placeholder="County...">
        <input name="update-postcode" type="text" placeholder="Postcode...">
        <label>Contact Number</label>
        <input name="update-number" type="text" placeholder="Contact Number...">
        <label>Email</label>
        <input name="update-email" type="text" placeholder="Email...">

        <input type="submit" name="update-details" value="Update">
    </form>
</div>

My php code which I have currently, if the user doesn’t enter anything in the box, it updates the database with a blank input (which I don’t want to happen), if there’s no input I don’t want that field in the table touched.

    <?php
// Here we check whether the user got to this page by clicking the proper button.
if (isset($_POST['update-details'])) {

      require 'dbh.inc.php';

// We grab all the data which we passed from the signup form so we can use it later.
    $surname = $_POST['update-surname'];
    $houseno = $_POST['update-houseno'];
    $ln1 = $_POST['update-ln1'];
    $town = $_POST['update-town'];
    $county = $_POST['update-county'];
    $postcode = $_POST['update-postcode'];
    $email = $_POST['update-email'];
    $number = $_POST['update-number'];

      // We validate the updated email is correct if email has been updated. 
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    header("Location: ../after-login.php?error=invalidmail=");
    exit();
    }

    $query = "UPDATE `tblMember` SET `fldSName` = '$surname', `fldTelNum` = '$number', `fld1stLnAddress` = '$houseno', `fld2ndLnAddress` = '$ln1', `fld3rdLnAddress` = '$town', `fldCounty` = '$county', `fldPostcode` = '$postcode', `fldEmailAddress` = '$email' WHERE `tblMember`.`fldMemberID` = 1";


    $result = $conn->query($query) or die ("error");
}
?>

Once the php form is loaded, the web page disappears and doesn’t stay on the current webpage their on either.

So 2 things needed, help with the correct query and help with the page going blank and not staying on the webpage.

Please note that I know this is vulnerable to injection attack I’m just trying to get it physically working before I attempt to get my head around how I do prepared statements.

Thanks!

Tags:

3

Answers


  1. 0

    You need to check if data input field is non-empty/valid.

    Steps to avoid blank fields update:

    1) Take an empty array

    2) Check if every posted variable is valid, if it valid append it to array.

    3) Check if the array is not empty.

    4) If its not empty, fire SQL.

    <?php
// Here we check whether the user got to this page by clicking the proper button.
if (isset($_POST['update-details'])) {

      require 'dbh.inc.php';

// We grab all the data which we passed from the signup form so we can use it later.
    $ln1 = $_POST['update-surname'];
    $houseno = $_POST['update-houseno'];
    $ln1 = $_POST['update-ln1'];
    $town = $_POST['update-town'];
    $county = $_POST['update-county'];
    $postcode = $_POST['update-postcode'];
    $email = $_POST['update-email'];
    $number = $_POST['update-number'];

      // We validate the updated email is correct if email has been updated. 
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    header("Location: ../after-login.php?error=invalidmail=");
    exit();
    }

    $update = [];
    if (! empty($surname)) {
        $update['fldSName'] = "fldSName = '".$surname ."'";
    }

    if (! empty($number)) {
        $update['fldTelNum'] = "fldTelNum='".$number ."'";
    }

    if (! empty($houseno)) {
        $update['fld1stLnAddress'] = "fld1stLnAddress='".$houseno ."'";
    }

    if (! empty($ln1)) {
        $update['fld2ndLnAddress'] = "fld2ndLnAddress='".$ln1 ."'";
    }

    if (! empty($town)) {
        $update['fld3rdLnAddress'] = "fld3rdLnAddress='".$town ."'";
    }

    if (! empty($county)) {
        $update['fldCounty'] = "fldCounty='".$county ."'";
    }
    if (! empty($postcode)) {
        $update['fldPostcode'] = "fldPostcode='".$postcode ."'";
    }
    if (! empty($email)) {
        $update['fldEmailAddress'] = "fldEmailAddress='".$email ."'";
    }


    if (! empty($update)) {
        $query = "UPDATE `tblMember` SET ";
        $query .= implode(', ', $update);
        $query .= " WHERE `tblMember`.`fldMemberID` = 1";
        $result = $conn->query($query) or die ("error");
    }
}
?>

    NOTE:

    fldMemberID seems to be hard-coded.

    Login or Signup to reply.
  2. 0 
    <?php
// Here we check whether the user got to this page by clicking the proper button.
if (isset($_POST['update-details'])) {

    require 'dbh.inc.php';

// We grab all the data which we passed from the signup form so we can use it later.
    $surname = $_POST['update-surname'];
    $houseno = $_POST['update-houseno'];
    $ln1 = $_POST['update-ln1'];
    $town = $_POST['update-town'];
    $county = $_POST['update-county'];
    $postcode = $_POST['update-postcode'];
    $email = $_POST['update-email'];
    $number = $_POST['update-number'];

    // We validate the updated email is correct if email has been updated.
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../after-login.php?error=invalidmail=");
        exit();
    }

    $query = "UPDATE `tblMember` SET ";
    (!empty($surname))?: $query .= "`fldSName` = '$surname',";
    (!empty($houseno))?: $query .= "`fldTelNum` = '$houseno',";
    (!empty($ln1))?: $query .= "`fld1stLnAddress` = '$ln1',";
    (!empty($town))?: $query .= "`fld2ndLnAddress` = '$town',";
    (!empty($county))?: $query .= "`fld3rdLnAddress` = '$county',";
    (!empty($postcode))?: $query .= "`fldCounty` = '$postcode',";
    (!empty($email))?: $query .= "`fldPostcode` = '$email',";
    (!empty($number))?: $query .= "`fldEmailAddress` = '$number'";



   $query .= " WHERE `tblMember`.`fldMemberID` = 1";


    $result = $conn->query($query);

    header("Location: ../after-login.php");  //make sure of the path

}

    Basically you are checking your input values and like that you build your query by concatenating the query blocks.

    At the end added the header to redirect you to the page you want.

    Login or Signup to reply.
  3. 0

    For first concern you can edit your query as

    UPDATE tblMember
SET fldSName = IF('$surname' = '', fldSName, '$surname'),
    fldTelNum = IF('$number' = '', fldTelNum, '$number'),
    fld1stLnAddress = IF('$houseno' = '', fld1stLnAddress, '$houseno'),
    fld2ndLnAddress = IF('$ln1' = '', fld2ndLnAddress, '$ln1'),
    fld3rdLnAddress = IF('$town' = '', fld3rdLnAddress, '$town'),
    fldCounty = IF('$county' = '', fldCounty, '$county'),
    fldPostcode = IF('$postcode' = '', fldPostcode, '$postcode'),
    fldEmailAddress = IF('$email' = '', fldEmailAddress, '$email'),
WHERE  
    `tblMember`.`fldMemberID` = 1

    For Second concern you have to remove die() and redirect to after-login.php as 

     $conn->query($query);
 header("Location: ../after-login.php");
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search