Sorry I have been out of touch... I thought I had this problem beat, but
I was wrong. I decided that the best thing to do was to filter the
variables as the $sql statement was being created. I tried using the
following code, and got a message back that it was invalid and my Query
couldn't execute... Can anyone tell me where I screwed this one up??
$sql = "UPDATE $table SET;
if(!empty($first_name))
$sql .='first_name='.$first_name.',';
if(!empty($last_name))
$sql .='last_name='.$last_name.',';
if(!empty($hs_last_name))
$sql .='hs_last_name='.$hs_last_name.',';
if(!empty($street_address1))
$sql .='street_address1='.$street_address1.',';
if(!empty($street_address2))
$sql .='street_address2='.$street_address2.',';
if(!empty($city))
$sql .='city='.$city.',';
if(!empty($state))
$sql .='state='.$state.',';
if(!empty($zip))
$sql .='zip='.$zip.',';
if(!empty($phone1))
$sql .='phone1='.$phone1.',';
if(!empty($phone2))
$sql .='phone2='.$phone2.',';
if(!empty($email_address))
$sql .='email_address='.$email_address.',';
if(!empty($current_info))
$sql .='current_info='.$current_info.',';
if(!empty($today))
$sql .='date_registered='.$today;
WHERE first_name='$first_name' AND last_name='$last_name'";
"Jeffrey" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Perhaps I have misunderstood something here. But it seems to me that
> anyone who just happens to put John Smith's name in could alter Mr.
> Smith's data.
>
> If users can update their own data, should you not have a log in process
> to ensure that only the original user can update his data? Them once he
> has logged in, you can populate all fields with data from the DB.
>
> Jeffrey
>
> Grae Wolfe - PHP wrote:
>> That was the first thing that I was going to do, but there is a concern
>> there for security of the data being input... This is a registration
>> site, and I don't want to provide information on "John Smith" to anyone
>> who just happens to put his name in.
>>
>>
>> ""Alejandro Tesone"" <[EMAIL PROTECTED]> wrote in message
>> news:[EMAIL PROTECTED]
>>
>>>Why don't you try populating the fields the user intends to modify
>>>with the information you already have?
>>>
>>>Alex T
>>>
>>>On 6/17/06, Grae Wolfe - PHP <[EMAIL PROTECTED]> wrote:
>>>
Good day!
I have been working on this little "free" project for a while, and now
I
have hit another major hiccup. Is there a simple way to only update
fields
that have something in them?
The problem that I am having is that if someone fills out information
and
submits it, it saves to the DB just fine. However, if they come back
later
and just put in, for example, a new phone number, it replaces all of the
other information with blanks.
Here is my current $sql query:
$sql = "UPDATE $table
SET
first_name='$first_name',
last_name='$last_name',
hs_last_name='$hs_last_name',
guest_name='$guest_name',
street_address1='$street_address1',
street_address2='$street_address2',
city='$city',
state='$state',
zip='$zip',
phone1='$phone1',
phone2='$phone2',
email_address='$email_address',
farmers_barn='$farmers_barn',
wrhs_tour='$wrhs_tour',
crystal_rose='$crystal_rose',
registration_comments='$registration_comments',
date_registered='$today'
WHERE first_name='$first_name' AND last_name='$last_name'";
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
>>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
