问题
I am currently trying to make an update page for user profiles on my site and. The code below works fine if the user updates all of their info, but if they leave out a field it inserts a blank record into the table.
Currently to get past this problem if the user has left a field blank I replace the blank field with $_SESSION['user']['field'] so it just re-inserts current data.
Here is my php at the moment
<?php
session_start();
if($_SESSION['uname']) {
$logged_in=true;
} else {
$logged_in=false;
}
include_once("../connection/conn.php");
if(isset($_POST['update'])) {
if($_POST['firstname']){ $firstname = $_POST['firstname']; }
else { $firstname = $_SESSION['uname']['firstname']; }
if($_POST['lastname']){ $lastname = $_POST['lastname']; }
else { $lastname = $_SESSION['uname']['lastname']; }
if($_POST['email']){ $email= $_POST['email']; }
else { $email = $_SESSION['uname']['email']; }
$id = $_SESSION['uname']['id'];
$query = "UPDATE users SET firstname=?, lastname=?, email=? WHERE id=? ";
$results = $condb->prepare($query);
$results->execute(array($firstname, $lastname,$email,$id));
if($results) {
echo "updated";
}
}
?>
回答1:
UPDATE `tablename`
SET `field` = IF(? <> '', ?, `field`)
WHERE ...
This subs the job of checking for empty entries to MySQL and field uses its previous value instead of an empty value. You need to pass the value into execute() twice for this to work. It's does basically the same thing as you are doing but without having to store the value in your PHP session.
Using this approach, your update code would look like this:
/*
This block is no longer necessary
if($_POST['firstname']){ $firstname = $_POST['firstname']; }
else { $firstname = $_SESSION['uname']['firstname']; }
if($_POST['lastname']){ $lastname = $_POST['lastname']; }
else { $lastname = $_SESSION['uname']['lastname']; }
if($_POST['email']){ $email= $_POST['email']; }
else { $email = $_SESSION['uname']['email']; }
*/
$query = "
UPDATE `users`
SET
`firstname` = IF(? <> '', ?, `firstname`),
`lastname` = IF(? <> '', ?, `lastname`),
`email` = IF(? <> '', ?, `email`)
WHERE `id` = ?
";
$results = $condb->prepare($query);
$results->execute(array(
$_POST['firstname'], $_POST['firstname'],
$_POST['lastname'], $_POST['lastname'],
$_POST['email'], $_POST['email'],
$_SESSION['uname']['id']
));
Your existing code would have stopped the user from entering a single 0 on its own, which this won't - you may want to add a check for that as well.
回答2:
You have to give field validation
if($firstname!="" && $lastname!="" && $email!=""){
$query = "UPDATE users SET firstname=?, lastname=?, email=? WHERE id=? ";
$results = $condb->prepare($query);
$results->execute(array($firstname, $lastname,$email,$id));
if($results) {
echo "updated";
}
}
else{
echo "Fill all the fields!";
}
来源:https://stackoverflow.com/questions/11753665/stop-sql-from-updating-blank-or-empty-fields-from-my-update-form