Jump to content

Recommended Posts

it has..

$types = array_filter($types, "removeEmpty"); // removes any item that was empty (not checked)

 

Though still don't see how I'd update the database.

 

HOWEVER. I thought of this, it might be a messy way though.

$fields = array();
if(isset($_POST['myfield'])) { $fields[] = "mycollum='".$_POST['myfield']."'"; }
$fields = implode(', ', $fields);
$query = mysql_query("update table set $fields where id = $userid");

 

This would work.. wouldn't it?

I'm not sure.. what you mean? Sorry.

 

Here is my code. (The one that overwrites)

  if(isset($_POST['submit'])){
  $user = check_user($secret_key);
  	  $profile = check_profile();

  	  $proname = stripslashes($_POST['proname']);
  $interestedin = strtolower($_POST['interestedin']);
  $lookingfor = strtolower($_POST['lookingfor']);
  $marstatus = strtolower($_POST['marstatus']);
  $orienstatus = strtolower($_POST['orienstatus']);
  $gender = strtolower($_POST['gender']);
  $likes = stripslashes($_POST['likes']);
  $dislikes = stripslashes($_POST['dislikes']);
  $music = stripslashes($_POST['music']);

  $query = mysql_query("update `profile` set `pro_name`='$proname', `interested_in`='$interestedin', `looking_for`='$lookingfor', `rel_status`='$marstatus', `orien_status`='$orienstatus', `likes`='$likes', `dislikes`='$dislikes', `music`='$music' where `user_id`='$user->id'");
  if($query) {
	  $query = mysql_query("update `users` set `gender`='$gender' where `id`='$user->id'");
	  if($query) {
		  echo 'Profile updated!';
	  }
  }
  }

Given that you want to use fields:

 

      // grab the form fields.
      $fields = array();
      $fields[] = isset($_POST['proname'])?"`proname` = '{$_POST['proname']}'":'';
      $fields[] = isset($_POST'interestedin'])?"`interestedin` = '{$_POST['interestedin']}'":'';
      $fields[] = isset($_POST['lookingfor'])?"`lookingfor` = '{$_POST['lookingfor']}'":'';

      foreach ($fields as $key => $field) {
            if (empty($field)) {
                   unset($fields[$key]);
            }
      }

     mysql_query("UPDATE profile SET " . implode(", ", $fields) . " WHERE where `user_id`='$user->id'") or trigger_error("Update Failed: " . mysql_error());

 

Should give you a better idea what is going on. And for reference the ? and : make up the ternary operator which is just a shortened if / else statement.  (if some condition) ? do this : else this;

 

Given that you do not care what gets lowerecased, I added another statement in the foreach to remove empties to escape the data (As it should be escaped to prevent SQL injection) and lowercase the variable. If magic_quotes are on, it will stripslashes before escaping it to avoid dupping the slashes.

 

Removed that part because, yea I was just being an idiot. You should look into mysql_real_escape_string and use it with get_magic_quotes_gpc to verify if you need to stripslashes before you escape to prevent SQL Injection

 

Hope that helps ya.

Thank you. I see what you have done. The piece of code you removed, completely confused my brain.

I'm only wanting strtolower for certain fields. Would I do this?

$fields[] = strtolower(isset($_POST['interestedin'])?"`interestedin` = '{$_POST['interestedin']}'":'');

Or ..

$fields[] = isset($_POST['interestedin'])?"`interestedin` = '{strtolower($_POST['interestedin'])}'":'';

 

I'm rather confused. I know about mysql_real_escape_string() 's but only use it for .. registration forms, or information that should be kept secure.

 

EDIT: Ouch.. copying code from here, and putting it on here doesn't like colours

Ah. Yeah that works! Cheers!

So.. about mysql_real_escape_string() and get_magic_quotes_gpc()

How would I go about securing it.. I can't quite remember the line in which you removed. It was an if statement, checking if there is magic quotes (I'm assuming) to remove them.. else just use mysql_real_escape_string

I just cant think how its done.

 

I remember something similar to this..

$fields = get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($fields)) : stripslashes($fields); 

Though I can't remember.. Help?

(Sorry if I'm annoying you. I haven't really done this before.)

 

Ken2k7, yeah. I've got like.. 10 of them, and it looks like giberish. D:

Uh. What's happened here?

Fatal error: Cannot unset string offsets in /home/jeanie/public_html/editprofile.php on line 191

 

Only occurs when the else statement is in there.

 

      foreach ($fields as $key => $field) {
            if (empty($field)) {
                   unset($fields[$key]);
            } else { $fields = get_magic_quotes_gpc()?mysql_real_escape_string(stripslashes($fields)):stripslashes($fields); }
      }

:o I looked up the mysql_real_escape_string (I dont tend to look at the comments, as most of them are too complicated) although I came across this.

$_POST = array_map('trim', $_POST);
if(get_magic_quotes_gpc()):
    $_POST = array_map('stripslashes', $_POST);
endif;
$_POST = array_map('mysql_real_escape_string', $_POST);

I'm also assuming you can access the $_POST fields still by doing $_POST['myfield'] ?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.