Updating Tables

[-Karl-]

Okay so normally I'd do

$query = "UPDATE users SET `username` = '$_POST[username]',`password` = '$_POST[password]',`email` = '$_POST' WHERE `id` = '$id'";

 

But what if I only want it to update the tables depending on what a user has changed in a form.

 

For example, the form outputs data from the database

<fieldset>
<input type="hidden" name="id" id="id">
<label for="username">Username:</label><input value="{$arr['username']}" type="text" name="username" id="username" onkeyup="checkUsernameForLength(this);" />
</fieldset>
<fieldset>
<label for="password">Password:</label><input name="password" id="password" type="password" onkeyup="checkPassword(this);" />
</fieldset>

 

What would be the correct way about doing the query if let's say the user only changes their password, not the username, therefore the username will not return blank and it will remain what it was.

 

[mrMarcus]

create separate queries.  ultimately, to me, the concept of how people are updating their information is inefficient.

 

for starters, why let your users change their username?  typically not a common practice.

 

back to the point at hand.  just make sure the form is pre-populated with their existing credentials, which it appears you've already done that?, and that way, regardless of what field is being updated, the rest of the information is just being over-written with the same data.  redundant, yes.

 

or you can write several conditions to fill, or even create, a query dependent on what the user is trying to change.  but since PHP doesn't read minds, separating queries or just over-writing existing data in the db will exact same data from form fields would suffice for you.

 

and please tell me you are sanitizing your incoming form values and are not planning on dropping them right into the query.  look into mysql_real_escape_string() to avoid SQL Injection.

[-Karl-]

It was just an example, and yes I know about mysql_real_escape_string(). I was just looking for the most effective way to do this.