Problem updating fields in MySQL database with PHP.

[00stuff]

Hi guys, I have an html form that gets submited to a php script that has to check if each of the form fields has information and if it does the it has to update the information on the correstponding MySQL field. The problem is that when I modify the info on one of the fields and submit the form the other fields that did not get anything typed on also get updated to nothing. I looked over my code and can't find out what is wrong. Can someone help me please?

 

<?php

$access_level = $_POST['edit_access_level'];
$name = $_POST['edit_name'];
$id = $_GET['id'];
$password = $_POST['edit_password'];
$confirm_password = $_POST['edit_confirm_password'];
$today = date("m.d.y");

include('connect.php');
	mysql_select_db('qcapptest'); //select database



			if ($name&&$access_level)
			{


			if ($password!=$confirm_password)
			{

			print '<script type="text/javascript">'; 
			print 'alert("Passwords do not match! - Please try again!")'; 
			print '</script>';  

			print '<html>';
			print '<head>';
			print '<script type="text/javascript">';

			print 'function delayer(){    window.location = "edit_user.php?id=' . $id . ',"}';

			print '</script>';
			print '</head>';

			print '<body onLoad="setTimeout(delayer(), 1)">';




			print '</body>';
			print '</html>';



				die();
			}

			$password = md5($password);



			if ($name != '') {
			$queryreg = mysql_query("UPDATE user_acl SET name = '$name' WHERE id = $id ");
			}	

			if ($password != '') {
			$queryreg = mysql_query("UPDATE user_acl SET password = '$password' WHERE id = $id ");
			}

			if ($access_level != '') {
			$queryreg = mysql_query("UPDATE user_acl SET account_type = '$access_level' WHERE id = $id ");
			}

			if ($today != '') {
			$queryreg = mysql_query("UPDATE user_acl SET date_created = '$today' WHERE id = $id ");
			}


							print '<script type="text/javascript">'; 
			print 'alert("Account Modified! - Click ok to go back!")'; 
			print '</script>';  

			print '<html>';
			print '<head>';
			print '<script type="text/javascript">';

			print 'function delayer(){    window.location = "view_users.php"}';

			print '</script>';
			print '</head>';

			print '<body onLoad="setTimeout(delayer(), 1)">';




			print '</body>';
			print '</html>';


							die();



			}
			else
			{

			print '<script type="text/javascript">'; 
			print 'alert("Enter all required items! - Please try again!")'; 
			print '</script>';  

			print '<html>';
			print '<head>';
			print '<script type="text/javascript">';

			print 'function delayer(){    window.location = "edit_user.php?id=' . $id . ',"}';

			print '</script>';
			print '</head>';

			print '<body onLoad="setTimeout(delayer(), 1)">';




			print '</body>';
			print '</html>';


}


?>

 

I tried changing the text in the edit_name text field and leaving the edit_password field alone but it changes also updates the password field in my database. I hope you guys can find something.

 

Thanks,

[Pikachu2000]

Check whether the field was empty, and if so, don't update the value in the DB. Also, there's no reason to run 4 queries for this, you could easily form the query string in a loop and execute 1 query.

[AyKay47]

if you only want the update query to run if all of the data is submitted, you will need to combine your input validations..

 

if (!empty($password) && !empty($access_level) && !empty($name)) {
$queryreg = mysql_query("UPDATE user_acl SET name = '$name', password = '$password', account_type = '$access_level' WHERE id = $id ");
			}
if(!$queryreg) {
   print mysql_error();
}

 

Edit: this is a continuation of Pikachu2k's post before mine

[00stuff]

I don't want to update all of the fields. I want the script to check if the field has text on it and if it does then to update that field to the database. I changed the script to:

 

<?php

if (!empty($password)) {
$queryreg = mysql_query("UPDATE user_acl SET password = '$password' WHERE id = $id ");
}

?>

 

When I submit the form the field that passes the data to the variable $password was empty and the UPDATE query still modified the entry to the md5 hash of nothing. Do you guys understand what I'm trying to do now?

[AyKay47]

yeah empty should fix that

[PFMaBiSmAd]

You would test if the password field is empty, not if the md5 of the password is empty. In fact, you should only get the md5() of the password right before you place it into the query.

[Pikachu2000]

I understood what you were trying the first time I read it, and my initial response stands. Form the query string in a loop, only adding the field/value pairs to the query string where the value coming from the form is not empty. This code is not plug-n-play, but I'm sure you can probably figure it out with a little thought.

 

// for() loop is solely to generate some sample data.
for( $i = 1; $i < 5; $i++ ) {
   $_POST['field_' . $i] = "value_$i";
}
$values = array( 'field_1' => $_POST['field_1'], 'field_2' => $_POST['field_2'], 'field_3' => $_POST['field_3'], 'field_4' => $_POST['field_4'] ); // put all applicable values in an array
$values = array_map('trim', $values); // trim all leading/trailing whitespace (if not done previously)
$updates = array(); // initialize an empty array to hold the values for the query string
foreach( $values as $k => $v ) { // loop the array, unset() any empty elements, format and add non-empty to $updates array
   if( empty($v) ) {
      unset($values[$k]);
   } else {
      $updates[] = "`$k` = '$v'";
   }
}
if( !empty($updates) ) {
   $query = "UPDATE table SET " . implode(', ', $updates); // If not empty, implode the array to form the rest of the query string.
   // Execute the query
   echo $query; // Demonstration of resulting query string
}

[00stuff]

Found the problem. I was gettting the md5 of ' ' and I should of done that only if the variable $password was not empty in the first place. I added.

 

<?php

if (!emtpy($password)) {
$passwrod = md5($password);
}

?>

 

 

 

That fixed my problem.