blank fields are replacing/updating others?

[andy_b_1502]

Hello,

 

On submit of my form the blank fields are updating the previous details OR if i have ALL details stored, then just change 1 field, it changes everyone of the text boxes to blank deleting the stored data?

 

This is really annoying, how do i solve this? 

 

i have tried isset()

 

but it doen't do anything at all with isset() set?

 

<?PHP
session_start();

include ('php only scripts/db.php');
$id = $_GET['id'];
$website = $_GET['website'];
$phone = $_GET['phone'];
$phone2 = $_GET['phone2'];
$premiumuser_decription = $_GET['premiumuser_decription'];

$website = isset($_POST['$website']);
$phone = isset($_POST['$phone']);
$phone2 = isset($_POST['$phone2']);
$premiumuser_decription = isset($_POST['$premiumuser_decription']);


$query = "UPDATE companies SET website = '". mysql_real_escape_string($website) ."', phone = '". mysql_real_escape_string($phone) ."', phone2 = '". mysql_real_escape_string($phone2) ."', premiumuser_description = '". mysql_real_escape_string($premiumuser_decription) ."' WHERE id = ". mysql_real_escape_string($id);
$result = mysql_query($query ) or die("SELECT Error: ".mysql_error());
header("Location: view01.php?id=" . $id); 
exit(0);
?>

 

Am i on the right track or way off the mark?

[Barand]

Have you thought of reading the manual to see what isset() actually does?

 

isset

[andy_b_1502]

Yeah, determines if a variable has been set, and returns true if it is set?

 

So isset function should work, right?

[litebearer]

since you are UPDATING the record, why not populate the form with the existing data? That way data that has been modified will update the appropriate fields; while data unchanged will simply be populated with its original content.

 

BTW just because the user is registered and editing their own data does NOT mean you should skip validating and sanitizing the data.

 

 

[Barand]

The isset function works fine - but not the way you apparently expect it to. It puts a boolean (true or false) value in your variable, not the value you are wanting.

 

Also, isset will return true if the variable exists but with a blank value.

 

If, say, three of your four variables contain values but the fourth is blank :

 

do you want to abort and send an error message or

do you want to go ahead and just update the three or

do update all four as values may be blank?

[andy_b_1502]

go ahead and just update the three or how ever many fields entered

[andy_b_1502]

iv'e just tested it and it doent't update anything with the isset() functions added?

 

nothing is changed from the original

[andy_b_1502]

It puts a boolean (true or false) value in your variable, not the value you are wanting.

 

What is the value i want?

[Barand]

obviously the value you want is the value entered in the form.

 

$setArray = array();
$setstr = '';

$id = intval($_GET['id']);

if (isset($_GET['website']) && $_GET['website']) {
    $website = mysql_real_escape_string($_GET['website']);
    $setArray[] = "website = '$website'";
}
if (isset($_GET['phone']) && $_GET['phone']) {
    $phone = mysql_real_escape_string($_GET['phone']);
    $setArray[] = "phone = '$phone'";
}
if (isset($_GET['phone2']) && $_GET['phone2']) {
    $phone2 = mysql_real_escape_string($_GET['phone2']);
    $setArray[] = "phone2 = '$phone2'";
}
if (isset($_GET['premiumuser_decription']) && $_GET['premiumuser_decription']) {
    $premiumuser_decription = mysql_real_escape_string($_GET['premiumuser_decription']);
    $setArray[] = "premiumuser_decription = '$premiumuser_decription'";
}

if (count($setArray) > 0) {
    $setstr = join (', ', $setArray);
    $query = "UPDATE companies SET $setstr WHERE id = $id";
    mysql_query($query) 
}

[andy_b_1502]

so the full code would look like this:

 

<?PHP
session_start();

include ('php only scripts/db.php');

$setArray = array();
$setstr = '';

$id = intval($_GET['id']);

if (isset($_GET['website']) && $_GET['website']) {
    $website = mysql_real_escape_string($_GET['website']);
    $setArray[] = "website = '$website'";
}
if (isset($_GET['phone']) && $_GET['phone']) {
    $phone = mysql_real_escape_string($_GET['phone']);
    $setArray[] = "phone = '$phone'";
}
if (isset($_GET['phone2']) && $_GET['phone2']) {
    $phone2 = mysql_real_escape_string($_GET['phone2']);
    $setArray[] = "phone2 = '$phone2'";
}
if (isset($_GET['premiumuser_decription']) && $_GET['premiumuser_decription']) {
    $premiumuser_decription = mysql_real_escape_string($_GET['premiumuser_decription']);
    $setArray[] = "premiumuser_decription = '$premiumuser_decription'";
}

if (count($setArray) > 0) {
    $setstr = join (', ', $setArray);
    $query = "UPDATE companies SET $setstr WHERE id = $id";
    mysql_query($query) 
}
header("Location: view01.php?id=" . $id); 
exit(0);
?>

[Barand]

Don't just use it blindly. Understand what it is doing.

[andy_b_1502]

<?php
session_start();

*/ Start session */

include ('php only scripts/db.php');

*/ connect to db */

$setArray = array();
$setstr = '';

*/ having trouble finding much on google for this */

$id = intval($_GET['id']);

*/ get the interger value of 'id' from the table */

*/ get's information from each field set, from the table */

if (isset($_GET['website']) && $_GET['website']) {
    $website = mysql_real_escape_string($_GET['website']);
    $setArray[] = "website = '$website'";
}
if (isset($_GET['phone']) && $_GET['phone']) {
    $phone = mysql_real_escape_string($_GET['phone']);
    $setArray[] = "phone = '$phone'";
}
if (isset($_GET['phone2']) && $_GET['phone2']) {
    $phone2 = mysql_real_escape_string($_GET['phone2']);
    $setArray[] = "phone2 = '$phone2'";
}
if (isset($_GET['premiumuser_decription']) && $_GET['premiumuser_decription']) {
    $premiumuser_decription = mysql_real_escape_string($_GET['premiumuser_decription']);
    $setArray[] = "premiumuser_decription = '$premiumuser_decription'";
}

*/ if there IS NOT a match then add the new user information/details, if there IS a match, leave or do not change */

if (count($setArray) > 0) {
    $setstr = join (', ', $setArray);
    $query = "UPDATE companies SET $setstr WHERE id = $id";
    mysql_query($query) 
}

*/ direct user back to view01.php */ 
header("Location: view01.php?id=" . $id); 
exit(0);
?>

 

Please correct me where i have gone wrong or miss understood the information? Thank you.

[Barand]

comment syntax is

 

/* comment */

 

not

 

*/ comment */

 

What symptoms are you getting that something wrong?

[andy_b_1502]

how come it comments the code out then?

 

or it that just the "standard" way?

 

 

 

There's nothing wrong, it works great thank you but for the sake of trying to understand it i was simply trying to clarify for myself each section...

[Pikachu2000]

When I run that code, it throws an "Unexpected *" parse error due to the mangled comment delimiters.

[andy_b_1502]

i'm using dreamweaver, i don't know why it's working for me but it comments out the code, turning it yellow? i don't know... 

[Barand]

Using */comment*/ as you do gives an error when I try to run code

Parse error: syntax error, unexpected '*' in C:\inetpub\wwwroot\apps\test\noname2.php on line xx

Have you got your error reporting turned off?

 

 

Added my comments

<?php
$id = intval($_GET['id']);                                     // guarantee it's a harmless number value

if (isset($_GET['website']) && $_GET['website']) {             // does the GET value exists and has it a value ?
    $website = mysql_real_escape_string($_GET['website']);     //       get its value and escape it
    $setArray[] = "website = '$website'";                      //       ok to update this field in the query so store it
}
if (isset($_GET['phone']) && $_GET['phone']) {
    $phone = mysql_real_escape_string($_GET['phone']);
    $setArray[] = "phone = '$phone'";
}
if (isset($_GET['phone2']) && $_GET['phone2']) {
    $phone2 = mysql_real_escape_string($_GET['phone2']);
    $setArray[] = "phone2 = '$phone2'";
}
if (isset($_GET['premiumuser_decription']) && $_GET['premiumuser_decription']) {
    $premiumuser_decription = mysql_real_escape_string($_GET['premiumuser_decription']);
    $setArray[] = "premiumuser_decription = '$premiumuser_decription'";
}



if (count($setArray) > 0) {                                     // do we have at least on field to update?
    $setstr = join (', ', $setArray);                           // form a comma separated string of our updates
    $query = "UPDATE companies SET $setstr WHERE id = $id";     // update it
    mysql_query($query);
}

?>

 

[andy_b_1502]

Have you got your error reporting turned off?

 

Just check my php ini file, the error report is turned on:

 

  - Show all errors, except for notices and coding standards warnings

;

;error_reporting = E_ALL & ~E_NOTICE

 

 

[Pikachu2000]

That line is commented out by the leading semicolon. You need to have error_reporting = -1 and display_errors = On in the php.ini file. Then save it and restart Apache.

[andy_b_1502]

I'm not using apache, well not on my system anyways.. the php .ini file is on my host's cpanel. why is it -1?