Skip empty form field

[Xeven]

Is it possible to skip an empty form field when inserting or updating values in a mysql table?

 

Example:

A page where a user can change his/her details.  However something such as a password field may not want to be changed, but the rest of the values do need to be changed.

 

So when the form is submitted, the fields which have had data entered into them are updated on the table, but the field password is still left the same on the table and not inserted with a null value.

 

Possible or wishful thinking?

 

Thanks

[BlueSkyIS]

you don't have to update every field at once. just update the ones you need

 

$sql = "UPDATE some_table SET some_field = '$some_value', some_other_field = '$some_other_value' WHERE id = '$some_id'";

[Xeven]

I also forgot to mention that if the password field does have anything entered into it then it would need to update the table.

 

Would that be using an if statement of some sort perhaps?

[AdamCox9]

You may want to prefill the fields in the forms with the data that is already in the DB. That is usually how it is done for profiles & such.

[Xeven]

You may want to prefill the fields in the forms with the data that is already in the DB. That is usually how it is done for profiles & such.

 

Does that count even for a password field?  I would have thought that still would have been left blank.

[BlueSkyIS]

yes, leave the password field blanked. only update it IF a new one has been entered.

[AdamCox9]

hmm... It should put the values in it and bleep them out also. I'm not sure.

 

See what this displays:

 

$password = "valuefromDB";

<input type="password" value="$password" name="password">

 

do a print_r($_RESULT); to see what value is there.

[BlueSkyIS]

you DO NOT want to fill in the password. Even though it's starred out, it's still visible in the HTML. this is just basic security.

[AdamCox9]

True. I didn't even think of that.

 

I usually see that their is a field to enter old password and then new password and a field to verify new password. That is the standard I see on the popular sites.

[Xeven]

yes, leave the password field blanked. only update it IF a new one has been entered.

 

This is basically what I am trying to do.  But I am not sure how I would go about doing this.

[corbin]

Just check if the password part of the form meets the criteria for a password, and if it does, update it.

 

Example:

 

$password = (isset($_POST['password'])) ? trim($_POST['password']) : '';

if(!empty($password)) {
     //update password
     //note that this just checks if a password was entered.... no other checks are done x.x.
}

[peranha]

if ($password == "") {

// create query
$query = "UPDATE users SET firstname='$firstname', lastname='$lastname', address='$address', city='$city', state='$state', zip='$zip', Email='$Email', MSN='$MSN', Yahoo='$Yahoo', AOL='$AOL', Gmail='$Gmail', phone='$phone', private='$private' WHERE username = '$_SESSION[username]'";

// execute query
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

}

else {

// Create a salt to add.
$salt = ($saltpass);

// Create Hash of password and salt.
$passwordHash = hash('SHA512', $password.$salt);

// create query
$query = "UPDATE users SET password='$passwordHash', firstname='$firstname', lastname='$lastname', address='$address', city='$city', state='$state', zip='$zip', Email='$Email', MSN='$MSN', Yahoo='$Yahoo', AOL='$AOL', Gmail='$Gmail', phone='$phone', private='$private' WHERE username = '$_SESSION[username]'";

// execute query
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

}

 

That is what my user edit page looks like

[Xeven]

You guys are amazing.  It is now up and working.  Thanks for all of you who helped out and gave idea's on what I could do.

 

Peranha, your stuff gave me a lot of insight on how I should go about doing it, thanks for posting your code.

 

 

[peranha]

yeah, there probably is a better way of doing it, but it works great.