This is what my input form looks like:
<tr>
<td class="standard_text_bold" width="25%">First name:</td>
<td class="standard_text_bold" width="25%"><input type="text" name="FirstName" value="<?echo $Name;?>" <?php if ($Status != "New customer") { echo "disabled"; } ?>></td>
</tr>
<tr>
<td class="standard_text_bold" width="25%">Last name:</td>
<td class="standard_text_bold" width="25%"><input type="text" name="LastName" value="<?echo $Lastname;?>" <?php if ($Status != "New customer") { echo "disabled"; } ?>></td>
</tr>
<tr>
<td class="standard_text_bold" width="25%">Email:</td>
<td class="standard_text_bold" width="25%"><input type="text" name="Email" value="<?echo $Email;?>" <?php if ($Status != "New customer") { echo "disabled"; } ?>></td>
</tr>
It's very general, and in a specific case, almost all inputs will be disabled.
I define all my inputs as
$LastName = $_POST['LastName'];
$FirstName = $_POST['FirstName'];
And I run an update query
mysql_query("
UPDATE data SET
FirstName = '$FirstName',
LastName = '$LastName',
ProductName = '$Productname',
ProductPriceUSD = '$Productpriceusd',
ProductPriceEUR = '$Productpriceeur',
ProductLink = '$Productlink',
Status = '$Newstatus',
Modified = now()
WHERE ID = '$id'
") or die(mysql_error());
Now I'd like to update ONLY those values that are not empty. Since this is a general query, is it possible to validate variables within the query itself?
I've tried stuff like:
if (empty($_POST['LastName'])) {
$LastName = $row['LastName'];
}
if (!empty($_POST['LastName'])) {
$LastName = $_POST['LastName'];
}
But it doesn't work for some reason. Any suggestions?
You can do this by constructing the query in php to have only the right set statements.
You can also do this in SQL:
UPDATE data
SET FirstName = (case when '$FirstName' = '' then FirstName else '$FirstName' end),
LastName = (case when '$LastName' = '' then LastName else '$LastName' end),
ProductName = (case when '$Productname' = '' then ProductName else '$ProductName' end),
ProductPriceUSD = (case when '$Productpriceusd' = '' then Productpriceusd else '$Productpriceusd' end),
ProductPriceEUR = (case when '$Productpriceeur' = '' then Productpriceeur else '$Productpriceeur' end),
ProductLink = (case when '$Productlink' = '' then Productlink else '$Productlink' end),
Status = (case when '$Newstatus' = '' then Status else '$NewStatus' end),
Modified = now()
WHERE ID = '$id';
Add form validation. If the "first name" field is empty text, then you should show an error message and tell the user to fill out the form again.
This covers 999 out of every 1000 forms I've ever created. For the rare case where I have a form made up of only fields... then I add an <input type="hidden"> field and check for that in the PHP. If it's not there, I know nothing was submitted.
Revise your query to something like this:
$query="UPDATE data SET";
if (!empty($_POST['FirstName']))
{
$query.=' FirstName="' . mysql_real_escape_string($_POST['FirstName'] . '",');
}
if (!empty($_POST['LastName']))
{
$query.=' LastName="' . mysql_real_escape_string($_POST['LastName'] . '",');
}
$query.="Modified = now() WHERE ID = '$id'";
mysql_query($query) or die(mysql_error());
You only append the fields on the query when it's !empty. Also, you may want to switch to mysqli or PDO as mysql_* functions are deprecated.