如何防止更新数据库中的多个字段

I'm trying to edit data(stored in DB). This is display.php. First it displays data from DB (if no data then blank fields). Then edit button to edit DB.

<html>
<body>
<?php

if(!isset($_POST['edit_pro']))
{
?>
      //get data from DB and display in table.


<form>
<input type="submit" name= "edit" value="edit">
</form>

<?php
}
else
{
?>
<form name="edit_DB" action="edit.php">

//edit ...2 <select> fields and 1 text field.

//submit button
</form>
<?php
}
?>

And in edit.php i simply update the DB. But what if i want to change only 1 field.(problem is all fields gets updated).Here's edit.php

<?php
include_once 'db_connect.php';

$db_con = dbConnect("dbname");

$uid = $_SESSION['uid'];

if(isset($_POST['edit']))
{

    $c = $_POST['c'];

    $s = $_POST['list'];

    $t = $_POST['nm'];

    $a = $_POST['a'];

    $sql = "UPDATE `user` SET `c` = ?, `s` = ?, `t` = ? WHERE u_id = ?";    

    $q = $db_con->prepare($sql);

    $q->execute(array($c,$s,$t,$uid));



    header("Location:display.php");

}
?>

$sql = "UPDATE `user` SET `c` = ?, `s` = ?, `t` = ? WHERE u_id = ?";

this query means:

  1. update table user
  2. for each row in this table where u_id = [some value]
  3. set fields C and S and T to some other distinct values

so, your query updates 3 fields at one time, and it is ok, as it what it should do

if you want to change this logic, to update only some fields you need to change query and arguments, for example if you want to change only c use:

$sql = "UPDATE `user` SET `c` = ? WHERE u_id = ?";    
$q = $db_con->prepare($sql);
$q->execute(array($c, $uid)); // this array binds values to question marks, so count should be the same, we have 2 ? - we must use 2 variables

for c AND t:

$sql = "UPDATE `user` SET `c` = ?, `t` = ? WHERE u_id = ?";    
$q = $db_con->prepare($sql);
$q->execute();

if you don't know exactly how many arguments will be, you need dynamic query building, like:

$arr = array();
$sqlA = array();
if (isset($_POST['c']) && $_POST['c']) {
    $arr[] = $_POST['c'];
    $sqlA[] = '`c`=?';
}
if (isset($_POST['s']) && $_POST['s']) {
    $arr[] = $_POST['s'];
    $sqlA[] = '`s`=?';
}
if (isset($_POST['t']) && $_POST['t']) {
    $arr[] = $_POST['t'];
    $sqlA[] = '`t`=?';
}

if (count($arr)) {
    $sql = 'UPDATE `user` SET '.implode($sqlA, ',').' where u_id = ?';
    $arr[] = $uid;

    $q = $db_con->prepare($sql);
    $q->execute($arr);
}

That means that WHERE clause of the request doesn't work. Check if you passing a quotation marks " in you variable $t so you close $sql before WHERE clause