阻止 sql 从我的更新表单中更新空白或空字段 [英] Stop sql from updating blank or empty fields from my update form

问题描述

我目前正在尝试为我网站上的用户个人资料制作一个更新页面.如果用户更新了他们的所有信息，下面的代码工作正常，但如果他们遗漏了一个字段，它会在表格中插入一条空白记录.

I am currently trying to make an update page for user profiles on my site and. The code below works fine if the user updates all of their info, but if they leave out a field it inserts a blank record into the table.

目前为了解决这个问题，如果用户将字段留空，我将空白字段替换为 $_SESSION['user']['field'] 以便它只是重新插入当前数据.

Currently to get past this problem if the user has left a field blank I replace the blank field with $_SESSION['user']['field'] so it just re-inserts current data.

这是我目前的 php

<?php
session_start();
if($_SESSION['uname']) {
$logged_in=true;
} else {
$logged_in=false;
}
include_once("../connection/conn.php");

if(isset($_POST['update'])) {

if($_POST['firstname']){ $firstname = $_POST['firstname']; }
else { $firstname = $_SESSION['uname']['firstname']; }

if($_POST['lastname']){ $lastname = $_POST['lastname']; }
else { $lastname = $_SESSION['uname']['lastname']; }

if($_POST['email']){ $email= $_POST['email']; }
else { $email = $_SESSION['uname']['email']; }

$id = $_SESSION['uname']['id'];

$query = "UPDATE users SET firstname=?, lastname=?, email=? WHERE id=? ";

$results = $condb->prepare($query);

$results->execute(array($firstname, $lastname,$email,$id));

if($results) {
echo "updated";
}
}

?>

推荐答案

UPDATE `tablename`
SET `field` = IF(? <> '', ?, `field`)
WHERE ...

这将检查空条目的工作替换为 MySQL 并且字段使用其先前的值而不是空值.您需要将该值传递给 execute() 两次才能使其工作.它的作用与您所做的基本相同，但无需将值存储在您的 PHP 会话中.

This subs the job of checking for empty entries to MySQL and field uses its previous value instead of an empty value. You need to pass the value into execute() twice for this to work. It's does basically the same thing as you are doing but without having to store the value in your PHP session.

使用这种方法，您的更新代码将如下所示:

Using this approach, your update code would look like this:

/*
  This block is no longer necessary
if($_POST['firstname']){ $firstname = $_POST['firstname']; }
else { $firstname = $_SESSION['uname']['firstname']; }

if($_POST['lastname']){ $lastname = $_POST['lastname']; }
else { $lastname = $_SESSION['uname']['lastname']; }

if($_POST['email']){ $email= $_POST['email']; }
else { $email = $_SESSION['uname']['email']; }
*/

$query = "
  UPDATE `users`
  SET
    `firstname` = IF(? <> '', ?, `firstname`),
    `lastname` = IF(? <> '', ?, `lastname`),
    `email` = IF(? <> '', ?, `email`)
  WHERE `id` = ?
";

$results = $condb->prepare($query);

$results->execute(array(
  $_POST['firstname'], $_POST['firstname'],
  $_POST['lastname'], $_POST['lastname'],
  $_POST['email'], $_POST['email'],
  $_SESSION['uname']['id']
));

您现有的代码会阻止用户自行输入单个 0，但这不会 - 您可能还需要为此添加检查.

Your existing code would have stopped the user from entering a single 0 on its own, which this won't - you may want to add a check for that as well.

这篇关于阻止 sql 从我的更新表单中更新空白或空字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！