Home/ Questions/Q 8660459
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T16:15:29+00:00

I have this: if(isset($_POST[Submit])) { $updatequery = @mysql_query(UPDATE users SET FirstName=’.$_POST[‘firstname’].’, LastName=’.$_POST[‘lastname’].’, Address=’.$_POST[‘address’].’, City=’.$_POST[‘city’].’,

  • 0

I have this:

if(isset($_POST["Submit"])) {
$updatequery = @mysql_query("UPDATE users SET FirstName='".$_POST['firstname']."', LastName='".$_POST['lastname']."', Address='".$_POST['address']."', City='".$_POST['city']."', PostalCode='".$_POST['postalcode']."', HomePhone='".$_POST['homephone']."', AltPhone='".$_POST['altphone']."', HomeWebsite='".$_POST['homewebsite']."', EmailAddress='".$_POST['email']."', Paypal='".$_POST['paypal']."', Alertpay='".$_POST['alertpay']."', Payoneer='".$_POST['payoneer']."' WHERE Username = '".$_SESSION['Username']."'");</i>

Now unfortunately when a user updates their info (it’s a profile page), it updates everything which means if I left the Paypal email empty (because I already had it there) it updates the Paypal email with emptiness.

How do I solve this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just to note, this is a really basic example and I wouldn’t recommend using this in a live environment, but it should get you going in the right direction:-

    First, create an array mapping your column names to your $_POST variables, eg:

    $array = array(
  'FirstName' => 'firstname',
  'LastName' => 'lastname',
  'Address' => 'address',
  'City' => 'city'
);

    Next, loop over your newly created $array and check if the value exists in your $_POST array, like so:

      $data = array();
  foreach ($array as $key => $value) {
    if (isset($_POST[$value]) && !empty($_POST[$value]) {
      $data[] = $key . '="' . mysql_real_escape_string($_POST[$value]) . '"';
    }
  }

    Notice the $data array that has been created, this stores the column = "value" data. You can then just implode the $data array into your SQL string:

    if (!empty($data)) {
  $strSQL = 'UPDATE tbl_name SET ' . implode(', ', $data) . ' WHERE Username = "' . $_SESSION['Username'] . '"';
}

    Which would output (with some fictional $_POST data):

    UPDATE tbl_name SET FirstName="John", LastName="Doe", Address="Some Street", City="Somewhere"

    Just to reiterate, I would not advise that you use this code as it is. It is imperative that you validate and sanitise the user input beforehand!

    • 0