Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts

    How to use if (!isset($report)) {

    I am writing a form to UPDATE a database.
    The form has 3 fields:
    report
    photo
    name

    I want to be able to fill in one field and update the database without blanking the other fields in the database.

    e.g.
    All fields in the database are currently filled in.
    If I update the 'report' and leave 'photo' and 'name' blank, the database is updated with the report and the photo and name fields are blanked.

    Can I use:
    if (!isset($photo)) {
    etc...

    to leave the database contents as they are, and NOT blank them out, if the fields are not filled in ???

    Any help and advice will by appreciated.

    Thanks,
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #2
    Regular Coder
    Join Date
    May 2011
    Posts
    239
    Thanks
    1
    Thanked 56 Times in 55 Posts
    I assume that the variables $report, $photo and $name exist. If so, you could use the following code as a guide (needs a pdo db connection).

    PHP Code:
    $params = array();
    $values = array();
    if (!empty(
    $report))
    {
            
    $params[] = "report=?";
            
    $values[] = $report;
    }
    if (!empty(
    $photo))
    {
            
    $params[] = "photo=?";
            
    $values[] = $photo;
    }
    if (!empty(
    $name))
    {
            
    $params[] = "name=?";
            
    $values[] = $name;
    }

    if (isset(
    $params[0]))
    {
            
    $sql "UPDATE t SET " implode(", "$params) . " WHERE id=1"// sample id
            
    $stmt $db->prepare($sql);
            
    $stmt->execute($values);


  • #3
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    3,763
    Thanks
    23
    Thanked 548 Times in 547 Posts
    And if you use MySqli:
    PHP Code:
    <?php
    $comma 
    ', ';
    $report '';
    $photo '';
    $name '';

    if(isset(
    $_POST['report']))
        
    $report $_POST['report'];
    if(isset(
    $_POST['photo']))
        
    $photo $_POST['photo'];
    if(isset(
    $_POST['name'])) 
        
    $name $_POST['name']. ' ';

    if(
    $report != '' && ($photo != '' || $name != '')) {$report $report $comma;}else{$report $report ' ';}
    if(
    $name != '' && $photo != ''){$photo $photo $comma;}else{$photo $photo ' ';}
    $temp $report  $photo $name;
    $query "UPDATE " $temp "everything else here";
    echo 
    $query// put  $results = mysqli_query($query);  here
    ?>
    Evolution - The non-random survival of random variants.

  • #4
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi Guys...
    Thank you for replying to my query.
    My database is mysqli, so I tried sunfighter's suggestion.
    I must admit, I don't fully understand it, but it didn't work for me.
    The 3 fields, $report, $photo and $name do exist, and have existing values in the database.
    This is the code for form (cut down):
    Code:
    <form action="tcc_addreport.php" method="POST">
    <table align="center" width=600 cellspacing=5 cellpadding=0 border=0>
    <tr><td colspan=2 align=center>
    <font size="2" >Photo:</font><br>
    <input type="text" size=25 name="photo"></input>
    </td></tr>
    <tr><td colspan=2 align=center>
    <font size="2" >Name:</font><br>
    <input type="text" size=25 name="name"></input>
    </td></tr>
    <tr><td colspan=2 align=center>
    <font size="2" >Your Report</font><br>
    <textarea name="report" cols="300" rows="10"></textarea>
    </td></tr>
    <tr><td align="center" valign="TOP"><font size="2">Region:</font><br />
    	<select name="selection">
           		<option value="Please select">Please select
    			<option value="chil">Chiltern
    			<option value="east">Eastern
    			<option value="humb">Humberside
    	</select>
    </td></tr>
    <tr align=center><td colspan=2>
    <input type=submit value="Post">&nbsp;&nbsp;&nbsp;
    <input type=reset value="Clear">
    <input type="hidden" name="action" value="add"></input>
    </td></tr>
    </table>
    </form>
    This is the code that I used for testing:
    PHP Code:
    $action $_POST['action'];
    $report $_POST['report'];
    $photo $_POST['photo'];
    $name $_POST['name'];
    $type $_POST['selection'];

    $comma ', ';
    $report '';
    $photo '';
    $name '';

    if(isset(
    $_POST['report']))
        
    $report $_POST['report'];
    if(isset(
    $_POST['photo']))
        
    $photo $_POST['photo'];
    if(isset(
    $_POST['name'])) 
        
    $name $_POST['name']. ' ';

    if(
    $report != '' && ($photo != '' || $name != '')) {$report $report $comma;}else{$report $report ' ';}
    if(
    $name != '' && $photo != ''){$photo $photo $comma;}else{$photo $photo ' ';}
    $temp $report  $photo $name;

        
    $qry "UPDATE " $vars2["table directory"] . " SET report='$report',photo='$photo',name='$name',type='$type',remoteip='$remoteip' WHERE type='$type'"
    When I run this script, with $photo and $name only, the report field in the database returns BLANK.

    My objective is to use 1 form with 3 fields.
    I want to be able to fill in any, or all, fields and only the fields that are filled in to change in the database. The other fields in the database to remain the same.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #5
    Regular Coder
    Join Date
    May 2011
    Posts
    239
    Thanks
    1
    Thanked 56 Times in 55 Posts
    This query is vulnerable to sql injection. I suggest you to use the pdo extension and prepared statements.
    $qry = "UPDATE " . $vars2["table directory"] . " SET report='$report',photo='$photo',name='$name',type='$type',remoteip='$remoteip' WHERE type='$type'";
    PHP Code:
    if($report != '' && ($photo != '' || $name != '')) {$report $report $comma;}else{$report $report ' ';} 
    if(
    $name != '' && $photo != ''){$photo $photo $comma;}else{$photo $photo ' ';} 
    $temp $report  $photo $name
    Keep it simple

  • #6
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi gvre...
    This query is vulnerable to sql injection. I suggest you to use the pdo extension and prepared statements.
    Do you mean that the code above, or below, this statement is vulnerable ?

    I have never heard of "the pdo extension". I have only just got round to converting from mysql to mysqli extension. I don't do too much programming, and when I do I tend to utilise script that I used many years ago.

    I do have php-pdo-5.3.3-14.el6_3.x86_64 installed on my server. I was installed by default.

    Can you give me more advice on how to carry out your suggestion, PLEASE.

    Thanks,
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #7
    Regular Coder
    Join Date
    May 2011
    Posts
    239
    Thanks
    1
    Thanked 56 Times in 55 Posts
    Quote Originally Posted by countrydj View Post
    Hi gvre...
    Do you mean that the code above, or below, this statement is vulnerable ?
    The code above (now is the code below).

    Quote Originally Posted by countrydj View Post
    I have never heard of "the pdo extension". I have only just got round to converting from mysql to mysqli extension. I don't do too much programming, and when I do I tend to utilise script that I used many years ago.

    I do have php-pdo-5.3.3-14.el6_3.x86_64 installed on my server. I was installed by default.

    Can you give me more advice on how to carry out your suggestion, PLEASE.
    PHP Code:
    $db = new PDO("mysql:dbname=[DBNAME];host=[HOST]""[USER]""[PASS]");
    $params = array();
    $values = array();
    if (!empty(
    $_POST['report']))
    {
            
    $params[] = "report=?";
            
    $values[] = $_POST['report'];
    }
    if (!empty(
    $_POST['photo']))
    {
            
    $params[] = "photo=?";
            
    $values[] = $_POST['photo'];
    }
    if (!empty(
    $_POST['name']))
    {
            
    $params[] = "name=?";
            
    $values[] = $_POST['name'];
    }
    if (isset(
    $params[0]) && !empty($_POST['type']) )
    {
            
    $sql "UPDATE t SET " implode(", "$params) . " WHERE type=?";
            
    $stmt $db->prepare($sql);
            
    $values[] = $_POST['type'];
            
    $stmt->execute($values);

    It needs exception handling, but it is a good starting point.

  • #8
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    3,763
    Thanks
    23
    Thanked 548 Times in 547 Posts
    Quote Originally Posted by countrydj View Post
    Hi Guys...
    Thank you for replying to my query.
    My database is mysqli, so I tried sunfighter's suggestion.
    I must admit, I don't fully understand it, but it didn't work for me.
    The reason it did not work is two fold. First was mine, but I can fix that. Second was yours:
    Your database is in an array($vars2["table directory"]) that is not in my code nor did you add it to the code. My code was just an example of what could have been done not a finished product.
    Your original request had me working with three fields report, photo, name, but now re-reading I see it was two fields. Again this is fixable. But if you want to go with gvre and his method, No problem. Just let me know.
    Evolution - The non-random survival of random variants.

  • #9
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi sunfighter...
    Many thanks for your reply.
    You will see in my last post that I don't understand PDO and have never used it.
    I certainly would like to understand and learn, but in the meantime I would like to get my problem solved with what I do understand.

    I'm sorry that I confused you with my original post.
    In reality, there are only 3 fields that are filled in by the user.
    $action is fixed, and hidden, in the script and $type is selected by the user, and CANNOT be blank. This will be trapped so that the form cannot be sent without the selection being made. Otherwise, the script will not insert into the database (nowhere to go).
    There is actually a choice of 21 regions to choose from (I have cut it down to 3 for the purpose of this thread) and it is very important that the correct region is selected. ('Please select' is not a region.)

    I would like you further help - PLEASE
    If you need any more information, please ask me...

    Thank you,
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club

  • #10
    Regular Coder
    Join Date
    May 2011
    Posts
    239
    Thanks
    1
    Thanked 56 Times in 55 Posts
    Quote Originally Posted by countrydj View Post
    I have never heard of "the pdo extension". I have only just got round to converting from mysql to mysqli extension. I don't do too much programming, and when I do I tend to utilise script that I used many years ago.
    Here is the mysqli version
    PHP Code:
    $values = array();
    if (!empty(
    $_POST['report']))
            
    $values[] = "report='" mysqli_real_escape_string($db$_POST['report']) . "'";
    if (!empty(
    $_POST['photo']))
            
    $values[] = "photo='" mysqli_real_escape_string($db$_POST['photo']) . "'";
    if (!empty(
    $_POST['name']))
            
    $values[] = "name='" mysqli_real_escape_string($db$_POST['name']) . "'";

    if (isset(
    $values[0]) && !empty($_POST['type']) )
    {
            
    $sql "UPDATE " $vars2['table directory'] . " SET " implode(", "$values) . " WHERE type='" mysqli_real_escape_string($db$_POST['type']) . "'";
            
    mysqli_query($db$sql);


  • #11
    Regular Coder
    Join Date
    Nov 2011
    Location
    Preston, UK
    Posts
    131
    Thanks
    36
    Thanked 0 Times in 0 Posts
    Hi gvre..

    Many thanks for your help.
    Unfortunately, I couldn't get the code to work for me.
    After trying for a number of hours, I gave it up.

    I decided to solve the problem a different way:
    When calling the input form, I loaded it with the current information from the database.
    That way, it can be modified at will and returned without any empty fields.

    Thanks again.
    The MAN, The MYTH, The LEGEND:
    John C
    ________________________________
    Support your local Country Music Club


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •