CODEWITHSUNDEEP
phpmysqlsql
Jeff Voss
Jeff Voss

Reputation: 3695

MySQL update user code

I have a form that updates a users information upon submit. The current setup only allows the form to be submitted if all fields are filled out. I need to create if statements for each field that says if populated, update, if not, dont.

I have the password field listed below that describes what I want to do for each and every field, but I wasnt sure if I could list multiple variables inside the IF or do I have to write separate IF statements and select from the database every time

if($password != '') {
  if($password != $password2) {
    $error = '<div class="error_message">Attention! Your passwords did not match.</div>';
  }

  if(strlen($password) < 5) {
    $error = '<div class="error_message">Attention! Your password must be at least 5 characters.</div>';
  }

  if($error == '') {
    $sql = "UPDATE login_users 
               SET restricted = '$restrict', 
                   company_name = '$company_name', 
                   contact = '$contact', 
                   email = '$email', 
                   user_level = '$level', 
                   password = MD5('$password') 
             WHERE user_id = '$id'";
    $query = mysql_query($sql) or die("Fatal error: ".mysql_error());

    echo "<h2>Updated</h2>";
    echo "<div class='success_message'>User information (and password) updated for User ID <b>$id ($company_name)</b>.</div>";
    echo "<h2>What to do now?</h2><br />";
    echo "<a href='xxxxxxxx'>&laquo; Back to Admin Panel</a> | Go to the <a href='user_edit.php'>edit users</a> page.</li>";
  }

Here is some more of my code

    if(trim($id) == '1') {
    $error = '<div class="error_message">Attention! You cannot edit the main Administrator, use database.</div>';
} else if(trim($company_name) == '') {
    $error = '<div class="error_message">Attention! You must enter a company name.</div>';
} else if(trim($contact) == '') {
    $error = '<div class="error_message">Attention! You must enter a contact name.</div>';
} else if(!isEmail($email)) {
    $error = '<div class="error_message">Attention! You have entered an invalid e-mail address, try again.</div>';
} else if(trim($level) == '') {
    $error = '<div class="error_message">Attention! No user level has been selected.</div>';
}

Upvotes: 1

Views: 226

Answers (2)

joakimdahlstrom
joakimdahlstrom

Reputation: 1595

It depends on what kind of user feedback you want, but here's a simple approach that collects the fields that pass validation, and uses them for the query. 

$errors = array();
$fields = array();

if( ($password != $password2) {
    $errors[] = "Passwords didn't match";
    $fields['password'] = $password;
}

if(empty($email)) {
    $errors[] = "Email is empty";
    $fields['email'] = $email;
}

if($something > $nothing) { //
    $errors[] = "More errors";
    $fields['something'] = $something;
}

//and so on...

if(!count($errors)) {

    $str = '';

    foreach($fields as $field => $val ) {
        $str .= $field. "= '" .$val."', ";
    }

    $str = substr($str,0,1); //removes last , (comma)

    $sql = "UPDATE login_users 
        SET $str
        WHERE user_id = '$id'";

    //do query..

}

Upvotes: 1

webbiedave
webbiedave

Reputation: 48897

I need to create if statements for each field that says if populated, update, if not, dont.

You can build your SQL statement as you go. Something along the lines of:

$sqlCols = '';
$error = '';

// Password
if ($password != '') {
    if ($password == $password2) {
        if (strlen($password) > 4) {
            $sqlCols .= "password = MD5('".mysql_real_escape_string($password)."'),  ";
        } else {
            $error .= '<div class="error_message">Attention! Your password must be at least 5 characters.</div>';
        }
    } else {
        $error .= '<div class="error_message">Attention! Your passwords did not match.</div>';
    }
}


// Email
if ($email != '') {
    if (isValidEmail($email)) {
        $sqlCols .= "email ='".mysql_real_escape_string($password)."', ";
    } else {
        $error .= '<div class="error_message">Attention! Your email is invalid.</div>';
    }
}

if ($error == '') {
    $sql = "UPDATE login_users 
            SET ".trim($sqlCols, ', ')."
            WHERE user_id = '$id'";

    // etc...
}

In the near future, switch over to PDO for improved performance and better protection against SQL injection.

Upvotes: 1

Related Questions