Sorry I have been out of touch... I thought I had this problem beat, but I was wrong. I decided that the best thing to do was to filter the variables as the $sql statement was being created. I tried using the following code, and got a message back that it was invalid and my Query couldn't execute... Can anyone tell me where I screwed this one up?? $sql = "UPDATE $table SET; if(!empty($first_name)) $sql .='first_name='.$first_name.','; if(!empty($last_name)) $sql .='last_name='.$last_name.','; if(!empty($hs_last_name)) $sql .='hs_last_name='.$hs_last_name.','; if(!empty($street_address1)) $sql .='street_address1='.$street_address1.','; if(!empty($street_address2)) $sql .='street_address2='.$street_address2.','; if(!empty($city)) $sql .='city='.$city.','; if(!empty($state)) $sql .='state='.$state.','; if(!empty($zip)) $sql .='zip='.$zip.','; if(!empty($phone1)) $sql .='phone1='.$phone1.','; if(!empty($phone2)) $sql .='phone2='.$phone2.','; if(!empty($email_address)) $sql .='email_address='.$email_address.','; if(!empty($current_info)) $sql .='current_info='.$current_info.','; if(!empty($today)) $sql .='date_registered='.$today; WHERE first_name='$first_name' AND last_name='$last_name'"; "Jeffrey" <jeffreyb@xxxxxxxxxxx> wrote in message news:44966E2A.9070606@xxxxxxxxxxxxxx > Perhaps I have misunderstood something here. But it seems to me that > anyone who just happens to put John Smith's name in could alter Mr. > Smith's data. > > If users can update their own data, should you not have a log in process > to ensure that only the original user can update his data? Them once he > has logged in, you can populate all fields with data from the DB. > > Jeffrey > > Grae Wolfe - PHP wrote: >> That was the first thing that I was going to do, but there is a concern >> there for security of the data being input... This is a registration >> site, and I don't want to provide information on "John Smith" to anyone >> who just happens to put his name in. >> >> >> ""Alejandro Tesone"" <atesone@xxxxxxxxx> wrote in message >> news:e13e3a560606171219w540e5b12oe81a3212d0746bc1@xxxxxxxxxxxxxxxxx >> >>>Why don't you try populating the fields the user intends to modify >>>with the information you already have? >>> >>>Alex T >>> >>>On 6/17/06, Grae Wolfe - PHP <php@xxxxxxxxxxxxx> wrote: >>> >>>>Good day! >>>> I have been working on this little "free" project for a while, and now >>>> I >>>>have hit another major hiccup. Is there a simple way to only update >>>>fields >>>>that have something in them? >>>> The problem that I am having is that if someone fills out information >>>> and >>>>submits it, it saves to the DB just fine. However, if they come back >>>>later >>>>and just put in, for example, a new phone number, it replaces all of the >>>>other information with blanks. >>>> Here is my current $sql query: >>>> >>>>$sql = "UPDATE $table >>>>SET >>>>first_name='$first_name', >>>>last_name='$last_name', >>>>hs_last_name='$hs_last_name', >>>>guest_name='$guest_name', >>>>street_address1='$street_address1', >>>>street_address2='$street_address2', >>>>city='$city', >>>>state='$state', >>>>zip='$zip', >>>>phone1='$phone1', >>>>phone2='$phone2', >>>>email_address='$email_address', >>>>farmers_barn='$farmers_barn', >>>>wrhs_tour='$wrhs_tour', >>>>crystal_rose='$crystal_rose', >>>>registration_comments='$registration_comments', >>>>date_registered='$today' >>>>WHERE first_name='$first_name' AND last_name='$last_name'"; >>>> >>>> >>>> >>>>-- >>>>PHP Database Mailing List (http://www.php.net/) >>>>To unsubscribe, visit: http://www.php.net/unsub.php >>>> >>>> >> -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
