I use: $sql .= "`first_name` = '" . $first_name . "', "; in the if statements. Notice the angled tick marks and single tick marks. Then before executing the query, remove the last ", ". $sql = substr($sql, 0, -2); In your case, before you append the WHERE clause. You should echo out your built-up $sql statement to see if it is missing anything (maybe by executing that query in phpmyadmin or some other query tool). What if nothing is "!empty"? Will you attempt to execute an incorrect statement like: UPDATE `aTable` SETWHERE first_name='' AND last_name='' Notice "SETWHERE". Regards, Dwight > -----Original Message----- > From: Grae Wolfe - PHP [mailto:php@xxxxxxxxxxxxx] > Sent: Friday, June 23, 2006 8:16 PM > To: php-db@xxxxxxxxxxxxx > Subject: Re: Conditional updating... > > Sorry I have been out of touch... I thought I had this problem beat, > but > I was wrong. I decided that the best thing to do was to filter the > variables as the $sql statement was being created. I tried using the > following code, and got a message back that it was invalid and my Query > couldn't execute... Can anyone tell me where I screwed this one up?? > > $sql = "UPDATE $table SET; > > > if(!empty($first_name)) > $sql .='first_name='.$first_name.','; > > > if(!empty($last_name)) > $sql .='last_name='.$last_name.','; > > > if(!empty($hs_last_name)) > $sql .='hs_last_name='.$hs_last_name.','; > > > if(!empty($street_address1)) > $sql .='street_address1='.$street_address1.','; > > > if(!empty($street_address2)) > $sql .='street_address2='.$street_address2.','; > > > if(!empty($city)) > $sql .='city='.$city.','; > > > if(!empty($state)) > $sql .='state='.$state.','; > > > if(!empty($zip)) > $sql .='zip='.$zip.','; > > > if(!empty($phone1)) > $sql .='phone1='.$phone1.','; > > > if(!empty($phone2)) > $sql .='phone2='.$phone2.','; > > > if(!empty($email_address)) > $sql .='email_address='.$email_address.','; > > > if(!empty($current_info)) > $sql .='current_info='.$current_info.','; > > > if(!empty($today)) > $sql .='date_registered='.$today; > > > WHERE first_name='$first_name' AND last_name='$last_name'"; > > > > "Jeffrey" <jeffreyb@xxxxxxxxxxx> wrote in message > news:44966E2A.9070606@xxxxxxxxxxxxxx > > Perhaps I have misunderstood something here. But it seems to me that > > anyone who just happens to put John Smith's name in could alter Mr. > > Smith's data. > > > > If users can update their own data, should you not have a log in process > > to ensure that only the original user can update his data? Them once he > > has logged in, you can populate all fields with data from the DB. > > > > Jeffrey > > > > Grae Wolfe - PHP wrote: > >> That was the first thing that I was going to do, but there is a concern > >> there for security of the data being input... This is a registration > >> site, and I don't want to provide information on "John Smith" to anyone > >> who just happens to put his name in. > >> > >> > >> ""Alejandro Tesone"" <atesone@xxxxxxxxx> wrote in message > >> news:e13e3a560606171219w540e5b12oe81a3212d0746bc1@xxxxxxxxxxxxxxxxx > >> > >>>Why don't you try populating the fields the user intends to modify > >>>with the information you already have? > >>> > >>>Alex T > >>> > >>>On 6/17/06, Grae Wolfe - PHP <php@xxxxxxxxxxxxx> wrote: > >>> > >>>>Good day! > >>>> I have been working on this little "free" project for a while, and > now > >>>> I > >>>>have hit another major hiccup. Is there a simple way to only update > >>>>fields > >>>>that have something in them? > >>>> The problem that I am having is that if someone fills out > information > >>>> and > >>>>submits it, it saves to the DB just fine. However, if they come back > >>>>later > >>>>and just put in, for example, a new phone number, it replaces all of > the > >>>>other information with blanks. > >>>> Here is my current $sql query: > >>>> > >>>>$sql = "UPDATE $table > >>>>SET > >>>>first_name='$first_name', > >>>>last_name='$last_name', > >>>>hs_last_name='$hs_last_name', > >>>>guest_name='$guest_name', > >>>>street_address1='$street_address1', > >>>>street_address2='$street_address2', > >>>>city='$city', > >>>>state='$state', > >>>>zip='$zip', > >>>>phone1='$phone1', > >>>>phone2='$phone2', > >>>>email_address='$email_address', > >>>>farmers_barn='$farmers_barn', > >>>>wrhs_tour='$wrhs_tour', > >>>>crystal_rose='$crystal_rose', > >>>>registration_comments='$registration_comments', > >>>>date_registered='$today' > >>>>WHERE first_name='$first_name' AND last_name='$last_name'"; > >>>> > >>>> > >>>> > >>>>-- > >>>>PHP Database Mailing List (http://www.php.net/) > >>>>To unsubscribe, visit: http://www.php.net/unsub.php > >>>> > >>>> > >> > > -- -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
