Sorry I have been out of touch...  I thought I had this problem beat, but 
I was wrong.  I decided that the best thing to do was to filter the 
variables as the $sql statement was being created.  I tried using the 
following code, and got a message back that it was invalid and my Query 
couldn't execute...  Can anyone tell me where I screwed this one up??

$sql = "UPDATE $table SET;

  $sql .='first_name='.$first_name.',';

  $sql .='last_name='.$last_name.',';

  $sql .='hs_last_name='.$hs_last_name.',';

  $sql .='street_address1='.$street_address1.',';

  $sql .='street_address2='.$street_address2.',';

  $sql .='city='.$city.',';

  $sql .='state='.$state.',';

  $sql .='zip='.$zip.',';

  $sql .='phone1='.$phone1.',';

  $sql .='phone2='.$phone2.',';

  $sql .='email_address='.$email_address.',';

  $sql .='current_info='.$current_info.',';

  $sql .='date_registered='.$today;

WHERE first_name='$first_name' AND last_name='$last_name'";

"Jeffrey" <[EMAIL PROTECTED]> wrote in message 
> Perhaps I have misunderstood something here. But it seems to me that 
> anyone who just happens to put John Smith's name in could alter Mr. 
> Smith's data.
> If users can update their own data, should you not have a log in process 
> to ensure that only the original user can update his data? Them once he 
> has logged in, you can populate all fields with data from the DB.
> Jeffrey
> Grae Wolfe - PHP wrote:
>> That was the first thing that I was going to do, but there is a concern 
>> there for security of the data being input...  This is a registration 
>> site, and I don't want to provide information on "John Smith" to anyone 
>> who just happens to put his name in.
>> ""Alejandro Tesone"" <[EMAIL PROTECTED]> wrote in message 
>>>Why don't you try populating the fields the user intends to modify
>>>with the information you already have?
>>>Alex T
>>>On 6/17/06, Grae Wolfe - PHP <[EMAIL PROTECTED]> wrote:
>>>>Good day!
>>>>  I have been working on this little "free" project for a while, and now 
>>>> I
>>>>have hit another major hiccup.  Is there a simple way to only update 
>>>>that have something in them?
>>>>  The problem that I am having is that if someone fills out information 
>>>> and
>>>>submits it, it saves to the DB just fine.  However, if they come back 
>>>>and just put in, for example, a new phone number, it replaces all of the
>>>>other information with blanks.
>>>>  Here is my current $sql query:
>>>>$sql = "UPDATE $table
>>>>WHERE first_name='$first_name' AND last_name='$last_name'";
>>>>PHP Database Mailing List (
>>>>To unsubscribe, visit:

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to