How to keep the variable with the same value in the database?

Asked

Viewed 57 times

3

I have a question in the code below: 

<?php
include "conexao.php";  

$id = $_POST["id"];
$nome = isset((trim(ucwords($_POST["nome"])))) : (trim(ucwords($_POST["nome"]))) : 
$apelido = trim(ucwords($_POST["apelido"]));
$telefone = trim($_POST ["telefone"]);
$celular = trim($_POST ["celular"]);
$email = strtolower($_POST ["email"]);
$endereco = $_POST ["endereco"];
$num_end = $_POST ["num_end"]; 

//Query para atualizar os dados no banco; 
$sql = "UPDATE `clientes` SET nome = '$nome', apelido = '$apelido', telefone = '$telefone', celular = '$celular', email = '$email', endereco = '$endereco', num_end = '$num_end' WHERE ID = '$id'"; 

//Executa a query;
$query = $conecta->query($sql);

//Fecha a conexão; 
$conecta->close(); 
echo "Dados atualizados com sucesso! :)";                   
?>

How do I keep the value in the database if I leave the "name" field blank, for example?

Because if I let: 

$nome = isset((trim(ucwords($_POST["nome"])))) : (trim(ucwords($_POST["nome"]))) : "";

It will change in the database the name and leave blank, but I want the value that was already there saved in the bank.

Is it too complicated? I’m sorry for the silly question, but I’ve searched several forums for something similar but I couldn’t find.

php database mysqli

2 answers

3

That should solve:

if($nome == ''){
   $nome = null;
} 

$sql = "UPDATE `clientes` SET nome = coalesce('$nome', nome), apelido = '$apelido', telefone = '$telefone', celular = '$celular', email = '$email', endereco = '$endereco', num_end = '$num_end' WHERE ID = '$id'";

The comparison operator coalesce returns the first value nonzero that was passed to him.

  • I left it like this: $name = (Trim(ucwords($_POST["name"])); if ($name == '){ $name = null; $sql = "UPDATE clientes SET name = coalesce('$name', name), surname = coalesce('$nickname', surname), telephone = coalesce('$phone', telephone), cellular = coalesce('$cell phone', cellular), email = coalesce('$email', email), address = coalesce('$address', address), num_end = coalesce('$num_end', num_end) WHERE ID = '$id'"; .

2

One way is to generate your own query conditionally:

// cria um array vazio.
$campos = array(); 

// se houver algum valor em $nome, adiciona "nome='$nome'" em $campos
if(!empty($nome))    $campos[] = " nome    = '$nome'";
// repete a lógica para todos opcionais:
if(!empty($apelido)) $campos[] = " apelido = '$apelido'";
...

and so on.

Next:

if(count($campos)) { // se algum campo for preenchido
   $sql = 'UPDATE `clientes` SET '.implode(',',$campos).' WHERE ID = $id'; 
   ... executa a query ...
}


Important!

Regardless of the chosen solution, it is essential to learn how to avoid SQL injections, for security reasons:

How an SQL Injection Happens?

What is PHP Injection? What is its difference to SQL Injection? And how to avoid it?

How to prevent SQL code injection into my PHP code (is not mysqli, but the logic is the same)

Browser other questions tagged php database mysqli

You are not signed in. Login or sign up in order to post.