Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $cst = $_POST['custname'];
- $a = $_POST['tel'];
- $b = $_POST['fax'];
- $c = $_POST['email'];
- $sql = mysql_query("UPDATE contacts SET TEL = '$a', FAX = '$b', EMAIL = '$c'
- WHERE Cust_Name = '$cst' ");
- $upd = mysql_query("UPDATE custcomm_T SET
- Telephone = ".(is_null($a)?'Telephone':"'$a'").",
- Fax = ".(is_null($b)?'Fax':"'$b'").",
- Mobile = ".(is_null($c)?'Mobile':"'$c'").",
- EMail = ".(is_null($d)?'EMail':"'$d'").",
- trlicense = ".(is_null($e)?'trlicense':"'$e'").",
- trlicexp = ".(is_null($f)?'trlicexp':"'$f'")."
- WHERE Cust_Name_VC = '$g' ") or die(mysql_error());
- $semaphore = false;
- $query = "UPDATE contacts SET ";
- $fields = array('tel','fax','email');
- foreach ($fields as $field) {
- if (isset($_POST[$field]) and !empty($_POST[$field]) {
- $var = mysql_real_escape_string($_POST[$field]);
- $query .= uppercase($field) . " = '$var'";
- $semaphore = true;
- }
- }
- if ($semaphore) {
- $query .= " WHERE Cust_Name = '$cst'";
- mysql_query($query);
- }
- $query = 'update contacts set ';
- if ($_POST['tel'] != '') $query .= 'TEL="'.$_POST['tel'].'", ';
- if ($_POST['fax'] != '') $query .= 'FAX="'.$_POST['fax'].'", ';
- if ($_POST['email'] != '') $query .= 'EMAIL="'.$_POST['email'].'", ';
- $query .= "Cust_Name = '$cst' where Cust_Name = '$cst'";
- foreach ($_POST as $var=>$value) {
- if(empty($value)) continue; //skip blank fields (may be problematic if you're trying to update a field to be empty)
- $sets[]="$var= '$value";
- }
- $set=implode(', ',$sets);
- $q_save="UPDATE mytable SET $set WHERE blah=$foo";
- "UPDATE `custcomm_T`
- SET `Telephone` = IF(TRIM('" . mysql_real_escape_string($a) . "') != '', '" . mysql_real_escape_string($a) . "', `Telephone`),
- SET `Fax` = IF(TRIM('" . mysql_real_escape_string($b) . "') != '', '" . mysql_real_escape_string($b) . "', `Fax`),
- SET `Mobile` = IF(TRIM('" . mysql_real_escape_string($c) . "') != '', '" . mysql_real_escape_string($c) . "', `Mobile`),
- SET `EMail` = IF(TRIM('" . mysql_real_escape_string($d) . "') != '', '" . mysql_real_escape_string($d) . "', `EMail`),
- SET `trlicense` = IF(TRIM('" . mysql_real_escape_string($e) . "') != '', '" . mysql_real_escape_string($e) . "', `trilicense`),
- SET `trlicexp` = IF(TRIM('" . mysql_real_escape_string($f) . "') != '', '" . mysql_real_escape_string($f) . "', `trlicexp`)
- WHERE Cust_Name_VC = '" . mysql_real_escape_string($g) . '";
- # arrays of input => db field names. If both are the same, no index is required.
- $optional = array('tel' => 'telephone', 'fax', 'email');
- $required = array('custname' => 'cust_name');
- # $input is used rather than $_POST directly, so the code can easily be adapted to
- # work with any array.
- $input =& $_POST;
- /* Basic validation: check that required fields are non-empty. More than is
- necessary for the example problem, but this will work more generally for an
- arbitrary number of required fields. In production code, validation should be
- handled by a separate method/class/module.
- */
- foreach ($required as $key => $field) {
- # allows for input name to be different from column name, or not
- if (is_int($key)) {
- $key = $field;
- }
- if (empty($input[$key])) {
- # error: input field is required
- $errors[$key] = "empty";
- }
- }
- if ($errors) {
- # present errors to user.
- ...
- } else {
- # Build the statement and argument array.
- $toSet = array();
- $args = array();
- foreach ($optional as $key => $field) {
- # allows for input name to be different from column name, or not
- if (is_int($key)) {
- $key = $field;
- }
- if (! empty($input[$key])) {
- $toSet[] = "$key = ?";
- $args[] = $input[$key];
- }
- }
- if ($toSet) {
- $updateContactsStmt = "UPDATE contacts SET " . join(', ', $toSet) . " WHERE cust_name = ?";
- $args[] = $input['custname'];
- try {
- $updateContacts = $db->prepare($updateContactsStmt);
- if (! $updateContacts->execute($args)) {
- # update failed
- ...
- }
- } catch (PDOException $exc) {
- # DB error. Don't reveal exact error message to non-admins.
- ...
- }
- } else {
- # error: no fields to update. Inform user.
- ...
- }
- }
- mysql_query("
- UPDATE contacts
- SET
- TEL = ".(is_null($a)?'TEL':"'$a'").",
- FAX = ".(is_null($b)?'FAX':"'$b'").",
- EMAIL = ".(is_null($c)?'EMAIL':"'$c'")."
- WHERE Cust_Name = '$cst'
- ");
Add Comment
Please, Sign In to add comment