Search code examples
phpsqlsql-updateinsert-into

update profile php

I have create a profile page in php. The page includes the address and telephone fields and prompts the users to insert their data. Data are then saved in my table named profile. Everything works fine, but the problem is that the table updated only if it includes already data. How can I modify it (probably mysql query that I have in my function), so that data will be entered into the table even if it is empty. Is there a something like UPDATE OR INSERT INTO syntax that I can use? Thanks

<?php


if ( isset($_GET['success']) === true && empty($_GET['success'])===true ){
echo'profile updated sucessfuly';
}else{

 if( empty($_POST) === false  &&  empty($errors) === true ){

    $update_data_profile = array(
                'address' => $_POST['address'],
                'telephone' => $_POST['telephone'],
                );


   update_user_profile($session_user_id, $update_data_profile);

   header('Location: profile_update.php?success');

   exit();


}else if ( empty($errors) === false ){
   echo output_errors($errors);
}

?>

and then by using the following function

function update_user_profile($user_id, $update_data_profile){

$update = array();

array_walk($update_data_profile, 'array_sanitize');

foreach($update_data_profile as $field => $data )
    {              
        $update[]='`' . $field . '` = \'' . $data . '\'';
}


     mysql_query(" UPDATE `profile` SET " . implode(',  ', $update) . " WHERE `user_id` = $user_id ") or die(mysql_error());


}
Solution

  • I'm new to the posted answer by psu, and will definatly check into that, but from a quick readthrough, you need to be very careful when using those special syntaxes.

    1 reason that comes to mind: you have no knowledge of what might be happening to the table that you're inserting to or updating info from. If multiple uniques are defined, then you might be in serious trouble, and this is a common thing when scaling applications.

    2 the replace into syntax is a functionality i rarely wish to happen in my applications. Since i do not want to loose data from colomns in a row that was allready in the table.

    i'm not saying his answer is wrong, just stating precaution is needed when using it because of above stated reasons and possible more.

    as stated in the first article, i might be a newbie for doing this but at this very moment i prefer:

    $result = mysql_query("select user_id from profile where user_id = $user_id limit 1");
if(mysql_num_rows($result) === 1){
    //do update like you did
}
else{
    /** 
     *  this next line is added after my comment, 
     *  you can now also leave the if(count()) part out, since the array will now alwayss
     *  hold data and the query won't get invalid because of an empty array
     **/
    $update_data_profile['user_id'] = $user_id;
    if(count($update_data_profile)){
        $columns = array();
        $values = array();
        foreach($update_data_profile as $field => $data){
            $columns[] = $field;
            $values[] = $data;
        }
        $sql = "insert into profile (" .  implode(",", $columns) .") values ('" . implode("','", $values) . "')" ;
        var_dump($sql); //remove this line, this was only to show what the code was doing
        /**update**/
        mysql_query($sql) or echo mysql_error();
    }
}