I am trying to have an update field that admin can update user information. I am stuck at the password. If I update now and leave the password blank then it hashes the blank value and inserts it into DB. I want to keep previous value unless changed on the form.
I looked at this as it was closest to what I am looking for PHP MYSQL -> UPDATE column with variable if that variable isn't null or empty This did not answer my question. unless I have multiple queries I guess with if statements. Really I only want it to update edited fields.
if(isset($_POST['register'])){
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
$username = !empty($_REQUEST['username']) ? trim($_REQUEST['username']) : null;
$pass = !empty($_REQUEST['password']) ? trim($_REQUEST['password']) : null;
$fname = !empty($_REQUEST['fName']) ? trim($_REQUEST['fName']) : null;
$lname = !empty($_REQUEST['lName']) ? trim($_REQUEST['lName']) : null;
$role = !empty($_REQUEST['role']) ? trim($_REQUEST['role']) : null;
$region = !empty($_REQUEST['region']) ? trim($_REQUEST['region']) : null;
$district = !empty($_REQUEST['district']) ? trim($_REQUEST['district']) : null;
$id = !empty($_REQUEST['ID']) ? trim($_REQUEST['ID']) : null;
$location = !empty($_REQUEST['store']) ? trim($_REQUEST['store']) : null;
$outlet = !empty($_REQUEST['outletid']) ? trim($_REQUEST['outletid']) : null;
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
$sql=$pdo->prepare("UPDATE users
SET username = :username,
password = :password,
fName = :fName,
lName = :lName,
role = :role,
region = :region,
district = :district,
outlet_id = :outlet_id,
store_name = :store_name
WHERE id = :id
");
$sql->bindParam(':username',$username);
$sql->bindParam(':password',$passwordHash);
$sql->bindParam(':fName',$fname);
$sql->bindParam(':lName',$lname);
$sql->bindParam(':role',$role);
$sql->bindParam(':region',$region);
$sql->bindParam(':district',$district);
$sql->bindParam(':id',$id);
$sql->bindParam(':outlet_id',$outlet);
$sql->bindParam(':store_name',$location);
if($sql->execute()){
$_SESSION['success'] = "Successfully Updated Record";
}// End of if profile is ok
else{
print_r($sql->errorInfo()); // if any error is there it will be posted
$msg=" Database problem, please contact site admin ";
}
}
I tried using CASE within the statement but that throws an error. How can I update user data without removing data in the column?
IE: If username is changed then just edit that field in the DB. If username and password are changed update both.
Thank you guys
EDIT:
I tried this
if(!empty(trim($_REQUEST['password']))){
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
}
This still updates the password
Edit2:
"UPDATE users
SET username=:username,
password = CASE
WHEN :password = '' THEN password
ELSE :password
END,
fName=:fName,
lName=:lName,
role=:role,
region=:region,
district=:district,
outlet_id=:outlet_id,
store_name=:store_name
WHERE id=:id");
It is right approach. But you should also use else method, to keep password same, if password field is empty.
If you want to update your profile:
$userSql = $pdo->prepare("SELECT * FROM users where id = :id");
$userSql->bindParam(':id',$id);
$userSql->execute();
$user = $userSql->fetch();
if(trim($_REQUEST['password']) !== ''){
$passwordHash = password_hash($pass, PASSWORD_DEFAULT);
} else {
$passwordHash = $user['password']; //user password from db
}