PHP update which does not update form fields which are blank

Question

This is an extension of a question I asked a wee while ago which @eHussain was nice enough to help out with.

I have form which inserts various details into a MySQL table and uploads a file (the name of which is also registered in the database). This works fine. The issue comes when I update, say, the name and not the image. In this case the image name is over written as 'blank', and rightly so as that's the value in the file field.

The update code:

<?php
error_reporting(E_ALL^E_NOTICE);
define('INCLUDE_CHECK',true);
include "connect.php";

$target = "../uploads/";
$target = $target . basename( $_FILES['photo']['name']);

//This gets all the other information from the form
$name=$_POST['name'];
$url=$_POST['url'];
$description=$_POST['description'];
$pic=($_FILES['photo']['name']);
$author=$_POST['author'];
$company=$_POST['company'];
$published=$_POST['published'];
$dashboardID=$_POST['dashboardID'];

//Writes the information to the database
mysql_query("UPDATE dashboard SET name='$name', url='$url', description='$description', documentName='$pic', author='$author', company='$company', publish='$published' WHERE dashboardID='$dashboardID'");

//Writes the photo to the server

if(isset($_FILES['photo']['tmp_name'])) //  check if any file is uploaded
{
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

header("Location: ../dashboard.php?success=2"); } else {

header("Location: ../dashboard.php?success=0"); }
}

?>

I understand the 'isset' to avoid a the error generated if no file is selected, but I don't understand how I can extent this to avoid updating a field which has a blank value.

Answer 1

Do a check on the $_FILES array before running the query.

From there, you can either dynamically build the query (including or excluding the documentName field) or alternatively, fetch the current value and assign it to $pic.

For example (untested)

$values = array(
    'name' => $name,
    'url'  => $url,
    // etc
);

if (isset($_FILES['photo']['name'])) {
    $values['documentName'] = $_FILES['photo']['name']
}

// mysql functions are naff, use PDO

$query = 'UPDATE dashboard SET %s WHERE dashboardID = :dashboardID';
$set = array();
foreach (array_keys($values) as $col) {
    $set[] = sprintf('`%s` = :%s', $col, $col);
}
$stmt = $pdo->prepare(sprintf($query, implode(', ', $set)));
$values['dashboardID'] = $dashboardID;

$stmt->execute($values);

Answer 2

@rrfive , please try below method, hope it will work,

//first put all post variable in an array 
$post_data = compact($_POST);    
$pic=($_FILES['photo']['name']);
//now push pic name in `$post_data`
if (!empty($pic) ) { array_push( $post_data,$pic ) }

//now use UPDATE query using `vsprintf` . but first check the order of `$post_data` @Thanks Phill

$stmt = "UPDATE dashboard SET 
                            name='%s', 
                            url='%s',
                            description='%s',                           
                            author='%s',
                            company='%s',
                            publish='%s'";
$stmt .=(!empty($pic)) ? documentName='%s', : "";
$stmt .= "WHERE dashboardID=%d";
// To check the complete query before execute. uncomment below 2 lines
//print vsprintf($stmt,$post_data);
//die;
mysql_query( vsprintf($stmt,$post_data) );

Reference
- compact
- vsprintf

Answer 3

The following code should do the trick.

 if(isset($_FILES)){
      ...stuff...
 }