Update only edited/changed fields

Question

I have a form that can be edited by users. When changes are made, I want only those changes to update. A member of staff has pressed "save" before the whole page has loaded meaning the script saw the form fields as being empty so replaced the fields with empty ones.

Current code is:

$res= mysql_query ("UPDATE table SET site='$site', the1='$the1' WHERE id='$id'");

Appreciate the help here.....

***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jul 07 '17 at 15:20
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jul 07 '17 at 15:20
You have to validate the variable exist on the server-side before running the query. — Jay Blanchard, Jul 07 '17 at 15:21
You'll need to pull the data down first to get the existing values, compare the form's input values against the data (previously pulled), then you can run the update that way, pending changes. And as others have said, if this is production level code, you're wide open in terms of security. — Adam, Jul 07 '17 at 15:24
This sounds like it should be a non-issue in the first place. When you update a record, values which *didn't change* will simply be updated to their unchanged value. It's like setting a variable to the same value as the variable already has. The net result is neither good nor bad, because nothing changes. It's not clear what the actual problem is here. — David, Nov 28 '17 at 16:48

score 2 · Answer 1 · answered Jul 07 '17 at 15:29

You need write javascript script for check data changes and send only changed data. For example, you can save previous data in data-prev-value attribute.

<input type="text" name="my_field" id="field_id" value="old_value" data-prev-value="old_value">

On submit, you compare

$('#field_id').val() != $('#field_id').attr('data-prev-value')

and if they not equal add data to array and send it to server.

score 1 · Answer 2 · edited Jul 07 '17 at 15:40

1

Here is a suggestion:

$res= mysqli_query("SELECT * from table where id ='$id'");

Fetch the result to array. After selecting that data you need to compare them with your POST data if your db fetched data and your posted data is not same then you will set new value.

if($_POST['name'] == $res['name']){
    $name = $res['name'];
}
else{
$name = $_POST['name'];
}

edited Jul 07 '17 at 15:40

Jay Blanchard

34,243
16
77
119

answered Jul 07 '17 at 15:32

Sheikh Muhammad Talha

11
1

score 0 · Answer 3 · answered Jul 07 '17 at 15:34

Another solution could be to set the value of all fields as what the current value is in the database. That way, they know what the current value is and would be easier for them to know what to change, and when the form is submitted, it'll just resubmit the info in the form whether it was changed or not.

For example:

<input type="text" name="firstname" value="<?php echo $row['firstname']; ?>" required>

when the form is submitted, it'll keep the same data that was currently there, or update it if the value was changed in the input field

Update only edited/changed fields

3 Answers3