I have written some PHP PDO code to let my website users update their details.

我写了一些PHP PDO代码，让我的网站用户更新他们的详细信息。

The code is meant to skip any blank input fields and only update those that the user has entered details into.

该代码旨在跳过任何空白输入字段，并仅更新用户输入详细信息的字段。

It's working fine, apart from the password field. When I leave all the form blank and press 'Save', everything stays the same apart from the password that still changes.

除密码字段外，它工作正常。当我将所有表单留空并按“保存”时，除了仍然更改的密码之外，所有内容都保持不变。

Please see my code below.

请参阅下面的代码。

I want the code to update the password if the user has entered a new one, otherwise I want to it keep the one that is already in the mysql table (The password is hashed).

我希望代码在用户输入新密码时更新密码，否则我想保留已存在于mysql表中的密码（密码经过哈希处理）。

Is anyone able to advise me what the correct code would be for this?

有人能告诉我这个代码的正确性是什么吗？

PHP

PHP

    <?php
require('../../../private_html/db_connection/connection.php');

session_start();
    $ID = $_SESSION['ID'];

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sql = "UPDATE user_accounts SET first_name = COALESCE(NULLIF(:fname, ''),first_name), surname = COALESCE(NULLIF(:sname, ''),surname), display_name = COALESCE(NULLIF(:dname, ''),display_name), email = COALESCE(NULLIF(:email, ''),email), password = COALESCE(NULLIF(:password, ''),password) WHERE account_number='$ID'";
    $stmt = $conn->prepare($sql);
    $stmt->bindParam(':fname', $_POST['fname']);
    $stmt->bindParam(':sname', $_POST['sname']);
    $stmt->bindParam(':dname', $_POST['dname']);
    $stmt->bindParam(':email', $_POST['email']);
    $stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_DEFAULT));
    $stmt->execute();

    $query = $conn->prepare("SELECT * FROM user_accounts WHERE account_number='$ID'");
    $query->execute();

        if(($row = $query->fetch())){
            $_SESSION['ID'] = $row['account_number'];
            $_SESSION['first_name'] = $row['first_name'];
            $_SESSION['surname'] = $row['surname'];
            $_SESSION['display_name'] = $row['display_name'];
            $_SESSION['email'] = $row['email'];
            header("Location: ../../myaccount/mydetails/mydetails.php");
        }
    }
catch(PDOException $e)
    {
        echo 'Connection failed: ' . $e->getMessage();
        exit();
    }
?>

1 个解决方案

$stmt->bindParam(':dname', $_POST['dname']);
$stmt->bindParam(':email', $_POST['email']);

//If the password IS NOT '' or 0 or '0' or NULL
if(!empty($_POST['password'])) {
    $pass = password_hash($_POST['password'], PASSWORD_DEFAULT);
} else {
    $pass = '';
}

$stmt->bindParam(':password', $pass);

$stmt->execute();

//...

$pass = !empty($_POST['password']) ? password_hash($_POST['password'], PASSWORD_DEFAULT) : '';

$stmt->bindParam(':password', $pass);

$stmt->execute();

#1

$stmt->bindParam(':dname', $_POST['dname']);
$stmt->bindParam(':email', $_POST['email']);

//If the password IS NOT '' or 0 or '0' or NULL
if(!empty($_POST['password'])) {
    $pass = password_hash($_POST['password'], PASSWORD_DEFAULT);
} else {
    $pass = '';
}

$stmt->bindParam(':password', $pass);

$stmt->execute();

//...

$pass = !empty($_POST['password']) ? password_hash($_POST['password'], PASSWORD_DEFAULT) : '';

$stmt->bindParam(':password', $pass);

$stmt->execute();