Paulo Soares Paulo Soares - 2 months ago 4x
PHP Question

How to not update database if $_POST value is empty?

I have been having problems with a form of an website of mine. The form values are equal to their corresponding $_POST values, which are the parameters used for updating the database.

I do not want for empty form values to be updated. However, I don't want any of the input areas to be obligatory.

That means that I would be able to update only specific content, not needing to type the values in the input areas I do not want to update. I'm having problems with this, however. Empty form values are being uploaded, so the values in the database are being changed into blank values. I've looked for tutorials in SO and over the internet, and the only (functional) ones are those which turn input boxes into obligatory. That is not how I intend it to work, so it doesn't fit.

I think the best way to do this, and I am not sure, is to change, through javaScript, the "name" attribute of the input areas into blank when the submit button is set IF the values equal empty or null. I do not know how to do this, nor do I know if this is possible, or the best way.

Here is my current code on the matter:

(first, the form an the javascript)

function validade(){
var formId = document.getElementById("configForm");
var allInputs = formId.getElementsByTagName("input");
var input, i;

for (i=0; input = allInputs[i]; i++){
if (input.value == null || input.value == "") { = "";

<form method="post" action="" id="configForm">
<label for="home">Home:</label>
<input type="text" id="home" name="home">
<label for="apendix">Apêndice:</label>
<input type="text" name="apendix">
<label for="about">Sobre:</label>
<input type="text" name="sobre">
<label for="contato">Contato:</label>
<input type="text" name="contato">
<input type="submit" value="Carregar" name="submit">

<?php require_once('editaForma.php'); ?>

(Secondly, the database query and $_POST values:)

<?php //credentials
if (isset($_POST["submit"])){
$server = 'hypotetical';
$user = 'hypotetical';
$pw = 'hypotetical';
$BD = 'hypotetical';

//estabelece a conexão
$conn = mysqli_connect($server, $user, $pw, $BD);
if (!$conn) {
die ('<span style="color: #FF0000;">"connection failed: "</span>' . mysqli_connect_error());

$home = $_POST["home"];
$apendix = $_POST["apendix"];
$sobre = $_POST["sobre"];
$contato = $_POST ["contato"];

$query = "UPDATE form SET
home= '$home',
apendix= '$apendix',
sobre= '$sobre',
contato= '$contato'
WHERE id='1'";

//$query = "INSERT INTO form (home, apendix, sobre, contato) VALUES ('$home', '$apendix', '$sobre', '$contato')";

if (mysqli_query($conn, $query)){
echo "Alterações feitas com sucesso";
} else {
echo "ERRO!" . $query . "<br>" . mysqli_error($conn);


Yes, I know the DB is prone to SQL injection. I'm trying to get everything up and running first, and once all of this is set, I'll look onto security matters before the website is online.

I've been having this problem for over a week and can't figure a way out of it.

Thank you for your time and attention, in advance.


I wish I could select two answers for the solving ones. Both of them right down led me to the solving of the problem, each helping me to see the holes in my code. As I cannot choose both, I chose the one who helped me to solve the last issues. Thank you all so much!


Build your query dynamically, by skipping empty values

$p = &$_POST; //make $p refer to $_POST

$query = "UPDATE from SET ";

if($p['home'])    $query .= " home = '$p[home]' ,";
if($p['apendix']) $query .= " apendix = '$p[apendix]' ,";
if($p['sobre'])   $query .= " sobre = '$p[sobre]' ,";
if($p['contato']) $query .= " concato = '$p[contato]' ,";

$query = trim($query, ','); //remove any trailing comma 
$query = "WHERE id = 1";

you can then execute the query. Oh and don't forget to check that at least 1 of the variables was available. If they're all empty, don't execute.

And yeah, your code is highly vulnerable.