Nedan är lösningen, där en indata är tom, kommer den att använda befintliga data i det fältet och accepterar inte bara $_POST
variabler, men alla variabler.
// the list of allowed field names
$allowed = ["profile_picture","first_name","last_name", "phone_number", "nationality", "years_experience", "data" ];
// initialize an array with values:
$params = [];
// initialize a string with `fieldname` = :placeholder pairs
$setStr = "";
// loop over source data array
foreach ($allowed as $key)
{
if (!empty([$key]) || $key != "" || $key != NULL)
{
if($GLOBALS[$key] != NULL){
$setStr .= "`$key` = :$key ,";
$params[$key] = $GLOBALS[$key];
}else{
$setStr .= "`$key` = $key ,";
}
}else{
}
}
$setStr = rtrim($setStr, ",");
$params['id'] = $_SESSION['user_id'];
$dbh->prepare("UPDATE 001_user_table_as SET $setStr WHERE id = :id")->execute($params);