So I have modify.php which looks like so: <form action='modifyprocess.php?name=$name' method='post'> You are modifying $name<br/> foo: <input type='text' name='foo' value='$foo'> bar: <input type='text' name='bar' value='$bar'> foobar: <input type='text' name='foobar' value='$foobar'> <input type='submit' value='submit'> </form> HTML: modifyprocess.php looks like so: include 'config.php'; $name=$_GET['name']; $foo=$_POST['foo']; $bar=$_POST['bar']; $foobar=$_POST['foobar']; $result = mysql_query("UPDATE contacts SET foo='$foo', bar='$bar', foobar='$foobar' WHERE name='$name''") or die(mysql_error()); echo "<a href='contact.php?name=$name'>$name</a>'s entry has been updated."; mysql_close(); PHP: On modify.php the user only needs to enter one or more fields and if they leave one blank mysql cant update anything so gives me a syntax error because it is querying: foo='' etc How can I fix this?
first are you not afraid for MYSQL INJECTIONS? use MYSQL_ESCAPE_(REAL_)ESCAPE to make the string save for inserting into mysql.. Second, php has lots of options to validate inputs, so validate them first before adding values to your queries!