Updating membership information with PDO


When updating member information, update if a new password is entered or update password if it is empty

How is this done?

$stmt = $PDOdatabase->prepare("UPDATE members SET member_name=?, member_lasname=?, member_email=?, member_password_hash=? WHERE member_id=? ");

$stmt->bindParam(1, $member_name, PDO::PARAM_STR);
$stmt->bindParam(2, $member_lasname, PDO::PARAM_STR);
$stmt->bindParam(3, $member_email, PDO::PARAM_STR);
$stmt->bindParam(4, $member_password_hash, PDO::PARAM_STR);
$stmt->bindParam(5, $member_id, PDO::PARAM_STR);

If the user is updating the password then you have to be very careful and need to set up some verification such as sending a user an email to the person. There has to be some information in the table that can verify the user is who he/she says that the are like the email address example I gave you. I am not understanding the part of password being empty? If the password is empty then how was the user account created in the first place? If you are just setting up a test account then simply update the password field by the id.

It sends a verification mail in case of password and mail changes. No problem here.

When editing user profile, When updating name, surname, and other information
If he’s not changing his password, That is, if leaving the password input fields blank and pressing the update button
Passwords in the database will not be updated, If she enters her new password in the password input fields, her password in the database will be changed.

        echo "Repeat password";
        if($_POST['new_password'] == $_POST['password_repeat']){
            $member_password_hash = password_hash(filter_input(INPUT_POST, 'new_password'), PASSWORD_DEFAULT);
            echo "Passwords do not match";


My question is how should I make a database from now on

While using MySQLi I was doing as follows

if(!empty($_POST['new_password']) AND !empty($_POST['password_repeat'])){
    $member_password_hash = ", member_password_hash='".$this->member_password_hash."'";
    $member_password_hash = "";

If you sometimes don’t want the password to be upated, you need to change your query to sometimes not accept a password parameter.

Backing up a little, this is usually handled by having a separate form to update the password.

Can’t PDO be done like MySQLi?

Sponsor our Newsletter | Privacy Policy | Terms of Service