fields as $k => $v ) { ${$v} = (!empty($_POST[$v])) ? $_POST[$v] : ""; }*/ $edit_sql = ''; $valid = true; if ( !empty($email) ) {$edit_sql .= ',`email` = "'.escapeit($email).'"';} if ( !empty($firstname) ) {$edit_sql .= ',`firstname` = "'.escapeit($firstname).'"';} if ( !empty($lastname) ) {$edit_sql .= ',`lastname` = "'.escapeit($lastname).'"';} if ( !empty($gender) ) {$edit_sql .= ',`gender` = "'.escapeit($gender).'"';} if ( !empty($address) ) {$edit_sql .= ',`address` = "'.$address.'"';} if ( !empty($city) ) {$edit_sql .= ',`city` = "'.escapeit($city).'"';} if ( !empty($country) ) {$edit_sql .= ',`country` = "'.escapeit($country).'"';} if ( !empty($zip) ) {$edit_sql .= ',`zip` = "'.escapeit($zip).'"';} if ( !empty($company) ) {$edit_sql .= ',`company` = "'.escapeit($company).'"';} if ( !empty($phone) ) {$edit_sql .= ',`phone` = "'.escapeit($phone).'"';} $pass_sql =''; if ( $password2 != '' || $password3 != ''){ if( $password2 == '' || $password3 == ''){ $valid = false; $_POST["error_password"] = 1; }else if($password2 != $password3){ $valid = false; $_POST["error_password"] = 1; }else{ // $sql = 'select password from tb_member_list where id = '.$_SESSION['id']; // $rs = $db->getrow($sql); // if(md5($password1) != $rs['password']) // { // $valid = false; // } // else { $password2 = md5($password2); $pass_sql = ',`password` = "'.escapeit($password2).'"'; } } } if ( $valid ){ if($pass_sql == '' && $edit_sql == ''){ header("Location: my_account.php"); exit; } if ( !empty($_SESSION['dcspare_id']) ) { $sql = "UPDATE `".TB_PREFIX."member_list` SET last_update = now() ".$edit_sql." ".$pass_sql." WHERE `id` = '".escapeit($_SESSION['dcspare_id'])."'"; $db->query($sql); //header("Location: my_account.php"); echo ""; exit; } }else{ // header("Location: my_account.php?pw=false"); echo ""; exit; } ?>