I think you should reconsider your work flow. If you want an invalid input to be only caught when trying to update the DB, why not go for something like this:
post '/update' do
...
if params[:password] == nil || params[:password].empty?
password = nil
else
password = BCrypt::Password.create(params[:password])
end
# I have no idea how this line should really look like in your code
User.find(param[:id]).set(:password, password)
...
end
So basically, give it nil if the password field was not sent or empty.
As stated very clearly by iain in the comments:
[...] you should only be using Sequel to validate data that is or will be held by the database. The real password should be validated by the business logic layer, which is what is happening in this answer.