Here is the code
Code: Select all
<html>
<head>
<title>Welcome to the Xbox-Dimension! - Updates</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<?php
// connect to the database
$db=mysql_connect("localhost", "bla", "bla");
mysql_select_db("games", $db);
//Get news ID from querystring
$newsItem = $_GET['id'];
if($_POST['Submit'])
{
// 1. Validate it, by checking all the form inputs were filled in
if(!$_POST['title']) {
echo 'Error ! : No title entered';
die;
}
if(!$_POST['contact']) {
echo 'Error ! : No contact entered';
die;
}
if(!$_POST['author']) {
echo 'Error ! : No author entered';
die;
}
if(!$_POST['info']) {
echo 'Error ! : No info entered';
die;
}
// 2. Strip unwanted HTML
$title = strip_tags($_POST['title'], '');
$contact = strip_tags($_POST['contact'], '');
$author = strip_tags($_POST['author'], '');
$info = $_POST['info'];
//Create update query
$updateQuery = "UPDATE news SET title=$title, contact=$contact, author=$author, info=$info WHERE id=$newsItem";
mysql_query ($updateQuery);
mysql_close();
echo "<div align='center'>Update Successful<br>";
echo "<a href='../index.php'>Return to update index</a></div>";
}
else
{
//Run SQL query on select news item
$newsQuery = mysql_query("SELECT * FROM news WHERE id=$newsItem");
$row = mysql_fetch_array($newsQuery);
$disp_title = $row["title"];
$disp_contact = $row["contact"];
$disp_author = $row["author"];
$disp_info = $row["info"];
?>
<link href="../../css.css" rel="stylesheet" type="text/css">
</head>
<body>
<div align="center"><font color="#000000" size="+2">Amend "<?php echo $disp_title ?>"</font></div>
<form name="form1" method="post" action="amendNews.php">
<table width="90%" border="0" align="center" cellspacing="1">
<tr>
<td><font color="#000000">Title</font></td>
<td><input name="title" type="text" id="title" value="<?php echo $disp_title ?>" size="80"></td>
</tr>
<tr>
<td><font color="#000000">Contact</font></td>
<td><input name="contact" type="text" id="contact" value="<?php echo $disp_contact ?>" size="80"></td>
</tr>
<tr>
<td><font color="#000000">Author</font></td>
<td><input name="author" type="text" id="author" value="<?php echo $disp_author ?>" size="80"></td>
</tr>
<tr>
<td><font color="#000000">Info</font></td>
<td><textarea name="info" cols="100" rows="20" id="info"><?php echo $disp_info ?></textarea></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Update News"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>?>