Ok, I'm real new to php, so I'm sorry if this is a stupid question. I've started building a blog using php and mySql and I'm having problems with updating my posts. My update page loads fine (with ?id=x attached to the end of the url), but when I hit update, I get my custom error message, "Invalid Entry ID" back. What gives?
<?php
mysql_connect ('localhost', 'securitized', 'securitized') ;
mysql_select_db ('securitized_blog');
if (isset($_POST['update'])) {
$id = htmlspecialchars(strip_tags($_POST['id']));
$month = htmlspecialchars(strip_tags($_POST['month']));
$date = htmlspecialchars(strip_tags($_POST['date']));
$year = htmlspecialchars(strip_tags($_POST['year']));
$time = htmlspecialchars(strip_tags($_POST['time']));
$entry = $_POST['entry'];
$title = htmlspecialchars(strip_tags($_POST['title']));
$label = htmlspecialchars(strip_tags($_POST['label']));
$entry = nl2br($entry);
$category = (int)$_POST['category'];
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$label = addslashes($title);
$entry = addslashes($entry);
$timestamp = strtotime ($month . " " . $date . " " . $year . " " . $time);
$result = mysql_query("UPDATE php_blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password', category='$category' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error());
}
}
if (isset($_POST['delete'])) {
$id = (int)$_POST['id'];
$result = mysql_query("DELETE FROM php_blog WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error());
if ($result != false) {
print "The entry has been successfully deleted from the database.";
exit;
}
}
if (!isset($_GET["id"]) || empty($_GET["id"]) || !is_numeric($_GET["id"])) {
die("Invalid entry ID.");
}
else {
$id = (int)$_GET["id"];
}
$result = mysql_query ("SELECT * FROM php_blog WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result)) {
$old_timestamp = $row['timestamp'];
$old_title = stripslashes($row['title']);
$old_label = stripslashes($row['label']);
$old_entry = stripslashes($row['entry']);
$old_category = $row['category'];
$old_title = str_replace('"','\'',$old_title);
$old_entry = str_replace('<br />', '', $old_entry);
$old_month = date("F",$old_timestamp);
$old_date = date("d",$old_timestamp);
$old_year = date("Y",$old_timestamp);
$old_time = date("H:i",$old_timestamp);
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><input type="hidden" name="id" value="<?php echo $id; ?>" />
<strong><label for="month">Date (month, day, year):</label></strong>
<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>
<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" />
<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2004">2004</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2009</option>
<option value="2010">2010</option>
</select>
<p><strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p>
<?php
$result2 = mysql_query("SELECT * FROM php_blog_categories");
echo '<p><strong><label for="category">Category:</label></strong><select name="category" id="category">';
while($row2 = mysql_fetch_array($result2)) { ?>
<option value="<?php echo $row2['category_id']; ?>"
<?php if ($old_category == $row2['category_id']) echo ' selected="selected"'; ?>><?php echo $row2['category name']; ?></option>
<?php
}
?>
</select></p>
<p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /> </p>
<p><strong><label for="label">Label:</label></strong> <input type="text" name="label" id="label" value="<?php echo $old_label; ?>" size="40" /> </p>
<p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p>
<p><input type="submit" name="update" id="update" value="Update"></p>
<p><strong>Before deleting, be absolutely sure - there is no confirmation, nor is there any way to reverse deletion!</strong></br />
<small>(You may be shown your entry again after deleting - do not worry, it HAS been deleted. Check the main page of the blog if you are still unsure.</small></p>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="id" id="id" value="<?php echo $id; ?>" />
<input type="submit" name="delete" value="Yes, I am absolutely and positively sure I want to delete this entry." />
</form>
</form>
<?php
mysql_close();
?>