I am making a Portfolio Script in PHP and I am working on the Admin Cpanel. I have written the script to load the data entry from the DB but I can't update the DB correctly.
Here is the code I am using:
PHP Code:
<?php
$username = "X";
$password = "X";
$host = "X";
$database = "X";
if(isset($_GET['entry'])) {
$entry = (int)$_GET['entry'];
$connection = mysql_connect($host,$username,$password) or die(mysql_error());
mysql_select_db($database);
$sql = "SELECT `id`, `avatar`, `title`, `description`, `user` FROM `news` WHERE `id`=$entry";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$entry = htmlspecialchars($row['id']);
$user = htmlspecialchars($row['user']);
$avatar = htmlspecialchars($row['avatar']);
$title = htmlspecialchars($row['title']);
$description = htmlspecialchars($row['description']);
$view = 'form';
} elseif(count($_POST) > 0) {
$connection = mysql_connect($host,$username,$password) or die(mysql_error());
mysql_select_db($database);
$entry = (int)($_POST['entry']);
$avatar = mysql_real_escape_string($_POST['avatar']);
$title = mysql_real_escape_string($_POST['title']);
$description = mysql_real_escape_string($_POST['description']);
$sql = "UPDATE news
SET `id`=$id
, `user`=$user
, `avatar`=$avatar
, `title`=$title
, `description`=$description
WHERE `id`=($entry)";
$result = mysql_query($sql) or die(mysql_error());
if($result) {
$view = 'success';
} else {
$entry = (int)($_POST['entry']);
$user = htmlspecialchars($_POST['user']);
$avatar = htmlspecialchars($_POST['avatar']);
$title = htmlspecialchars($_POST['title']);
$description = htmlspecialchars($_POST['description']);
$view = 'error';
}
} else {
$view = 'missing';
}
if('form' == $view || 'error' == $view) {
if('error' == $view) {
echo '<p>An error occured during insertion. Please try again.</p>';
} else {
echo '<p>Edit the information.</p>';
}
?>
<form method="post" action="edit.php">
<table width="52%" height="459" border="0">
<tr>
<td height="29" valign="top"><span class="unnamed1">Username:</span> </td>
<td valign="top"><input type="text" name="user" size="25" value="<?php echo $user; ?>">
<input name="date" type="hidden" value="<?php echo date("D M d, Y "); ?>">
<input name="ip" type="hidden" value="<?php echo $_SERVER["REMOTE_ADDR"]; ?>">
<input name="entry" type="hidden" value="<?php echo $entry; ?>">
</td>
</tr>
<tr>
<td valign="top"><span class="unnamed1">Avatar URL:</span> </td>
<td valign="top"> <input name="avatar" type="text" size="25" value="<?php echo $avatar; ?>"></td>
</tr>
<tr>
<td valign="top"><span class="unnamed1">Title:</span> </td>
<td valign="top"> <input name="title" type="text" size="25" value="<?php echo $title; ?>"> </td>
</tr>
<tr>
<td height="85" valign="top"><span class="unnamed1">Description:</span> <br></td>
<td valign="top"> <textarea name="description" cols="50" rows="20"> <?php echo $description; ?></textarea> </td>
</tr>
<tr>
<td height="25" valign="top"> </td>
<td valign="top"><input type="submit" name="submit" value="Edit News Article!"></td>
</tr>
</table>
</form>
<?php
} elseif('successs' == $view) {
echo '<p>The information was successfully updated.</p>';
} else {
echo '<p>The entry id is missing.</p>';
}
?>
Can anyone help me out? I think the error is not in the SQL but it affects the SQL.
Thanks,
Flash-matic