<?php
mysql_connect ('localhost', 'XXX', 'XXX');
mysql_select_db ('XXX');

if (isset($_POST['update'])) {

    $month = htmlspecialchars(strip_tags($_POST['month']));
    $date = htmlspecialchars(strip_tags($_POST['date']));
    $year = htmlspecialchars(strip_tags($_POST['year']));
    $time = htmlspecialchars(strip_tags($_POST['time']));
    $title = htmlspecialchars(strip_tags($_POST['title']));
    $author = htmlspecialchars(strip_tags($_POST['author']));
    $genre = htmlspecialchars(strip_tags($_POST['genre']));
    $rating = htmlspecialchars(strip_tags($_POST['rating']));
    $image = $_POST['image'];
    $entry = $_POST['entry'];

    $entry = nl2br($entry);

    if (!get_magic_quotes_gpc()) {
        $title = addslashes($title);
        $entry = addslashes($entry);
    }

    $timestamp = strtotime ($month . " " . $date . " " . $year . " " . $time);

  $result = mysql_query("UPDATE XXX SET timestamp='$timestamp', title='$title', entry='$entry' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error());

    header("Location: ../reviews/single.php?id=" . $id);
    
}
if (!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])) {
    die("Invalid entry ID.");
}
else {
    $id = (int)$_GET['id'];
}

$result = mysql_query ("SELECT * FROM XXX WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error());

while ($row = mysql_fetch_array($result)) {
        $old_timestamp = $row["timestamp"];
        $old_title = stripslashes($row["title"]);
        $old_author = stripslashes($row["author"]);
        $old_genre = stripslashes($row["genre"]);
        $old_rating = stripslashes($row["rating"]);
        $old_image = stripslashes($row["image"]);
        $old_entry = stripslashes($row["entry"]);

        $old_title = str_replace('"','\'',$old_title);
        $old_entry = str_replace('<br />', '', $old_entry);

        $old_month = date("F",$old_timestamp);
        $old_date = date("d",$old_timestamp);
        $old_year = date("Y",$old_timestamp);
        $old_time = date("g:i a",$old_timestamp);
}
?>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<p><input type="hidden" name="id" value="<?php echo $id; ?>" />

<strong><label for="month">Date (month, day, year):</label></strong>

<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>

<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" />

<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2004">2004</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2009</option>
<option value="2010">2010</option>
</select>

<strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p>

<p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /> </p>

<p><strong><label for="author">Author:</label></strong> <input type="text" name="author" id="author" value="<?php echo $old_author; ?>" size="40" /></p>

<p><strong><label for="genre">Genre:</label></strong>
<select name="genre" id="genre">
<option value="<?php echo $old_genre; ?>"><?php echo $old_genre; ?></option>
<option value="autobiography">Autobiography</option>
<option value="biography">Biography</option>
<option value="business/personal finance">Business/Personal Finance</option>
<option value="entrepreneurship">Entrepreneurship</option>
<option value="fiction">Fiction</option>
<option value="graphicdesign">Graphic Design</option>
<option value="inspiration">Inspiration</option>
<option value="management">Management</option>
<option value="memoir">Memoir</option>
<option value="poetry">Poetry</option>
<option value="psychology">Psychology</option>
</select>
</p>

<p><strong><label for="rating">Rating:</label></strong>
<select name="rating">
<option value="<?php echo $old_rating; ?>"><?php echo $old_rating; ?></option>
<option value="5">5</option>
<option value="4nhalf">4nhalf</option>
<option value="4">4</option>
<option value="3nhalf">3nhalf</option>
<option value="3">3</option>
<option value="2nhalf">2nhalf</option>
<option value="2">2</option>
<option value="1nhalf">1nhalf</option>
<option value="1">1</option>
<option value="half">half</option>
</select>
</p>

<p><textarea cols="80" rows="5" name="image" id="image"><?php echo $old_image; ?></textarea></p>

<p><textarea cols="80" rows="15" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p>

<p><input type="submit" name="update" id="update" value="Update"></p>

</form>

<?php

mysql_close();
?>

Invalid ID specified.

if (isset($_POST['update'])) {

$id = (int)$_POST['id'];