My code:
CODE
<?php
mysql_connect ('localhost', '***', '***');
mysql_select_db ('ak_reviews');
if (isset($_POST['update'])) {
$month = htmlspecialchars(strip_tags($_POST['month']));
$date = htmlspecialchars(strip_tags($_POST['date']));
$year = htmlspecialchars(strip_tags($_POST['year']));
$time = htmlspecialchars(strip_tags($_POST['time']));
$title = htmlspecialchars(strip_tags($_POST['title']));
$stars = htmlspecialchars(strip_tags($_POST['stars']));
$review = $_POST['review'];
$timestamp = strtotime($month . " " . $date . " " . $year . " " . $time);
$review = nl2br($review);
$category = (int)$_POST['category'];
$author = (int)$_POST['author'];
if (!get_magic_quotes_gpc()) {
$title = mysql_real_escape_string($title);
$author = mysql_real_escape_string($author);
$review = mysql_real_escape_string($review);
$category = mysql_real_escape_string($category);
}
$result = mysql_query("UPDATE php_reviews SET timestamp='$timestamp', title='$title', author='$author', stars='$stars', review='$review', category='$category' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error());
header("Location: /reviews/review.php?id=" . $id);
}
if (isset($_POST['delete'])) {
$id = (int)$_POST['id'];
$result = mysql_query("DELETE FROM php_reviews WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error());
if ($result != false) {
print "The entry has been successfully deleted from the database.";
exit;
}
}
if (!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])) {
die("Invalid entry ID.");
}
else {
$id = (int)$_GET['id'];
}
$result = mysql_query ("SELECT * FROM php_reviews WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result)) {
$old_timestamp = $row['timestamp'];
$old_title = stripslashes($row['title']);
$old_review = stripslashes($row['review']);
$old_author = stripslashes($row['author']);
$old_stars = $row['stars'];
$old_title = str_replace('"','\'',$old_title);
$old_author = str_replace('"','\'',$old_author);
$old_review = str_replace('<br />', '', $old_review);
$old_month = date("F",$old_timestamp);
$old_date = date("d",$old_timestamp);
$old_year = date("Y",$old_timestamp);
$old_time = date("H:i",$old_timestamp);
}
include('review_header.php');
?>
<h2>Edit/Delete Reviews</h2>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><input type="hidden" name="id" value="<?php echo $id; ?>" />
<strong><label for="month">Date (m/d/y):</label></strong>
<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>
<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" />
<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2009</option>
<option value="2010">2010</option>
<option value="2015">2015</option>
</select>
<strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p>
<?php
$result2 = mysql_query("SELECT * FROM php_reviews_genres");
echo '<p><strong><label for="category">Category:</label></strong> <select name="category" id="category">';
while($row2 = mysql_fetch_array($result2)) { ?>
<option value="<?php echo $row2['category_id']; ?>" <?php if ($row['category'] == $row2['category_id']) echo ' selected="selected"'; ?>><?php echo $row2['category_name']; ?></option>
<?php
}
?>
</select></p>
<p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /></p>
<?php
$result3 = mysql_query("SELECT * FROM php_reviews_authors");
echo '<p><strong><label for="author">Author:</label></strong> <select name="author" id="author">';
while($row3 = mysql_fetch_array($result3)) { ?>
<option value="<?php echo $row3['author_id']; ?>" <?php if ($row['author'] == $row3['author_id']) echo ' selected="selected"'; ?>><?php echo $row3['author_name']; ?></option>
<?php
}
?>
</select></p>
<p><strong><label for="review">Review: </label></strong><br /><textarea cols="60" rows="20" name="review" id="review"><?php echo $old_review; ?></textarea></p>
<p><strong><label for="stars">Stars:<label></strong>
<select name="stars" id="stars">
<option value="0" <?php if($old_stars == 0) echo 'selected="selected"' ?>>0</option>
<option value="1" <?php if($old_stars == 1) echo 'selected="selected"' ?>>1</option>
<option value="2" <?php if($old_stars == 2) echo 'selected="selected"' ?>>2</option>
<option value="3" <?php if($old_stars == 3) echo 'selected="selected"' ?>>3</option>
<option value="4" <?php if($old_stars == 4) echo 'selected="selected"' ?>>4</option>
<option value="5" <?php if($old_stars == 5) echo 'selected="selected"' ?>>5</option>
</select></p>
<p><input type="submit" name="update" id="update" value="Update" />
<input type="submit" name="delete" id="delete" value="Delete" /></p>
</form>
<?php
mysql_close();
include('review_footer.php');
?>
mysql_connect ('localhost', '***', '***');
mysql_select_db ('ak_reviews');
if (isset($_POST['update'])) {
$month = htmlspecialchars(strip_tags($_POST['month']));
$date = htmlspecialchars(strip_tags($_POST['date']));
$year = htmlspecialchars(strip_tags($_POST['year']));
$time = htmlspecialchars(strip_tags($_POST['time']));
$title = htmlspecialchars(strip_tags($_POST['title']));
$stars = htmlspecialchars(strip_tags($_POST['stars']));
$review = $_POST['review'];
$timestamp = strtotime($month . " " . $date . " " . $year . " " . $time);
$review = nl2br($review);
$category = (int)$_POST['category'];
$author = (int)$_POST['author'];
if (!get_magic_quotes_gpc()) {
$title = mysql_real_escape_string($title);
$author = mysql_real_escape_string($author);
$review = mysql_real_escape_string($review);
$category = mysql_real_escape_string($category);
}
$result = mysql_query("UPDATE php_reviews SET timestamp='$timestamp', title='$title', author='$author', stars='$stars', review='$review', category='$category' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error());
header("Location: /reviews/review.php?id=" . $id);
}
if (isset($_POST['delete'])) {
$id = (int)$_POST['id'];
$result = mysql_query("DELETE FROM php_reviews WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error());
if ($result != false) {
print "The entry has been successfully deleted from the database.";
exit;
}
}
if (!isset($_GET['id']) || empty($_GET['id']) || !is_numeric($_GET['id'])) {
die("Invalid entry ID.");
}
else {
$id = (int)$_GET['id'];
}
$result = mysql_query ("SELECT * FROM php_reviews WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result)) {
$old_timestamp = $row['timestamp'];
$old_title = stripslashes($row['title']);
$old_review = stripslashes($row['review']);
$old_author = stripslashes($row['author']);
$old_stars = $row['stars'];
$old_title = str_replace('"','\'',$old_title);
$old_author = str_replace('"','\'',$old_author);
$old_review = str_replace('<br />', '', $old_review);
$old_month = date("F",$old_timestamp);
$old_date = date("d",$old_timestamp);
$old_year = date("Y",$old_timestamp);
$old_time = date("H:i",$old_timestamp);
}
include('review_header.php');
?>
<h2>Edit/Delete Reviews</h2>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><input type="hidden" name="id" value="<?php echo $id; ?>" />
<strong><label for="month">Date (m/d/y):</label></strong>
<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>
<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" />
<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<option value="2009">2009</option>
<option value="2010">2010</option>
<option value="2015">2015</option>
</select>
<strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p>
<?php
$result2 = mysql_query("SELECT * FROM php_reviews_genres");
echo '<p><strong><label for="category">Category:</label></strong> <select name="category" id="category">';
while($row2 = mysql_fetch_array($result2)) { ?>
<option value="<?php echo $row2['category_id']; ?>" <?php if ($row['category'] == $row2['category_id']) echo ' selected="selected"'; ?>><?php echo $row2['category_name']; ?></option>
<?php
}
?>
</select></p>
<p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /></p>
<?php
$result3 = mysql_query("SELECT * FROM php_reviews_authors");
echo '<p><strong><label for="author">Author:</label></strong> <select name="author" id="author">';
while($row3 = mysql_fetch_array($result3)) { ?>
<option value="<?php echo $row3['author_id']; ?>" <?php if ($row['author'] == $row3['author_id']) echo ' selected="selected"'; ?>><?php echo $row3['author_name']; ?></option>
<?php
}
?>
</select></p>
<p><strong><label for="review">Review: </label></strong><br /><textarea cols="60" rows="20" name="review" id="review"><?php echo $old_review; ?></textarea></p>
<p><strong><label for="stars">Stars:<label></strong>
<select name="stars" id="stars">
<option value="0" <?php if($old_stars == 0) echo 'selected="selected"' ?>>0</option>
<option value="1" <?php if($old_stars == 1) echo 'selected="selected"' ?>>1</option>
<option value="2" <?php if($old_stars == 2) echo 'selected="selected"' ?>>2</option>
<option value="3" <?php if($old_stars == 3) echo 'selected="selected"' ?>>3</option>
<option value="4" <?php if($old_stars == 4) echo 'selected="selected"' ?>>4</option>
<option value="5" <?php if($old_stars == 5) echo 'selected="selected"' ?>>5</option>
</select></p>
<p><input type="submit" name="update" id="update" value="Update" />
<input type="submit" name="delete" id="delete" value="Delete" /></p>
</form>
<?php
mysql_close();
include('review_footer.php');
?>