BioRUST Forums - View Single Post

ViciOuS · 04-21-2005

Okay, I fixed up the change pw script for now but i'm still getting the same bug with my news script.

editnews.php

Code:

<?php
session_start();
if($_SESSION['s_logged_n'] == 'true'){

include('config.php');

$ID = $_GET['id'];

$sql = mysql_query("SELECT * FROM news WHERE id='$ID'");
$row = mysql_fetch_array($sql);
$title = $row['title'];
$news = $row['news'];

 if(!$action)
{
?>

<html><head><title></title>
<style>
<!--
a{text-decoration:none}
//-->
</style>
<style>
a:visited{color:blue; text-decoration:none; }
a:active{color:red; text-decoration:none; }
a:link{color:red; text-decoration:none; }
a:hover{color:orange; text-decoration:underline; }
</style>
<link href="style.css" type="text/css" rel="stylesheet">
</head>
<div align="center">
 <FORM method="post" action="?action=submit" name="editnews">
  <TABLE width="80%" valign="center">
    <tr>
      <td><font color="#555555" face="Verdana, Arial, Helvetica, sans-serif" size="2">
&nbsp;<b>Title </b></td>
      <td><INPUT class="input-box1" type="text" name="title" value="<?php echo $title; ?>"></td>
    </tr>
    <tr>
      <td><font color="#555555" face="Verdana, Arial, Helvetica, sans-serif" size="2">
&nbsp;<b>News </b></td>
      <td><TEXTAREA class="input-box1" Name="news" Rows="15" Cols="55"><?php echo $news; ?></TEXTAREA></td>
    </tr>
  </TABLE>
  <TABLE width="80%" valign="center">
    <tr>
     <td><center>
        <INPUT class="submit1" type="submit" tabindex="5" name="submit" value="Update News">
       </center></td>
    </tr>
  </TABLE>
 </FORM>
<br>
<hr width="50%">
<center>
 <FORM action="editnews_interface.php" method="post" name="back">
   <INPUT class="submit2" type="submit" name="back" value="Back">
 </FORM>
</div>

<?php
}
 else if($action == "submit")
 {
  $sql = mysql_query("SELECT * FROM news ORDER BY id DESC LIMIT 1");
   while($row = mysql_fetch_array($sql)) {

    $title = trim(addslashes($_POST['title']));
    $date = date("m.d.y");
    $news = $_POST['news'];
    $id = $row['id'];

    $worked1 = mysql_query("UPDATE news SET title='$title' WHERE id='$id'");
    $worked3 = mysql_query("UPDATE news SET date='$date' WHERE id='$id'");
    $worked2 = mysql_query("UPDATE news SET news='$news' WHERE id='$id'");

 if((!$worked1) || (!$worked2) || (!$worked3)) {
   die('Didn\'t work because' . mysql_error());}

else{
   echo 'Successfully updated ' . $title . '. (ID# ' . $id . ')<br><br>
<a href="editnews_interface.php" target="iframe2">Return to Editing/Deleting News</a>';}
}
}

}
 else{ header("Location: login.php");
} 
?>