SE/edit.php at master · amit502/SE · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

<?php
error_reporting(E_ALL ^ E_DEPRECATED);
function clear($message)
{
	if(!get_magic_quotes_gpc())
		$message = addslashes($message);
	$message = strip_tags($message);
	$message = htmlentities($message);
	return trim($message);
}
mysql_connect('localhost','root','');
mysql_select_db('sms');
if(!isset($_GET['id']) && empty($_GET['id']))
{
	$query = mysql_query("SELECT * FROM news ORDER BY id DESC");
	echo 'Edit<hr />';
	while($result = mysql_fetch_assoc($query))
		echo $result['subject'].' &raquo; <a href="?id='.$result['id'].'">Edit</a><br />';
	   // global $sub;
		//$sub=$result['subject'];
}
else
{
	if (isset($_POST['submit']) && !empty($_POST['submit']))
	{
		$postedby = clear($_POST['postedby']);
		$subject = clear($_POST['subject']);
		$news = clear($_POST['news']);
		$date = date("Y:m:d");
		$id = $_GET['id'];
		mysql_query("UPDATE news SET postedby='$postedby', news='$news', subject='$subject', date='$date' WHERE id='$id'");
		mysql_close();
		echo 'News Edited.';
	}
	else
	{
		$id = $_GET['id'];
		$query = mysql_query("SELECT * FROM news WHERE id='$id'");
		$result = mysql_fetch_assoc($query);
?>
<form method="post" action="?id=<?php echo $result['id']; ?>">
Editing <?php echo $result['subject']; ?><hr />
Posted By:<input name="postedby" id="postedby" type="Text" size="50" maxlength="50" value="<?php echo $result['postedby']; ?>"><br />
Subject:<input name="subject" id="subject" type="Text" size="50" maxlength="50" value="<?php echo $result['subject']; ?>"><br />
News:<textarea name="news" cols="50" rows="5"><?php echo $result['news']; ?></textarea><br />
<input type="Submit" name="submit" value="Enter information">
</form>
<?php }} ?>