1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4. <head>
5. <meta http-equiv="content-type" content="text/html; charset=utf-8" />
6. <title>Edit a Blog Entry</title>
7. </head>
8. <body>
9. <?php // Script 12.9 - edit_entry.php
10. /* This script edits a blog entry using an UPDATE query. */
11.
12. // Connect and select:
13. $dbc = mysql_connect('h41mysql35.secureserver.net', 'yrosenthal', 'Password.1');
14. mysql_select_db('yrosenthal');
15.
16. if (isset($_GET['id']) && is_numeric($_GET['id']) ) { // Display the entry in a form:
17.
18. // Define the query.
19. $query = "SELECT title, entry FROM entries WHERE entry_id={$_GET['id']}";
20. if ($r = mysql_query($query)) { // Run the query.
21.
22. $row = mysql_fetch_array($r); // Retrieve the information.
23.
24. // Make the form:
25. print '<form action="script_12_09.php" method="post">
26. <p>Entry Title: <input type="text" name="title" size="40" maxsize="100" value="' . htmlentities($row['title']) . '" /></p>
27. <p>Entry Text: <textarea name="entry" cols="40" rows="5">' . htmlentities($row['entry']) . '</textarea></p>
28. <input type="hidden" name="id" value="' . $_GET['id'] . '" />
29. <input type="submit" name="submit" value="Update this Entry!" />
30. </form>';
31.
32. } else { // Couldn't get the information.
33. print '<p style="color: red;">Could not retrieve the blog entry because:<br />' . mysql_error() . '.</p><p>The query being run was: ' . $query . '</p>';
34. }
35.
36. } elseif (isset($_POST['id']) && is_numeric($_POST['id'])) { // Handle the form.
37.
38. // Validate and secure the form data:
39. $problem = FALSE;
40. if (!empty($_POST['title']) && !empty($_POST['entry'])) {
41. $title = mysql_real_escape_string(trim($_POST['title']));
42. $entry = mysql_real_escape_string(trim($_POST['entry']));
43. } else {
44. print '<p style="color: red;">Please submit both a title and an entry.</p>';
45. $problem = TRUE;
46. }
47.
48. if (!$problem) {
49.
50. // Define the query.
51. $query = "UPDATE entries SET title='$title', entry='$entry' WHERE entry_id={$_POST['id']}";
52. $r = mysql_query($query); // Execute the query.
53.
54. // Report on the result:
55. if (mysql_affected_rows() == 1) {
56. print '<p>The blog entry has been updated.</p>';
57. } else {
58. print '<p style="color: red;">Could not update the entry because:<br />' . mysql_error() . '.</p><p>The query being run was: ' . $query . '</p>';
59. }
60.
61. } // No problem!
62.
63. print '<p>click <a href="script_12_07.php">here</a> to see all the blog posts.</p>';
64.
65. } else { // No ID set.
66. print '<p style="color: red;">This page has been accessed in error.</p>';
67. } // End of main IF.
68.
69. mysql_close(); // Close the database connection.
70.
71. ?>
72. </body>
73. </html>