Is it a DANGOROUS assumption in this cass to think that the right record will be updated after the INSERT INTO query has put the new record into the DB and the SELECT query has retrieved the $sid (story id). The way the SELECT and UPDATE queries are layed out, is is remotely possible that the wrong record can be updated if the user submits a post with the same $uid (user id) and the same name of a story that is already in the DB?
$sql = mysql_query("INSERT INTo $dbstory (uid,storyname,description,series,catid,gid,updated,dateint,rated) VALUES (
'$uid',
'$_POST[storyname]',
'$_POST[desc]',
'$_POST[topic]',
'$_POST[category]',
'$_POST[genre]',
'$date',
'$dateint',
'$_POST[rate]')") or die (mysql_error());
$storyloop = "SELECT sid FROM $dbstory WHERE storyname = '$_POST[storyname]' AND uid = '$uid'";
$storyloop1 = mysql_query($storyloop);
while ($sl = mysql_fetch_array($storyloop1)){
$sid = $sl['sid'];
}
if(isset($_POST['submitstory'])){
$sql = mysql_query("UPDATE $dbstory SET marked = '$sid', cid = '0' WHERE sid = '$sid'");
}else{
$chapterloop = "SELECT * FROM $dbstory WHERE marked = '$_POST[storys]' AND uid = '$uid' order by cid asc";
$chapterloop1 = mysql_query($chapterloop);
while ($getch = mysql_fetch_array($chapterloop1)){
$numch = $getch['cid'];
$chplus = $numch + 1;
$sql = mysql_query("UPDATE $dbstory SET marked = '$_POST[storys]', cid = '$chplus' WHERE sid = '$sid'");
$sql = mysql_query("UPDATE $dbstory SET updated = '$date' WHERE sid = '$_POST[storys]'");
}
}
