Thanks!
Now the delete goes if I click on it, but it doesn't disappear from the page as I think it needs a refresh. I was thinking of adding some javascript to make it disappear visually.
Here is the updated code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title></title>
</head>
<body>
<div id="container">
<a href="<?=$_SERVER['PHP_SELF']?>?do=edit">Edit posts</a>
<?php
$showform = TRUE;
// posting functions
if (isset($_POST['submit']))
{
// validate
$error = '';
$title = stripslashes(trim($_POST['title']));
$content = stripslashes(trim($_POST['content']));
$date = date("jS\/F\/Y");
if(!$title)
{
$error[] = "Title";
}
if(!$content)
{
$error[] = "Content";
}
if($error)
{
foreach ($error as $value)
{
$errors .= "<li>" . $value . "</li>";
}
$message = '<p class="error">Please check your</p><ul>' . $errors . '</ul>';
$showform = TRUE;
}
// writing is a post related thing to do
if($action="write")
{
require("dbconnect.php");
$query = "INSERT INTO blog (title, content, date) VALUES ('$title', '$content', '$date')";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
mysql_close($connection);
$message = '<p class="confirm">You have just posted on your blog</p>';
$showform = FALSE;
}
// editing is a post-related thing to do
if($action="edit")
{
}
}
switch($do)
{
case "edit":
require("dbconnect.php");
$query = "SELECT id, title, content, date FROM blog";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
if (mysql_num_rows($result) > 0)
{
echo "<ul>";
while($row = mysql_fetch_row($result))
{
echo "<li>";
echo "<a href=" . $_SERVER['PHP_SELF'] . "?do=edit&act=change&id=" . $row[0] .">".$row[1]."</a> | <a href=" . $_SERVER['PHP_SELF'] . "?do=edit&act=delete&id=" . $row[0] .">Delete</a></li>";
}
echo "</ul>";
}
else
{
echo "No rows found!";
}
mysql_close($connection);
switch($act)
{
case "change":
require("dbconnect.php");
$query = "SELECT id, title, content, date FROM blog WHERE id='$id'";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
$row = mysql_fetch_row($result)
?>
<?php echo $message ?>
<?php if($showform)
{
?>
<form method="POST" action="<?=$_SERVER['PHP_SELF']?>">
<label for="title">Title:</label><input type="text" name="title" value="<?php echo $row[1]; ?>" /><br />
<label for="content">Content:</label><textarea name="content" /><?php echo $row[2]; ?></textarea><br />
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="<?php echo $row[0]; ?>" />
<input type="submit" name="submit">
</form>
<?php
}
mysql_close($connection);
break;
case "delete":
require("dbconnect.php");
$id = $_GET["id"];
$query = "DELETE FROM blog WHERE id='$id'";
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
$message = '<p class="confirm">You have just deleted that post</p>';
mysql_close($connection);
break;
}
break;
default:
?>
<?php echo $message ?>
<?php if($showform)
{
?>
<form method="POST" action="<?=$_SERVER['PHP_SELF']?>">
<label for="title">Title:</label><input type="text" name="title" value="<?php echo $title; ?>" /><br />
<label for="content">Content:</label><textarea name="content" /><?php echo $content; ?></textarea><br />
<input type="hidden" name="action" value="write" />
<input type="submit" name="submit">
</form>
<?php
}
}
?>
</div>
</body>
</html>
Any gaping security holes / blatant inefficiency?
Cheers
