can't update mysql record

generic

as the title suggests, I'm trying to update a mysql record and it's just not working out for me. It populates the form fields just fine and grabs the news id from the url but it just won't update.

Can anyone take a look at the following code and see where I'm going wrong?

<?php
// grab news id from url
$n = $_REQUEST['n'];

// grab form variables
$news_title = $_POST['news_title'];
$news_article = $_POST['news_article'];

$dbtable = 'news';

if($_REQUEST['submitted']==1) { // if information was posted, insert the data into the db
	$result = mysql_query("UPDATE $dbtable SET news_title='$news_title', news_article='$news_article' WHERE news_id='$n'") or die(mysql_error());

echo "<p>News entry saved. Click <a href=\"test.php\">here</a> to see the results.</p>";

} else { // if no information was posted, show the FCKeditor

$result = mysql_query("SELECT * FROM $dbtable WHERE news_id = '$n'") or die(mysql_error());  
    while($row = mysql_fetch_assoc($result))
         {
			$news_id = $row["news_id"]; 
			$news_title = $row["news_title"];
			$news_article = $row["news_article"];
			$news_date = $row["news_date"];
			$news_expire = $row["news_expire"];

echo "<h1>Update News Article</h1>
<p>Please use the control below to edit existing articles in the database. It works like any word processor (like Microsoft Word or Works) so it should be pretty straightforward!</p>
<hr />
<form action=\"".$PHP_SELF."\" method=\"post\">
<p>News Title: <input type=\"text\" name=\"news_title\" value=\"".$news_title."\"></p>";

// initialise FCKeditor
$oFCKeditor = new FCKeditor('news_article') ;
$oFCKeditor->BasePath = 'fckeditor/' ;
$oFCKeditor->ToolbarSet = 'Basic';
$oFCKeditor->Value = $news_article ;
$oFCKeditor->Create() ;

echo "<input type=\"submit\" value=\"submit\">
<input type=\"hidden\" name=\"submitted\" value=\"1\">
</form>";
	} // end of while
}
?>

Thanks in advance!

gen

rulian

check to see if your ID is correct, php self in php5 is $SERVER["PHP_SELF"] not the old php4 way. It's safer to use $GET rather then $_REQUEST to avoid conflicts.

and since you are uisng a html editor, it's best to escape your data being entered, which is smart to do in any user input but especially one where you are expecting html code.

Read about mysql_real_escape_string, and sql injections

if you PHP_SELF is breaking, then your form wont pass the $_GET variable
the correct syntanx for your for shoudl be

basename($SERVER["PHP_SELF"])."?".$SERVER["QUERY_STRING"];