you should "never" use a brand new smartphone to sink a nail into a 2x4
Hahaha, this had me laughing.
What's the point of making data safe for use inside a SQL query if you've already used the data in a SQL query?
After it was mentioned, no it doesn't make sense to use it after a query. Very silly to not assume this right away when learning PHP, but hey :p I know now and that is all I care about.
Here is the corrected code
<?php
//CONNECT TO THE MYSQL DATABASE
$link = mysqli_connect('host','user','pass','database');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
//CREATE THE VARIABLES TO IDENTIFY THE DIFFERENT FORM INPUTS
$tbl_name="opl_comp";
//VARIABLE TO ASSIGN PRIMARY KEY VALUE SO THE FORM KNOWS WHICH ROW IS BEING EDITED
$game_id = isset($_GET['game_id']) ? (int)$_GET['game_id'] : 0;
//IMPLODE THE CHECKBOX SELECTIONS EG 1, 2, 3
if(isset($_POST['mode'])) {
$mode = implode(",", $_POST['mode']);
} else {
$mode = "None";
}
//VARIABLES TO ASSIGN THE FORM'S INPUT FIELD VALUES TO WHICH COLUMN THE DATA WILL BE INSERTED INTO
$region=$_POST['region'];
$vmc=$_POST['vmc'];
$smb=$_POST['smb'];
$hdd=$_POST['hdd'];
$usb=$_POST['usb'];
$notes=$_POST['notes'];
$comp=$_POST['comp'];
$oplver=$_POST['oplver'];
$gamename=$_POST['gamename'];
?>
<?php
//ESCAPE THE VARIABLE INPUTS
$gamename = mysqli_real_escape_string($link, $_POST['gamename']);
$region = mysqli_real_escape_string($link, $_POST['region']);
$notes = mysqli_real_escape_string($link, $_POST['notes']);
$oplver = mysqli_real_escape_string($link, $_POST['oplver']);
$usb = mysqli_real_escape_string($link, $_POST['usb']);
$smb = mysqli_real_escape_string($link, $_POST['smb']);
$hdd = mysqli_real_escape_string($link, $_POST['hdd']);
$comp = mysqli_real_escape_string($link, $_POST['comp']);
//ON SUBMIT, UPDATE THE SQL DATABASE TABLE WITH THE NEW DATA INSIDE THE FORM INPUT FIELDS
if(isset($_POST['submit'])) {
$update="UPDATE $tbl_name SET notes='$notes', gamename='$gamename', region='$region', mode='$mode', smb='$smb', hdd='$hdd', usb='$usb', comp='$comp', vmc='$vmc', oplver='$oplver' WHERE id='".$game_id."'";
$result=mysqli_query($link,$update) or die("Error: ".mysqli_error($update));
}
?>
<?php
//SELECT ALL FROM SQL DATABASE TABLE WHERE THE id COLUMN IS THE PRIMARY KEY VALUE
$sql = "SELECT * FROM $tbl_name WHERE id = '".$game_id."'";
//SUBMIT QUERY TO DATABASE
$result = $link->query($sql) or die(mysqli_error($sql));
?>
<?php
//LOOP RETREIEVED DATA TO BE DISPLAYED INSIDE OF THE FORM
while ($row = $result->fetch_assoc()) {
?>
<h2>Update Entry #<?php echo $game_id;?><BR />
PLEASE BE CONSIDERATE WHEN EDITING AN ENTRY</h2>
<table width="565" border="0" bgcolor="#006699">
<form action="" method="post" name="form1" id="form1" onsubmit="return formCheck(this);">
<tr>
<td width="171" bgcolor="#003333"><strong> Game Name</strong></td>
<td width="384" bgcolor="#003333"> <input name="gamename" type="text" id="gamename" value="<?php echo $row['gamename']; ?>" size="45" /></td>
</tr>
<tr>
<td bgcolor="#003333"><strong> Region / OPL Ver</strong></td>
<td bgcolor="#003333"> <select name="region" id="region">
<option selected="selected" value="http://www.oplinfo.x11s.org/files/images/U.png">NTSC-U</option>
<option value="http://www.oplinfo.x11s.org/files/images/J.png">NTSC-J</option>
<option value="http://www.oplinfo.x11s.org/files/images/E.png">PAL</option>
<option value="http://www.oplinfo.x11s.org/files/images/O.png">OTHER</option>
</select> <select name="oplver" id="oplver">
<option value="0.6">OPL 0.6</option>
<option value="0.6">OPL 0.7</option>
<option value="0.8">OPL 0.8</option>
<option selected="selected" value="0.9">OPL 0.9</option>
</select></td>
</tr>
<tr>
<td bgcolor="#003333"><strong> Result</strong></td>
<td bgcolor="#003333"><strong> Compatible</strong>
<input name="comp" type="radio" id="comp" value="http://www.oplinfo.x11s.org/files/images/comp.gif"/>
<strong>Incompatible</strong><label for="comp">
<input type="radio" name="comp" id="incomp" value="http://www.oplinfo.x11s.org/files/images/incomp.gif" />
<strong>Issues</strong>
<input type="radio" name="comp" id="issues" value="http://www.oplinfo.x11s.org/files/images/issues.gif" />
</label></td>
</tr>
<tr>
<td bgcolor="#003333"><strong> VMC Support</strong></td>
<td bgcolor="#003333"> Yay
<input type="radio" name="vmc" id="vmc" value="VMC"/>
Nay
<input type="radio" name="vmc" id="mc" value="MC"/> </td>
</tr>
<tr>
<td bgcolor="#003333"><strong> Load Methods</strong></td>
<td bgcolor="#003333"> SMB
<input type="checkbox" name="smb" id="smb" value="SMB"/>
USB
<input type="checkbox" name="usb" id="usb" value="USB"/>
HDD
<input type="checkbox" name="hdd" id="hdd" value="HDD"/>
</td>
</tr>
<tr>
<td bgcolor="#003333"><strong> Modes</strong></td>
<td bgcolor="#003333"> 1
<input type="checkbox" name="mode[]" id="mode1" value="1" />
2
<input type="checkbox" name="mode[]" id="mode2" value="2" />
3
<input type="checkbox" name="mode[]" id="mode3" value="3" />
4
<input type="checkbox" name="mode[]" id="mode4" value="4" /> 5
<input type="checkbox" name="mode[]" id="mode5" value="5" />
6
<input type="checkbox" name="mode[]" id="mode6" value="6" />
7
<input type="checkbox" name="mode[]" id="mode7" value="7" />
8
<input type="checkbox" name="mode[]" id="mode8" value="8" /></td>
</tr>
<tr>
<td bgcolor="#003333"><strong> Notes</strong></td>
<td bgcolor="#003333"> <textarea name="notes" id="notes" cols="38" rows="2"><?php echo $row['notes']; ?></textarea></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td height="28" bgcolor="#003333"> <input type="submit" name="submit" value="Update" id="submit" /></td>
<td bgcolor="#003333"><strong> *refrain from clicking submit more then once*</strong></td>
</tr></form>
</table>
<p><A href='index.php'><strong>VIEW GAME COMPATABILITY DATABASE</strong></A><br />
</p>
</center>
<?php
//END THE LOOP OF DATA TO THE FORM
}
?>
<?php
//CLOSE THE CONNECTION TO THE DATABASE
mysqli_close($link);
?>