Ok, I'm real new to php, so I'm sorry if this is a stupid question. I've started building a blog using php and mySql and I'm having problems with updating my posts. My update page loads fine (with ?id=x attached to the end of the url), but when I hit update, I get my custom error message, "Invalid Entry ID" back. What gives?

<?php

mysql_connect ('localhost', 'securitized', 'securitized') ;
mysql_select_db ('securitized_blog');

if (isset($_POST['update'])) {
	$id = htmlspecialchars(strip_tags($_POST['id']));
	$month = htmlspecialchars(strip_tags($_POST['month']));
	$date = htmlspecialchars(strip_tags($_POST['date']));
	$year = htmlspecialchars(strip_tags($_POST['year']));
	$time = htmlspecialchars(strip_tags($_POST['time']));
	$entry = $_POST['entry'];
	$title = htmlspecialchars(strip_tags($_POST['title']));
	$label = htmlspecialchars(strip_tags($_POST['label']));
	
	$entry = nl2br($entry);
	
	$category = (int)$_POST['category'];
	
	if (!get_magic_quotes_gpc()) {
		$title = addslashes($title);
		$label = addslashes($title);
		$entry = addslashes($entry);
	$timestamp = strtotime ($month . " " . $date . " " . $year . " " . $time);
	$result = mysql_query("UPDATE php_blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password', category='$category' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error());
	}
}

if (isset($_POST['delete'])) {
	$id = (int)$_POST['id'];
	$result = mysql_query("DELETE FROM php_blog WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error());
	if ($result != false) {
		print "The entry has been successfully deleted from the database.";
		exit;
	}
}

if (!isset($_GET["id"]) || empty($_GET["id"]) || !is_numeric($_GET["id"])) {
    die("Invalid entry ID.");
}
else {
    $id = (int)$_GET["id"];
}


$result = mysql_query ("SELECT * FROM php_blog WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result)) {
	$old_timestamp = $row['timestamp'];
	$old_title = stripslashes($row['title']);
	$old_label = stripslashes($row['label']);
	$old_entry = stripslashes($row['entry']);
	$old_category = $row['category'];
	
	$old_title = str_replace('"','\'',$old_title);
	$old_entry = str_replace('<br />', '', $old_entry);
	
	$old_month = date("F",$old_timestamp);
	$old_date = date("d",$old_timestamp);
	$old_year = date("Y",$old_timestamp);
	$old_time = date("H:i",$old_timestamp);
}
?>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<p><input type="hidden" name="id" value="<?php echo $id; ?>" />

<strong><label for="month">Date (month, day, year):</label></strong> 

<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>

<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>

<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>

<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>

</select>

<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" />

<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2004">2004</option>

<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>

<option value="2009">2009</option>
<option value="2010">2010</option>
</select>

<p><strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p>

<?php
$result2 = mysql_query("SELECT * FROM php_blog_categories");

echo '<p><strong><label for="category">Category:</label></strong><select name="category" id="category">';

while($row2 = mysql_fetch_array($result2)) { ?>

	<option value="<?php echo $row2['category_id']; ?>"
	<?php if ($old_category == $row2['category_id']) echo ' selected="selected"'; ?>><?php echo $row2['category name']; ?></option>
	<?php
}
?>
</select></p>

<p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /> </p>

<p><strong><label for="label">Label:</label></strong> <input type="text" name="label" id="label" value="<?php echo $old_label; ?>" size="40" /> </p>

<p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p>

<p><input type="submit" name="update" id="update" value="Update"></p>

<p><strong>Before deleting, be absolutely sure - there is no confirmation, nor is there any way to reverse deletion!</strong></br />
<small>(You may be shown your entry again after deleting - do not worry, it HAS been deleted.  Check the main page of the blog if you are still unsure.</small></p>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<input type="hidden" name="id" id="id" value="<?php echo $id; ?>" />

<input type="submit" name="delete" value="Yes, I am absolutely and positively sure I want to delete this entry." />
</form>

</form>

<?php
mysql_close();
?>

Form method is POST. You are using $_GET. :)

Thanks for your reply, but if I change the $_GET to $_POST in the relevant section:

if (!isset($_GET["id"]) || empty($_GET["id"]) || !is_numeric($_GET["id"])) {
    die("Invalid entry ID.");
}
else {
    $id = (int)$_GET["id"];
}

then I get "Invalid entry ID" before the form even loads. What gives?

Obviously you will get Invalid entry ID. While the page is loading, it will check if $_POST is set. If its not set, it exits.
Instead, have it in this block.

if(isset($_POST['submit'])) {
if (!isset($_POST["id"]) || ....... other conditions..... ) {
die message...
}
}

I really appreciate the help, and if I'm just too ignorant to be helped further, just say so, accept my apologies, and be on your merry way :) But... that didn't fix it. I pulled the $_GET section, and added its if conditions to my if(isset($_POST['update'])) statement. The form loads, but there's nothing in it, because 'update' !isset. I feel like I need to GET the id from the url (which is generated by a link from a menu of entries) first, then POST it to actually update the db? Here's what it looks like right now. This brings up a blank form. I've tried changing the hidden 'id' field to a text field and manually entering the id, but then I get my custom error message: "Entry ID could not post."

<?php

mysql_connect ('localhost', 'db_username', 'db_password') ;
mysql_select_db ('db_blog');


if (isset($_POST['update'])) {
	if((!isset($_POST['id'])) || empty($_POST['id']) || !is_numeric($_POST['id'])) {
die("Entry ID could not post.");
}
	$id = htmlspecialchars(strip_tags($_POST['id']));
	$month = htmlspecialchars(strip_tags($_POST['month']));
	$date = htmlspecialchars(strip_tags($_POST['date']));
	$year = htmlspecialchars(strip_tags($_POST['year']));
	$time = htmlspecialchars(strip_tags($_POST['time']));
	$entry = $_POST['entry'];
	$title = htmlspecialchars(strip_tags($_POST['title']));
	$label = htmlspecialchars(strip_tags($_POST['label']));
	
	$entry = nl2br($entry);
	
	$category = (int)$_POST['category'];
	
	if (!get_magic_quotes_gpc()) {
		$title = addslashes($title);
		$label = addslashes($title);
		$entry = addslashes($entry);
	$timestamp = strtotime ($month . " " . $date . " " . $year . " " . $time);
	$result = mysql_query("UPDATE php_blog SET timestamp='$timestamp', title='$title', entry='$entry', password='$password', category='$category' WHERE id='$id' LIMIT 1") or print ("Can't update entry.<br />" . mysql_error());
	}
}

if (isset($_POST['delete'])) {
	$id = (int)$_POST['id'];
	$result = mysql_query("DELETE FROM php_blog WHERE id='$id'") or print ("Can't delete entry.<br />" . mysql_error());
	if ($result != false) {
		print "The entry has been successfully deleted from the database.";
		exit;
	}
}


$result = mysql_query ("SELECT * FROM php_blog WHERE id='$id'") or print ("Can't select entry.<br />" . $sql . "<br />" . mysql_error());
while ($row = mysql_fetch_array($result)) {
	$old_timestamp = $row['timestamp'];
	$old_title = stripslashes($row['title']);
	$old_label = stripslashes($row['label']);
	$old_entry = stripslashes($row['entry']);
	$old_category = $row['category'];
	
	$old_title = str_replace('"','\'',$old_title);
	$old_entry = str_replace('<br />', '', $old_entry);
	
	$old_month = date("F",$old_timestamp);
	$old_date = date("d",$old_timestamp);
	$old_year = date("Y",$old_timestamp);
	$old_time = date("H:i",$old_timestamp);
}

?>

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<p><input type="hidden" name="id" value="<?php echo $id; ?>" />

<strong><label for="month">Date (month, day, year):</label></strong> 

<select name="month" id="month">
<option value="<?php echo $old_month; ?>"><?php echo $old_month; ?></option>

<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>

<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>

<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>

</select>

<input type="text" name="date" id="date" size="2" value="<?php echo $old_date; ?>" />

<select name="year" id="year">
<option value="<?php echo $old_year; ?>"><?php echo $old_year; ?></option>
<option value="2004">2004</option>

<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>

<option value="2009">2009</option>
<option value="2010">2010</option>
</select>

<p><strong><label for="time">Time:</label></strong> <input type="text" name="time" id="time" size="5" value="<?php echo $old_time; ?>" /></p>

<?php
$result2 = mysql_query("SELECT * FROM php_blog_categories");

echo '<p><strong><label for="category">Category:</label></strong><select name="category" id="category">';

while($row2 = mysql_fetch_array($result2)) { ?>

	<option value="<?php echo $row2['category_id']; ?>"
	<?php if ($old_category == $row2['category_id']) echo ' selected="selected"'; ?>><?php echo $row2['category name']; ?></option>
	<?php
}
?>
</select></p>

<p><strong><label for="title">Title:</label></strong> <input type="text" name="title" id="title" value="<?php echo $old_title; ?>" size="40" /> </p>

<p><strong><label for="label">Label:</label></strong> <input type="text" name="label" id="label" value="<?php echo $old_label; ?>" size="40" /> </p>

<p><textarea cols="80" rows="20" name="entry" id="entry"><?php echo $old_entry; ?></textarea></p>

<p><input type="submit" name="update" id="update" value="Update"></p>

<p><strong>Before deleting, be absolutely sure - there is no confirmation, nor is there any way to reverse deletion!</strong></br />
<small>(You may be shown your entry again after deleting - do not worry, it HAS been deleted.  Check the main page of the blog if you are still unsure.</small></p>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<input type="hidden" name="id" id="id" value="<?php echo $id; ?>" />

<input type="submit" name="delete" value="Yes, I am absolutely and positively sure I want to delete this entry." />
</form>

</form>

<?php
mysql_close();
?>

Hmm! so, as per my understanding, you click a link (where you pass the id through the url, query the table with that id, fetch the relative records and then you either update it or delete it ?
Right ?
1. Why do you have a form within a form ? One form is enough to do both the jobs. Have 2 submit buttons with different names in one form and do respective operations when 'that' particular button is clicked.
Here is an example.

<?php
if(isset($_POST['submit1'])) {
	print "Update button pressed.<br>";
	print_r($_POST);
} 
if(isset($_POST['submit2'])) {
	print "Delete button pressed.<br>";
	print_r($_POST);
}
?>
<html>
<body>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type='text' name='name'>
<input type='hidden' name='id' value='3'>
<input type="submit" name="submit1" value="Update">
<input type="submit" name="submit2" value="Delete">
</form>
</body>
</html>

I hope its clear.

This article has been dead for over six months. Start a new discussion instead.