CMS Update/Edit function not working

[lmcmanus13]

I am trying to create a CMS management website, but I can't seem to get the update function to work. Everything else works fine but not the update function. Can anyone please tell me why or what the problem is? I have spent too long trying to fix it and have failed. It is correctly linked to the database when I hit the edit button all i get is UPDATE_CONTENT_FORM($_GET['ID'])?>where the text boxes should be is   . Please help, I am really stuck. (sorry about spelling )

code in CMS_Class.php

Class modernCMS{

var $host='localhost';
var $username='lmcmanus13';
var $password='k0gl0zfh3g1ccm4v';
var $db='lmcmanus13';

function connect(){
$con = mysql_connect($this->host, $this->username, $this->password);
mysql_select_db($this->db,$con);
}

function get_content($id =''){

if ($id != ""):
$id = mysql_real_escape_string($id);//helps to protect database from beening hacked 
$sql = "SELECT * FROM `CMS_Content` WHERE id ='$id'";

else:
$sql = 'SELECT * FROM `CMS_Content` WHERE 1';

endif;

//$query = 'SELECT * FROM `CMS_Content` WHERE 1';
$result = mysql_query($sql) or die(mysql_error());

if (mysql_num_rows($result)!=0):
while($row= mysql_fetch_assoc($result)){
echo '<h1><a href="Animals.php?id=' . $row['id'] . '">' . $row['Title'] . '</h1>';
echo '<p>' . $row['Body'] . '</p>';
}
else:
echo '<p> we are sorry there seems to be a problem with your request</p>';
endif;
echo $return='<p><a href ="Animals.php">Back</a></p>';

}

function add_content($_POST){

$Title= mysql_real_escape_string($_POST['Title']);
$Body= mysql_real_escape_string($_POST['Body']);

if(! $Title || ! $Body):
if(!$Title=""):
echo"<p>The Title is required<p>";
endif;
if(!$Body=""):
echo"<p>The Body is required<p>";
echo '<a href="add-content.php">Try Again</a>';
endif;
else:
$sql="INSERT INTO `CMS_Content`(`id`, `Title`, `Body`) VALUES ('null','$_POST[Title]','$_POST[Body]')";
$result = mysql_query($sql) or die(mysql_error());
echo "<meta http-equiv='refresh' content='0;url=added.php'>";
endif;
} 

function manage_content (){
echo '<div id ="manage">';
$sql = 'SELECT * FROM `CMS_Content`';
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)):
echo '<h1><a id=' . $row['id'] . '">' . $row['Title'] . '</h1>'
?>
<div>
<span ><a href="update-content.php?id=<?php= echo= $row['id']?>">Edit</a>|<a href="?delete=<?php echo $row['id']; ?>">Delete</a></a></span>
</div>

<?php
endwhile;
echo '</div>';//closes the manages div
}

Function delete_content($id){

if(!$id){
return false;
}else{
$id=mysql_real_escape_string($id);
$sql="DELETE FROM CMS_Content WHERE id='$id'";
$result = mysql_query($sql) or die(mysql_error());
echo "<meta http-equiv='refresh' content='0;url=deleted.php'>";
}
function update_content_form($id) {
$id = mysql_real_escape_string($id);
$sql = "SELECT * FROM CMS_Content WHERE id = '$id'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($res) 
?>
<form action="Animals.php" method="post" > 
<input type="hidden" name="update" value="true" />
<input type="hidden" name="id" value="<?php=$row['id']?>" />
<div>
<label for="title">Title:</label>
<input type="text" name="Title" id="Title" value="<?php=$row['Title']?>" />
</div>
<div>
<label for="body">Body:</label>
<textarea name="body" id="body" rows="8" cols="40"><?php=$row['Body']?></textarea>
</div>
<input type="submit" name="submit" value="Update content" />
</form>
<?php

function update_content($p) {
$title = mysql_real_escape_string($s['title']);
$body = mysql_real_escape_string($s['body']);
$id = mysql_real_escape_string($p['id']);

if(!$title | !$body):

if(!$title):
echo "<p>The Title is Required</p>";
endif;
if(!$body):
echo "<p>The body is Required</p>";
endif;
echo '<p><a href=" update_content.php?id=' . $id . '">Try Again</a></p>';
else:
$sql = "UPDATE CMS_Content SET title = '$title', body = '$body' WHERE id = '$id'";
$res = mysql_query($sql) or die(mysql_error());
echo "Updated Successfully!";
endif;
}
}
}//end of class
}
?>

code in Animals.php

<h1> Our Animals </h1>



<ul>
<li><a href="manage-content.php">Manage Content</a></li>
<li><a href="add-content.php">Add Content</a></li>
</ul>

<?php 
if(isset($_POST['add'])):
$obj->add_content($_POST);
elseif(isset($_POST['update'])):
$obj->update_content_form($_POST);
endif; 
?>
Code in update-content.php
<h1> Our Animals j,j</h1>
<h1> Update Content </h1> 
<?=$obj->update_content_form($_GET['id']) ?>

[maxxd]

In your update_content() method, you've got a parameter of $p, but you're checking $s for title and body. Also, change

if(!$title | !$body):

to

if(!$title || !$body):

That being said, there are numerous other issues with the code you've posted, the most important of which is that you're calling the class modernCMS and using the mysql_* functions, which have been deprecated and slated for removal for about a decade.

 

And I'm hoping those aren't your actual database credentials you posted.

[lmcmanus13]

thanks i will try it and no they are not my database credentials i made them up :-) 

[Ch0cu3r]

Your code is using short tags <? or <?=  These tags are only available if a setting called short_tags is enabled in the php.ini.

 

On your server they appear to not be enabled because you are seeing the PHP code in your webpage where the textbox should be. I would advise you change the short tags to their full counterparts as shown below

<?      should be      <?php

<?=     should be      <?php echo

Also could you wrap your code in

tags or click the <> button in the editor when posting code.