Update SQL with PHP FORM

I'm having trouble with this and I don't know what I'm doing wrong.

Here's my code on the first page:

			$query = "SELECT blogid, title, date, blogentry, blog.catid, category.categoryid, category.category FROM blog INNER JOIN category ON blog.catid = category.categoryid ORDER BY blogid DESC LIMIT 1";

			$result = mysql_query($query) or die(mysql_error());

				$row=mysql_fetch_array($result, MYSQL_ASSOC); 

				$blogid = $row['blogid'];

				$categoryid = $row['categoryid'];
				
				$catid = $row['catid'];

				$category = $row['category'];

				$text = $row['blogentry'];

				$title = $row['title'];

				$date = $row['date'];

				echo "<b>" . $date . "</b><br />\n ";
				
			
					if (isset($_REQUEST['update_category']))  {
					$update_category = $_REQUEST['update_category'];
					$nextpage = $update_category . ".php";
					include($nextpage);
					}
					
					$query = "SELECT categoryid, category FROM category"; 
					$result = mysql_query($query) or die(mysql_error());
						echo "<form action=" . $_SERVER['PHP_SELF'] . " method=\"post\">\n";
						echo "<select name=\"categoryid\">\n";
						echo "<option>Change Category</option>";
						while($row = mysql_fetch_array($result, MYSQL_ASSOC))
												   {
													   $category = $row['category'];
													   $categoryid = $row['categoryid'];
													   echo "<option value=\"$categoryid\">" . $category . "</option>\n";
												   }
						echo "</select>\n";
						echo "<input type=\"hidden\" name=\"update_category\" value=\"update_category\" />\n";
						echo "<input type=\"submit\" name=\"submit\" value=\"submit\" />\n";
						echo "</form>\n";

PHP:

I used the isset command to call the other page when submitted. Im new to PHP so I didn't know any other way of doing this. Initially I tried it all on one page and the isset was $submit, but that didn't work either.

Here's the second page:

$blogid = $_POST['id'];
$categoryid = $_POST['id'];
$category = $_POST['category'];

$qp1 = "UPDATE blog SET catid = '$categoryid' WHERE blogid = '$blogid'";
$resultqp1 = mysql_query($qp1) or die("shit it don't work");

if ($resultqp1) {
	echo "Your blog now has a category, it was posted in " . $category;
	echo $resultqp1;
}

PHP:

Everytime I submit the form the result is always "1". On mySQL the I made the default 1, so that means that there is no category, but it never changes. Anyone know whats wrong.

Here's the site: developer.surefirewebservices.com

 

OK...problem #1

echo $resultqp1;

Code (markup):

You're echoing the mysql resource identified. You should have

$qp1 = "UPDATE blog SET catid = '$categoryid' WHERE blogid = '$blogid'";
mysql_query($qp1) or die(mysql_error()); // while "oh shit it don't work" will make your users laugh, it won't tell you your problem here. =) 

Code (markup):

Second problem, you're assigning $_POST['id'] to two different variables. If $_POST['id'] were set, you'd always be setting the catid to the blogid (or vice versa).

You also have no input named "id" in your form. So, you're not passing any information to the query, which is probably why it isn't doing anything. You need a field for that.

And...the last thing, more of a security issue that anything...

 echo "<input type=\"hidden\" name=\"update_category\" value=\"update_category\" />\n"

Code (markup):

If someone wants to, they can just modify your form and turn "update_category" into whatever page they want, like my_super_admin_page, in which case it will display whatever page they want without a security prompt.

So, try moving the second page to the top of the first page. Use

if(isset($_POST['submit'])) { //do stuff }

Code (markup):

Instead of using $_REQUEST, and get rid of the hidden input for "update category"

 

Ok, I tried all the changes you suggested, thank you for that. I'm still having the problem of the field not updateing. I'm not getting any errors, which is great. I tried to add a hidden field and call it "id", I also tried to name the drop down categoryid, category, etc. For some reason it's not updated. I don't know why the info is not going through.

Here is the new code, all on once page:

						if (isset($_POST['submit']))  {
						$query = "UPDATE blog SET catid = '$categoryid' WHERE blogid = '$blogid'";
						mysql_query($query) or die(mysql_error());
						}


						$blogid = $_GET['id'];
						
						$query = "SELECT title, blogid, blog.catid, category.categoryid, category.category FROM blog LEFT JOIN category ON blog.catid = category.categoryid WHERE blogid = '$blogid'";
						$result = mysql_query($query) or die(mysql_error());
						$row = mysql_fetch_array($result, MYSQL_ASSOC);
						$catid = $row['catid'];
						$blogid = $row['blogid'];
						$title = $row['title'];
						$categoryid = $row['categoryid'];
						$category = $row['category'];
						echo "Blog title: " . $title . "<br />\n";
						echo "Posted in: " . $category . "<br />\n";
						echo "Change category to: <br />";
						
						echo "<form action=\"update_category.php?id=$blogid\" method=\"post\">";
						echo "<select name=\"category\">\n";
							echo "<option>Change Category</option>";
						$catquery = "SELECT categoryid, category FROM category WHERE categoryid > 1";
						$catresult = mysql_query($catquery);
							while($row = mysql_fetch_array($catresult, MYSQL_ASSOC))
							   {
								   $categoryid = $row['categoryid'];
								   $category = $row['category'];
								   echo "<option value=\"" . $categoryid . "\">" . $category . "</option>\n";
							   }
							echo "</select>\n";
						echo "<input type=\"hidden\" name=\"id=\" value =\"$categoryid\" />\n";
						echo "<input type=\"submit\" name=\"submit\" value=\"submit\" />\n";
						echo "</form>\n";

PHP:

 

Altari, Thanks for trying to help out, I gave you a green rep!! I finally figured out what was wrong and understand a little more PHP now because of it. The code above didn't work so I added the following:

						$categoryid = $_POST['categoryid'];
						$category = $_POST['category'];

PHP:

I put that above the form code and now it's working perfectly. TRIAL AND ERROR BABY!!!! I happy I finally got it though. THanks.