@@ -85,23 +85,27 @@ if (!$function) {
$text = $_POST["text"];
$active = $_POST["active"];
$id = $_POST["id"];
- $sql = "UPDATE `t_faq` SET `title`='$title', `index`='$index', `alias`='$alias', `text`='$text', `active`='$active' WHERE `id`='$id'";
- $sql_result = mysql_query($sql, $connection) or trigger_error("
MySQL Error ".mysql_errno().": ".mysql_error()."
", E_USER_NOTICE);
- if ($sql_result) {
- echo"Your update to '$title', has been successful. ";
+ if (checkFormKey()) {
+ $sql = "UPDATE `t_faq` SET `title`='$title', `index`='$index', `alias`='$alias', `text`='$text', `active`='$active' WHERE `id`='$id'";
+ $sql_result = mysql_query($sql, $connection) or trigger_error("
MySQL Error ".mysql_errno().": ".mysql_error()."
", E_USER_NOTICE);
+ if ($sql_result) {
+ echo"Your update to '$title', has been successful. ";
+ }
}
} else if ($_POST["submit"] == "Delete Entry") {
echo"
Processing, please wait...
\n";
$id = $_POST["id"];
$title = $_POST["title"];
- $sql = "DELETE FROM `t_faq` WHERE `id`='$id'";
- $sql_result = mysql_query($sql, $connection) or trigger_error("
MySQL Error ".mysql_errno().": ".mysql_error()."
", E_USER_NOTICE);
- if ($sql_result) {
- echo"You've successfully deleted the FAQ Entry '$title'.";
- include"$page_footer";
- echo"