summary refs log tree commit diff stats
path: root/admin/editPoll.php
diff options
context:
space:
mode:
Diffstat (limited to 'admin/editPoll.php')
-rw-r--r--admin/editPoll.php30
1 files changed, 15 insertions, 15 deletions
diff --git a/admin/editPoll.php b/admin/editPoll.php index 3a154a3..425f33c 100644 --- a/admin/editPoll.php +++ b/admin/editPoll.php
@@ -81,21 +81,21 @@ if (isset($_GET['submit']))
81 $getpoll2 = mysql_query($getpoll); 81 $getpoll2 = mysql_query($getpoll);
82 $getpoll3 = mysql_fetch_array($getpoll2); 82 $getpoll3 = mysql_fetch_array($getpoll2);
83 83
84 $template->add('QUESTIONVALUE', $_POST['question']); 84 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
85 $template->add('OPTION1VALUE', $_POST['option1']); 85 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
86 $template->add('OPTION2VALUE', $_POST['option2']); 86 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
87 $template->add('OPTION3VALUE', $_POST['option3']); 87 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
88 $template->add('OPTION4VALUE', $_POST['option4']); 88 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
89 $template->add('TEXTVALUE', $_POST['text']); 89 $template->add('TEXTVALUE', $_POST['text']);
90 } else { 90 } else {
91 $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; 91 $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
92 $inspoll2 = mysql_query($inspoll); 92 $inspoll2 = mysql_query($inspoll);
93 93
94 $template->add('QUESTIONVALUE', $_POST['question']); 94 $template->add('QUESTIONVALUE', htmlentities($_POST['question']));
95 $template->add('OPTION1VALUE', $_POST['option1']); 95 $template->add('OPTION1VALUE', htmlentities($_POST['option1']));
96 $template->add('OPTION2VALUE', $_POST['option2']); 96 $template->add('OPTION2VALUE', htmlentities($_POST['option2']));
97 $template->add('OPTION3VALUE', $_POST['option3']); 97 $template->add('OPTION3VALUE', htmlentities($_POST['option3']));
98 $template->add('OPTION4VALUE', $_POST['option4']); 98 $template->add('OPTION4VALUE', htmlentities($_POST['option4']));
99 $template->add('TEXTVALUE', $_POST['text']); 99 $template->add('TEXTVALUE', $_POST['text']);
100 100
101 $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); 101 $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.'));
@@ -105,11 +105,11 @@ if (isset($_GET['submit']))
105 $getpoll2 = mysql_query($getpoll); 105 $getpoll2 = mysql_query($getpoll);
106 $getpoll3 = mysql_fetch_array($getpoll2); 106 $getpoll3 = mysql_fetch_array($getpoll2);
107 107
108 $template->add('QUESTIONVALUE', $getpoll3['question']); 108 $template->add('QUESTIONVALUE', htmlentities($getpoll3['question']));
109 $template->add('OPTION1VALUE', $getpoll3['option1']); 109 $template->add('OPTION1VALUE', htmlentities($getpoll3['option1']));
110 $template->add('OPTION2VALUE', $getpoll3['option2']); 110 $template->add('OPTION2VALUE', htmlentities($getpoll3['option2']));
111 $template->add('OPTION3VALUE', $getpoll3['option3']); 111 $template->add('OPTION3VALUE', htmlentities($getpoll3['option3']));
112 $template->add('OPTION4VALUE', $getpoll3['option4']); 112 $template->add('OPTION4VALUE', htmlentities($getpoll3['option4']));
113 $template->add('TEXTVALUE', $getpoll3['text']); 113 $template->add('TEXTVALUE', $getpoll3['text']);
114} 114}
115 115