diff options
Diffstat (limited to 'admin/editPoll.php')
-rw-r--r-- | admin/editPoll.php | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/admin/editPoll.php b/admin/editPoll.php index 3a154a3..425f33c 100644 --- a/admin/editPoll.php +++ b/admin/editPoll.php | |||
@@ -81,21 +81,21 @@ if (isset($_GET['submit'])) | |||
81 | $getpoll2 = mysql_query($getpoll); | 81 | $getpoll2 = mysql_query($getpoll); |
82 | $getpoll3 = mysql_fetch_array($getpoll2); | 82 | $getpoll3 = mysql_fetch_array($getpoll2); |
83 | 83 | ||
84 | $template->add('QUESTIONVALUE', $_POST['question']); | 84 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
85 | $template->add('OPTION1VALUE', $_POST['option1']); | 85 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
86 | $template->add('OPTION2VALUE', $_POST['option2']); | 86 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
87 | $template->add('OPTION3VALUE', $_POST['option3']); | 87 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
88 | $template->add('OPTION4VALUE', $_POST['option4']); | 88 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
89 | $template->add('TEXTVALUE', $_POST['text']); | 89 | $template->add('TEXTVALUE', $_POST['text']); |
90 | } else { | 90 | } else { |
91 | $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; | 91 | $inspoll = "UPDATE polloftheweek SET question = \"" . mysql_real_escape_string($_POST['question']) . "\", option1 = \"" . mysql_real_escape_string($_POST['option1']) . "\", option2 = \"" . mysql_real_escape_string($_POST['option2']) . "\", option3 = \"" . mysql_real_escape_string($_POST['option3']) . "\", option4 = \"" . mysql_real_escape_string($_POST['option4']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; |
92 | $inspoll2 = mysql_query($inspoll); | 92 | $inspoll2 = mysql_query($inspoll); |
93 | 93 | ||
94 | $template->add('QUESTIONVALUE', $_POST['question']); | 94 | $template->add('QUESTIONVALUE', htmlentities($_POST['question'])); |
95 | $template->add('OPTION1VALUE', $_POST['option1']); | 95 | $template->add('OPTION1VALUE', htmlentities($_POST['option1'])); |
96 | $template->add('OPTION2VALUE', $_POST['option2']); | 96 | $template->add('OPTION2VALUE', htmlentities($_POST['option2'])); |
97 | $template->add('OPTION3VALUE', $_POST['option3']); | 97 | $template->add('OPTION3VALUE', htmlentities($_POST['option3'])); |
98 | $template->add('OPTION4VALUE', $_POST['option4']); | 98 | $template->add('OPTION4VALUE', htmlentities($_POST['option4'])); |
99 | $template->add('TEXTVALUE', $_POST['text']); | 99 | $template->add('TEXTVALUE', $_POST['text']); |
100 | 100 | ||
101 | $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); | 101 | $template->adds_block('FLASH', array('TEXT' => 'Your poll has been sucessfully edited. <a href="/poll/' . $_GET['id'] . '.php">View poll</a>.')); |
@@ -105,11 +105,11 @@ if (isset($_GET['submit'])) | |||
105 | $getpoll2 = mysql_query($getpoll); | 105 | $getpoll2 = mysql_query($getpoll); |
106 | $getpoll3 = mysql_fetch_array($getpoll2); | 106 | $getpoll3 = mysql_fetch_array($getpoll2); |
107 | 107 | ||
108 | $template->add('QUESTIONVALUE', $getpoll3['question']); | 108 | $template->add('QUESTIONVALUE', htmlentities($getpoll3['question'])); |
109 | $template->add('OPTION1VALUE', $getpoll3['option1']); | 109 | $template->add('OPTION1VALUE', htmlentities($getpoll3['option1'])); |
110 | $template->add('OPTION2VALUE', $getpoll3['option2']); | 110 | $template->add('OPTION2VALUE', htmlentities($getpoll3['option2'])); |
111 | $template->add('OPTION3VALUE', $getpoll3['option3']); | 111 | $template->add('OPTION3VALUE', htmlentities($getpoll3['option3'])); |
112 | $template->add('OPTION4VALUE', $getpoll3['option4']); | 112 | $template->add('OPTION4VALUE', htmlentities($getpoll3['option4'])); |
113 | $template->add('TEXTVALUE', $getpoll3['text']); | 113 | $template->add('TEXTVALUE', $getpoll3['text']); |
114 | } | 114 | } |
115 | 115 | ||