I made a form to edit data from a database, but something just went wron, the values catched from the databse are also posted above the form. But i definitly dont know why? If I remove the value='phpcode', then everything is ok, so are there any xhtml mistakes or why is this happening
else if ($_GET['site'] == "edit") {
if ($_GET['id'] == "" && !isset($_GET['id'])) {
$content = "Dieser Eintrag existiert nicht!";
} else {
$editfailed = 0;
$editsuccess = false;
if (isset($_POST['submit']) && $_POST['submit'] == "Speichern") {
if ($_POST['enterprise'] == "" && $_POST['category'] == "" && $_POST['type'] == "" && $_POST['editenterprise_pw'] == "") {
$editfailed = 1;
} else {
$enterprise = $mysqli->real_escape_string(rawurldecode($_POST['enterprise']));
$category = $mysqli->real_escape_string(rawurldecode($_POST['category']));
$type = $mysqli->real_escape_string(rawurldecode($_POST['type']));
$result = $mysqli->query("SELECT * FROM `enterprises` WHERE `name` = '" . $enterprise . "'");
$result2 = $mysqli->query("SELECT * FROM `categories` WHERE `name` = '" . $category . "'");
$result3 = $mysqli->query("SELECT * FROM `types` WHERE `name` = '" . $type . "'");
if ($result->num_rows == 1 && $result2->num_rows == 1 && $result3->num_rows == 1) {
$user = $mysqli->real_escape_string(en_crypt($_POST['editenterprise_login']));
$pw = $mysqli->real_escape_string(en_crypt($_POST['editenterprise_pw']));
$host = $mysqli->real_escape_string(en_crypt($_POST['editenterprise_host']));
$comment = $mysqli->real_escape_string(en_crypt($_POST['editenterprise_comment']));
$mysqli->query("UPDATE `entries` SET `enterprise` = '$enterprise', `category` = '$category', `type` = '$type', `user` = '$user', `password` = '$pw', `url` = '$host', `comment` = '$comment' WHERE `id` = '" . $mysqli->real_escape_string($_GET['id']) . "'");
}
$result->close();
$result2->close();
$result3->close();
}
}
$result = $mysqli->query("SELECT * FROM `entries` WHERE `id` = '" . $mysqli->real_escape_string($_GET['id']) . "'");
if ($result->num_rows == 1) {
$row = $result->fetch_object();
$content =
"<form method='POST' action='main.php?site=edit&id=$row->id'>
<table class='viewtable'>
<tr align='center'>
<th colspan='2'>
<select name='enterprise' id='enterprise'>";
$content = $content . "<option value='" . rawurlencode($row->enterprise) . "'>$row->enterprise</option>";
//Lade Firmen
$result = $mysqli->query("SELECT * FROM enterprises WHERE `name` != '" . $row->enterprise . "' ORDER BY `name`");
while ($rowe = $result->fetch_object()) {
$content = $content . "<option value=" . rawurlencode($rowe->name) . ">" . $rowe->name . "</option>";
}
$result->close();
$content = $content .
"</select>
<select name='category' id='category' onChange='getType(this.value)'>";
//Erstelle Kategorien Filter
$content = $content . "<option value='" . rawurlencode($row->category) . "'>$row->category</option>";
//Lade Kategorien
$result = $mysqli->query("SELECT * FROM categories WHERE `name` != '" . $row->category . "' ORDER BY `name`");
while ($rowc = $result->fetch_object()) {
$content = $content . "<option value=" . rawurlencode($rowc->name) . ">" . $rowc->name . "</option>";
}
$result->close();
//Erstelle Typ Filter
$content = $content .
"</select>
<select name='type' id='type'>";
$content = $content . "<option value='" . rawurlencode($row->type) . "'>" . $row->type . "</option>";
//Lade Typ Filter
$result = $mysqli->query("SELECT `name` FROM types WHERE `category` = '" . $row->category . "'");
while ($rowt = $result->fetch_object()) {
$content = $content . "<option value=" . rawurlencode($rowt->name) . ">" . $rowt->name . "</option>";
}
$result->close();
//Schließe Filter
$content = $content .
"</select>
</th></tr>
<tr>
<td align='right' class='edit_header'>Host/Url:</td>
<td>
<input type='text' name='editenterprise_host' size='80' class='edit_inputbox' value='" . de_crypt($row->host) . "'/></td>
</tr>
<tr>
<td align='right' class='edit_header'>Login:</td>
<td><input type='text' name='editenterprise_login' size='80' class='edit_inputbox' value='" . de_crypt($row->user) . "'/></td>
</tr>
<tr>
<td align='right' class='edit_header'>Passwort:</td>
<td><input type='text' name='editenterprise_pw' size='80' class='edit_inputbox' value='" . de_crypt($row->password) . "'/></td>
</tr>
<tr>
<td align='right' class='edit_header'>Kommentar:</td>
<td><textarea type='text' name='editenterprise_comment' size='80' class='edit_inputbox'>" . de_crypt($row->comment) . "</textarea></td>
</tr>
<tr>
<td colspan='2' align ='right'><input type='submit' name='submit' value='Speichern'/></td>
</tr>
</table>
</form>";
}
}
}
