For each of my blog entries, I want to be able to click a link underneath it and for it to open a page with a form to edit the message. When clicking the link, it takes the user to www.abc.com/blog.php?edit= and then has the blog entries id number. So far, I've tried to retrieve the data from the database and have it in a text area ready for editting, this is my code:


if ((isset ($_GET['edit'])) && (preg_match('|[0-9]+|', $_GET['edit']))){


$id = mysql_real_escape_string($_GET['blog']);

$sql ="SELECT * FROM messages WHERE id=$id";
$queryResult=mysql_query($sql);
if (mysql_num_rows($queryResult) == 1) {
$dbRecord = mysql_fetch_assoc ($queryResult);


echo "<form action=\"$change\" method=\"post\">";
echo "<p>{dbRecord['title']}</p>";
echo "<textarea name=\"query\" rows=\"5\" cols=\"60\">{$dbRecord['message']}</textarea>";
echo "<input type=\"submit\" value=\"submit\">";
echo "</form> ";

}

It's currently giving an error that I can't fix, about the supplied argument is not a valid MySQL result resource. Any help with this function would be great, thanks.

Looks like just few minor syntax errors. Mainly you are trying to get the blog variable instead of the edit for the $id.

$id = mysql_real_escape_string($_GET['blog']);

// Should be...
$id = mysql_real_escape_string($_GET['edit']);



if ((isset ($_GET['edit'])) && (preg_match('|^[0-9]+$|i', $_GET['edit']))){
$id = mysql_real_escape_string($_GET['edit']);
$sql ="SELECT * FROM `messages` WHERE `id`=$id";
$queryResult = @mysql_query ($sql);
if (mysql_num_rows ($queryResult) == 1) {
$dbRecord = mysql_fetch_assoc ($queryResult);
echo "<form action=\"$change\" method=\"post\">";
echo "<p>{$dbRecord['title']}</p>";
echo "<textarea name=\"query\" rows=\"5\" cols=\"60\">{$dbRecord['message']}</textarea>";
echo "<input type=\"submit\" value=\"submit\">";
echo "</form> ";
}
}

Thanks for the reply, that's working great. Now all I need is for the database entry to be updated when the user clicks submit. I'm guessing I would have to make a seperate php file that it directs to when submit is clicked, and would possibly be similar to code that adds to the database but has CHANGE in there somewhere?

I'm guessing I would have to make a seperate php file that it directs to when submit is clicked Not really. You could submit to the same page and write another condition based on the submitted data,
echo "<input type=\"submit\" value=\"submit\" name=\"submit\">";
if(isset($_POST['submit'])){
//code to update post here.
}

I'm almost there now, when the form is submitted, it uses POST to transfer the data held in $_POST['editid'], $_POST['edittitle'], and $_POST['editmessage'].

Now all I need is the mysql command to change the title to edittitle and message to editmessage where id = editid. I tried the following code, but it keeps throwing an error.

if(isset($_POST['submitedit'])){

$result = mysql_query("UPDATE messages SET message='{$_POST['editmessage']}' WHERE id='{[$_POST['editid']}'");
or die(mysql_error()); }



Anyone know the command?

Try if(isset($_POST['submitedit'])){

$result = mysql_query("UPDATE messages SET message='{$_POST['editmessage']}', title={$_POST['edittitle']} WHERE id='{$_POST['editid']}'") or die(mysql_error());
}

(assuming you've named your submit buttons as submitedit )

PS: Your query is susceptible to sql injection (http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php)

Thanks. I'm not too bothered about sql injection as the website is for a university assignment, and won't be actually holding any important data, nor will anyone actually know the url to it apart from me, but thanks anyway.

Thanks. I'm not too bothered about sql injection as the website is for a university assignment, and won't be actually holding any important data, nor will anyone actually know the url to it apart from me, but thanks anyway.But still, if you submit any title or message having characters like single-quotes,double-quotes etc, your query will fail.