Untitled

<?php
/*
 EDIT.PHP
 Allows user to edit specific entry in database
*/

 // creates the edit record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($id, $username, $foldername, $location, $caption, $name, $error)
 {
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
  <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1">
 <title>Admin User Fodler Delete Record</title>
 </head>
 <body>
 <?php
 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 }
 ?>

 <form action="" method="post">
 <input type="hidden" name="userfolderid" value="<?php echo $id; ?>"/>
 <div>
 <p><strong>ID:</strong> <?php echo $id; ?></p>
 <strong>UserName: *</strong> <input type="text" name="username" value="<?php echo $username; ?>"/><br/>
 <strong>FolderName: *</strong> <input type="text" name="foldername" value="<?php echo $foldername; ?>"/><br/>
 <strong>Location: *</strong> <input type="text" name="location" value="<?php echo $location; ?>"/><br/>
 <strong>Caption: *</strong> <input type="text" name="caption" value="<?php echo $caption; ?>"/><br/>
 <strong>File Name: *</strong> <input type="text" name="name" value="<?php echo $name; ?>"/><br/>
 <p>* Required</p>

 <input type="submit" name="submit" value="Delete">
 </div>
 </form>
 </body>
 </html>
 <?php
 }


 // connect to the database
 include('includes/connection.php');

 // check if the form has been submitted. If it has, process the form and save it to the database
 if (isset($_POST['submit']))
 {
 // confirm that the 'id' value is a valid integer before getting the form data
 if (is_numeric($_POST['userfolderid']))
 {
 // get form data, making sure it is valid
 $id = $_POST['userfolderid'];
 $username = mysql_real_escape_string(htmlspecialchars($_POST['username']));
 $foldername = mysql_real_escape_string(htmlspecialchars($_POST['foldername']));
 $location = mysql_real_escape_string(htmlspecialchars($_POST['location']));
 $caption = mysql_real_escape_string(htmlspecialchars($_POST['caption']));
 $name = mysql_real_escape_string(htmlspecialchars($_POST['name']));


 // check that firstname/lastname fields are both filled in
 if ($foldername == '' || $username == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';

 //error, display form
 renderForm($id, $username, $foldername, $location, $caption, $name, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("DELETE FROM userfolders WHERE userfolderid='$id'")
 or die(mysql_error());

 // once saved, redirect back to the view page
 header("Location: admin-user-folder-details.php");
 }
 }
 else
 {
 // if the 'id' isn't valid, display an error
 echo 'Error!';
 }
 }
 else
 // if the form hasn't been submitted, get the data from the db and display the form
 {

 // get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
 if (isset($_GET['userfolderid']) && is_numeric($_GET['userfolderid']) && $_GET['userfolderid'] > 0)
 {
 // query db
 $id = $_GET['userfolderid'];
 $result = mysql_query("SELECT * FROM userfolders WHERE userfolderid=$id")
 or die(mysql_error());
 $row = mysql_fetch_array($result);

 // check that the 'id' matches up with a row in the databse
 if($row)
 {

 // get data from db
 $username = $row['username'];
 $foldername = $row['foldername'];
 $location = $row['location'];
 $caption = $row['caption'];
 $name = $row['name'];
 // show form
 renderForm($id, $username, $foldername, $location, $caption, $name, '');
 }
 else
 // if no match, display result
 {
 echo "No results!";
 }
 }
 else
 // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
 {
 echo 'Error!';
 }
 }
?>