Untitled

<?php
session_start();
if(!$logged) echo '<meta http-equiv="Refresh" content="0 URL=../index.php">';
else{
include_once("config.php");
if($logged and $_POST[submit]=="promjeni")
    {
        $subject=$_POST['Subject'];
        $newsid=$_POST['id'];
        $text=$_POST['txt'];
        $edited_by=$_SESSION['username'];
        $sql="UPDATE news_topic SET Subject='$subject', txt='$text', edited_by='$edited_by', last_edit=NOW() WHERE id='$newsid'";
        $result=mysql_query($sql,$connect);
        if(!$result) echo "Cannot make entry. Please try again";
        else echo "News added";
    }
if($logged and !isset($_POST[Title])){
echo "<form method=\"post\" action=\"\"><select name=\"Title\">";
$user=$_SESSION[user][username];
if($_SESSION[user][lvl]==1){$sql2="SELECT Subject FROM news_topic where posted_by='$user' order by id DESC";}
else $sql2="SELECT Subject,posted_by FROM news_topic order by id DESC";
$result=mysql_query($sql2,$connect);
    while($edit = mysql_fetch_assoc($result))
            {
            echo "<option value=\"" . $edit[Subject] . "\">" . $edit[Subject] . "</option>";
            }

echo"</select><input type=\"submit\" name=\"sub\" value=\"Promjeni\">
</form>";}?>
<?php
if($logged and isset($_POST[Title]))
{
$title=$_POST[Title];
$sql2="SELECT id,Subject,txt FROM news_topic where Subject='$title'";
$result=mysql_query($sql2,$connect);
$edit=mysql_fetch_assoc($result);
echo '<form method="post" action=""><input type="hidden" name="id" value="'. $edit['id'] . '">';
echo 'Naslov: <input name="Subject" size="40" maxlength="255" value="' . $edit[Subject] . '"><br />';
echo 'Text:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <textarea name="txt"  rows="7" cols="30">' . $edit[txt] .'</textarea><br />';
echo '<input type="submit" name="submit" value="promjeni"></form>';
}
              }

?>