Просмотр файла edit.php

<?php
error_reporting(0);
ob_start();
ob_implicit_flush(0);
session_name("sid");
session_start();
require("config.php");
include 'head.php';
if (isset($_SESSION['login']) && isset($_SESSION['pass']))
{
$id=$_REQUEST['id'];
if ($_REQUEST['edit']!=="save") 
{

echo '<div align="center">';

$sql = mysql_query("SELECT*FROM deds WHERE id='$id'");
      while($record = mysql_fetch_array($sql))
   { 
 $ip=$record['ip'];
 $login=$record['login'];  
 $pass=$record['pass'];     
 $os=$record['os'];     
 $proc=$record['proc'];     
 $ram=$record['ram'];     
 $down=$record['down'];     
 $up=$record['up'];     
 $cash=$record['cash'];     
 $country=$record['country'];
 $link=$record['link'];
 }
  
echo '<table class="table"><tr><td>';
echo '<form action="?id='.$id.'&edit=save" method="post" name="form">';
  echo 'ip';
  echo '<p><input name="ip" type="text" maxlength="300" value="'.$ip.'" />';
  echo '<p>Логин';
  echo '<p><input name="login" type="text" maxlength="300" value="'.$login.'" />';
  echo '<p>Пароль';
  echo '<p><input name="pass" type="text" maxlength="300" value="'.$pass.'" />';
  echo '<p>Страна';
  echo '<p><input name="country" type="text" maxlength="300" value="'.$country.'" />';
  echo '<p>Версия ОС';
  echo '<p><input name="os" type="text" maxlength="300" value="'.$os.'" />';
  echo '<p>Проц';
  echo '<p><input name="proc" type="text" maxlength="300" value="'.$proc.'" />';  
  echo '<p>ОЗУ';
  echo '<p><input name="ram" type="text" maxlength="300" value="'.$ram.'" />';  
  echo '<p>Входящая'; 
  echo '<p><input name="down" type="text" maxlength="300" value="'.$down.'" />';
  echo '<p>Исходящая'; 
  echo '<p><input name="up" type="text" maxlength="300" value="'.$up.'" />';
  echo '<p>Цена'; 
  echo '<p><input name="cash" type="text" maxlength="300" value="'.$cash.'" />';
   echo '<p>Ссылка для покупки';
  echo '<p><input name="link" type="text" maxlength="300" value="'.$link.'" />';
 echo '<p><input name="submit" type="submit" value="Сохранить" /></form></div>';
  echo '</td></tr>';
  
  }
if ($_REQUEST['edit']=="save") 
{ 
 $ip = htmlspecialchars(mysql_real_escape_string($_POST['ip'])); 
 $login = htmlspecialchars(mysql_real_escape_string($_POST['login']));
 $pass = htmlspecialchars(mysql_real_escape_string($_POST['pass']));
 $os = htmlspecialchars(mysql_real_escape_string($_POST['os']));
 $proc = htmlspecialchars(mysql_real_escape_string($_POST['proc']));
 $ram = htmlspecialchars(mysql_real_escape_string($_POST['ram']));
 $down = htmlspecialchars(mysql_real_escape_string($_POST['down']));
 $up = htmlspecialchars(mysql_real_escape_string($_POST['up']));
 $cash = htmlspecialchars(mysql_real_escape_string($_POST['cash']));
  $country = htmlspecialchars(mysql_real_escape_string($_POST['country']));
  $link = htmlspecialchars(mysql_real_escape_string($_POST['link']));
 mysql_query("UPDATE deds SET ip='$ip', login='$login', pass='$pass' WHERE id='$id'");
 mysql_query("UPDATE deds SET os='$os', proc='$proc', ram='$ram' WHERE id='$id'");
 mysql_query("UPDATE deds SET down='$down', up='$up', cash='$cash' WHERE id='$id'");
 mysql_query("UPDATE deds SET country='$country', link='$link' WHERE id='$id'");
echo '<div class="b">';
echo 'Изменено успешно!(id='.$id.')<p>'; 
echo '<a href="admin.php">В админку</a>';
echo '</div>';
 
}
}
else {

echo '<div class="err">Вы не авторизированы!<p><a href="/login.php"><b>Войти</b></a></div>';
}

include_once 'foot.php';
?>