I am having a bizare problem where I have a script that works elsewhere on the site but refuses to work for me now. The problem is exclusive to IE, it works fine in Mozilla. Below is the form:
<form class="element_form" action="general_image.php" method="post">
<?php generate_input('hidden', '', 'id', $id);?>
<input type="image" src="../images/delete.gif" name="action" value="delete" class="button" />
<input type="image" src="../images/tick.gif" name="action" value="active_switch" class="button" />
</form>
Here is the code that is supposed to work:
<?php
include('header.php');
$db->connect();
$table = 'general_image';
$page = 'general';
$region = $_SESSION['region'];
$action = $secure->secure_string($_REQUEST['action']);
$id = $secure->secure_string($_POST['id']);
$max_active = 1;
if($action == 'active_switch' || $action == 'delete'){
$response = array();
$response['action'] = $action;
$response['id'] = $id;
if($action == 'active_switch'){
$query = 'SELECT * FROM general WHERE region = "' . $region . '"';
$result = mysql_query($query);
if(!$result) {
$utility->fail($action, 'query error: ' . $query);
}else{
$row = mysql_fetch_assoc($result);
$already_active = false;
$active = '';
if($id == $row['fifi']){
$already_active = true;
}
$active .= $row['fifi'];
$response['results'] = $active;
if(!$already_active){
$update = '';
$active = '';
$update .= 'fifi="' . $id . '"';
$active .= $id;
$query = 'UPDATE general SET ' . $update . ' WHERE region = "' . $region . '"';
$response['results'] = $active;
}else{
$utility->redirect($page . '.php');
}
}
}elseif($action == 'delete') {
$query = "DELETE FROM $table WHERE id=" . $id;
}
echo $query . "hello";
if(!mysql_query($query)) {
$utility->fail($action, 'query error: ' . $query);
}
If someone could tell me what I'm doing wrong that would be great. Thanks
EDIT
$action = $secure->secure_string does the following:
function secure_string($string)
{
return (strip_tags(addslashes(mysql_real_escape_string(stripslashes($string)))));
}