post.php at Matt's March Madness

<?php
include 'functions.php';
validatecookie();
include("database.php");


function update_paid($paiddata, $key)
{
    global $db;
		$query = "UPDATE brackets SET paid='$paiddata' WHERE id=$key";
		mysql_query($query,$db);
}

if($_GET['action'] == "post")
{
	$_POST['title'] = str_replace("'","''",$_POST['title']);
	$_POST['subtitle'] = str_replace("'","''",$_POST['subtitle']);
	$_POST['content'] = str_replace("'","''",$_POST['content']);  
	$query = "INSERT INTO `blog` (title,subtitle,content) VALUES ('$_POST[title]','$_POST[subtitle]','$_POST[content]')";
	mysql_query($query,$db);
}

else if($_GET['action'] == "delete")
{
	$query = "DELETE FROM `blog` WHERE id='$_POST[post]'";
	mysql_query($query,$db);
}

else if($_GET['action'] == "rules")
{
	$_POST['rules'] = str_replace("'","''",$_POST['rules']);
	$query = "UPDATE `meta` SET `rules`='$_POST[rules]' WHERE id=1";
	mysql_query($query,$db);
}
else if($_GET['action'] == "paid")
{
  array_walk($_POST, 'update_paid');
}

header( 'Location: index.php' );

?>