I don't see an obvious issue. It could be something with the session variables not being stored or referenced properly. I don't think your site was hacked... there are no signs of that.
You do realize your form action is pointing to a different page right? a-pages_Update.php
That is the page where the code is running. Maybe you wanted the action to be set to the current page? That might explain the problem... the update code on this page wouldn't even be running.