part of the problem is in hand coding the where clause for the recordset rather than using Dreamweaver to create the filter.
change:
$testid=$_GET['testid'];
to:
$testid=intval($_GET['testid']);
then look for the following code, you will find it twice:
action="<?php echo $_SERVER["PHP_SELF"]; echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".$_SERVER["QUERY_STRING"]:""; ?>"
and change it to:
action="<?php echo $_SERVER["PHP_SELF"]; echo (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] != "")?"?".str_replace("\"", ""e;", str_replace(">", ">", str_replace("<", "<", $_SERVER["QUERY_STRING"]))):""; ?>"