...

View Full Version : Edit record help



PRodgers4284
03-05-2008, 02:10 PM
I am trying to populate an edit form with a record from a mysql database, i have a view record page with an edit option which gets the username and id assigned to the record and this should then populate the edit record form with the record selected. Im have used a link to the edit page which is:


<?php echo "<a href='editjob.php?username=$username&id=$id'>Edit/Update Job</a>"?>

The username and id is being selected but i cant same to get it to populate the edit form with the record. Can anyone help?

My code for the edit page is:


<?php
if (isset($_POST['submit'])) {

$username = $_GET['username'];
$id = $_GET['id'];

$error_stat = 0;
$jobtitle_message = '';
$jobcatergory_message = '';
$joblocation_message = '';
$employmenttype_message = '';
$salary_message = '';
$date_message = '';
$educationallevel_message = '';
$description_message = '';
$filesize_message = '';
$filetype_message = '';

$jobtitle = trim($_POST['jobtitle']);
$jobcatergory = trim($_POST['jobcatergory']);
$joblocation = trim($_POST['joblocation']);
$employmenttype = trim($_POST['employmenttype']);
$salary = trim($_POST['salary']);
$date = trim($_POST['date']);
$educationallevel = trim($_POST['educationallevel']);
$description = trim($_POST['description']);

//Error checking



// Job Title check)
if (!$jobtitle) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$jobtitle_message = '*Please enter a job title*';
}

else if (ctype_digit($jobtitle)) {
$error_stat = 1;
$jobtitle_message .= '*Invalid Job Title*';
}

else if ( preg_match( '/\W/', $jobtitle)){
$error_stat = 1;
$jobtitle_message = '*Invalid jobtitle, letters only, no spaces*';

}

$jobtitle = $_POST['jobtitle'];
$jobtitle = trim($jobtitle);

if (strlen($jobtitle) > 30){
$error_stat = 1;
$jobtitle_message = '*Job Title must be 20 characters or less*';
}






// Job Catergory Check)
if ($jobcatergory == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$jobcatergory_message = '*Please select a Job Catergory*';
}





// Job Location Check)
if ($joblocation == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$joblocation_message = '*Please select a Job location*';
}


// Employment Type Check)
if ($employmenttype == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$employmenttype_message = '*Please select Employment type*';
}





// Salary check)
if (!$salary) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$salary_message = '*Please enter job salary*';
}

else if (!ctype_digit($salary)) {
$error_stat = 1;
$salary_message .= '*Invalid salary*';
}




//Date check)
if (empty($date)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a dob
$date_message = '*Please enter job closing date*';
}

//Check the format and explode into $parts
elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$",
$date, $parts)){
$error_stat = 1;

//Set the message to tell the user the date is invalid
$date_message = '*Invalid date, must be DD/MM/YYYY format*';
}

elseif (!checkdate($parts[2],$parts[1],$parts[3]))
{
$error_stat = 1;

//Set the message to tell the date is invalid for the month entered
$date_message = '*Invalid date, month must be between 1-12*';
}


// Job Description check)
if (!$description) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$description_message = '*Please enter a job description*';
}

$description = $_POST['description'];
$description = trim($description);

if (strlen($description) > 150){
$error_stat = 1;
$description_message = '*Job Title must be 150 characters or less*';
}




// Educational Level Check)
if ($educationallevel == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$educationallevel_message = '*Please select Educational level required*';
}


if( $_FILES['userfile']['size'] > 2000000 ){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$filesize_message = '*Filesize too large *';

}

$fileTypes = array("application/pdf", "application/msword");

if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) ){
$error_stat = 1;
$filetype_message = '*Filetype not allowed *';

}




$uploadDir = 'applicationforms/';

if (isset($_POST['submit']) && $error_stat == 0) {


$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

// the files will be saved in filePath
$filePath = $uploadDir . $fileName;

// move the files to the specified directory
// if the upload directory is not writable or
// something else went wrong $result will be false
$result = move_uploaded_file($tmpName, $filePath);


include("database.php");

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
}



mysql_query("UPDATE job SET username='" . $_POST["username"] . "',jobtitle='" . $_POST["jobtitle"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',joblocation='" . $_POST["joblocation"] . "',employmenttype='" . $_POST["employmenttype"] . "',salary='" . $_POST["salary"] . "',date='" . $_POST["date"] . "',educationallevel='" . $_POST["educationallevel"] . "',description='" . $_POST["description"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='$username' AND id='$id'");

?>

<br />
<a href="index.php">Back to main page</a>
<br />
<br />
<br />
The Job record has been successfully updated.
<?php
}
else
{
$account = mysql_fetch_array(mysql_query("SELECT * FROM job WHERE username='$username' AND id='$id'"))
?>
<form method="post" class="addform" action="" enctype="multipart/fom-data">
<fieldset>
<label for="cvtitle">Edit Job</label><fieldset>
<p align="right">&nbsp;</p>
</fieldset>
<label for="username">Username:</label>
<input readonly name="username" type="text" id="username" value="<?php echo $_SESSION["username"]; ?>" /><br />
</fieldset>

<hr class="hr_blue"/>

<fieldset>
<label for="jobtitle">Job Title:</label>
<input name="jobtitle" type="text" id="jobtitle" value="<?php echo $account['jobtitle']; ?>"/>
<span class="redboldtxt"><?php echo "$jobtitle_message";?></fieldset></span>


<fieldset>
<label for="jobcatergory">Job Catergory:</label><p></p>
<select name="jobcatergory">
<option value="Please Select">Please Select</option>
<?php
$jobcatergory_opts = array(
"Accountancy and Finance",
"Banking and Insurance",
"Construction",
"Customer Service",
"Engineering",
"Management",
"Hotel and Catering",
"Information Technology",
"Legal",
"Marketing",
"Medical",
"Retail",
"Sales",
"Secretarial",
"Transport and Distribution",
"Working from home",
);
foreach($jobcatergory_opts as $opt){
$selected = $account['jobcatergory'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$jobcatergory_message";?><?php echo $error['jobcatergory']; ?></span></fieldset>

<fieldset>
<label for="joblocation">Location:</label>
<p></p>
<select name="joblocation">
<option value="Please Select">Please Select</option>
<?php
$joblocation_opts = array(
"Co.Antrim",
"Co.Armagh",
"Co.Down",
"Co.Fermanagh",
"Co.Londonderry",
"Co.Tyrone",
);
foreach($joblocation_opts as $opt){
$selected = $account['joblocation'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$joblocation_message";?><?php echo $error['joblocation']; ?></span></fieldset>


<fieldset>
<label for="employmenttype">Job Type:</label><p></p>
<select name="employmenttype">
<option value="Please Select">Please Select</option>
<?php
$employmenttype_opts = array(
"permanent fulltime",
"permanent parttime",
"temporary fulltime",
"temporary parttime",
);
foreach($employmenttype_opts as $opt){
$selected = $account['employmenttype'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$employmenttype_message";?><?php echo $error['employmenttype']; ?></span></fieldset>


<fieldset>
<label for="salary">Salary:</label>
<input name="salary" type="text" id="salary" value="<?php echo $account['salary']; ?>"/>
<span class="redboldtxt"><?php echo "$salary_message";?></span></fieldset>

<fieldset>
<label for="date">Closing Date:</label>
<input name="date" type="text" id="date" value="<?php echo $account['date']; ?>"/>
<span class="redboldtxt"><?php echo "$date_message";?></span></fieldset>


<fieldset>
<label for="educationallevel">Qualification Level Required:</label><p></p>
<select name="educationallevel">
<option value="Please Select">Please Select</option>
<?php
$educationallevel_opts = array(
"GCSE",
"A-Level",
"Third Level Certification",
"Third Level Diploma",
"Third Level Degree",
"Post Graduate Qualification",
"Masters",
"PHD",
"Professional Qualification",
"Part Professional Qualification",
"Trade Qualification",
);
foreach($educationallevel_opts as $opt){
$selected = $account['educationallevel'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$educationallevel_message";?><?php echo $error['educationallevel']; ?></span></fieldset>

<hr class="hr_blue"/>

<fieldset>
Job Description -<br />
</fieldset>

<fieldset>
<textarea rows="2" name="description" cols="20"><?php echo $account["description"]; ?></textarea><p></p>
<span class="redboldtxt"><?php echo "$description_message";?></span></fieldset>

Upload Application Form</label>
<input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" class="box" id="userfile">
<span class="redboldtxt"><?php echo "$filesize_message";?></span>
<span class="redboldtxt"><?php echo "$filetype_message";?></span>
</fieldset>

<p></p>
<fieldset>
<p class="submit"><input type="submit" name="submit" value="Edit Job" />

</fieldset>
</form>

_Aerospace_Eng_
03-05-2008, 02:49 PM
Again you have no error checking. You are really getting into a bad habit of not doing this. Change this

$account = mysql_fetch_array(mysql_query())
to this


$sql = "SELECT * FROM job WHERE username='$username' AND id='$id'";
$result = mysql_query($sql) or die(mysql_error());
$account = mysql_fetch_array($result)

Also check the url to make sure username and id are actually set properly.

PRodgers4284
03-05-2008, 03:03 PM
Again you have no error checking. You are really getting into a bad habit of not doing this. Change this

$account = mysql_fetch_array(mysql_query())
to this


$sql = "SELECT * FROM job WHERE username='$username' AND id='$id'";
$result = mysql_query($sql) or die(mysql_error());
$account = mysql_fetch_array($result)

Also check the url to make sure username and id are actually set properly.

Hi Aerospace thanks for the reply, i am aware of the error checking issue, i intend to change this once i get the edit record populating the form, appreciate your help on this.

PRodgers4284
03-05-2008, 08:50 PM
I still cant get the code to populate the edit form with the record, ive tried everything i cant think of, can anyone please help?

_Aerospace_Eng_
03-05-2008, 09:26 PM
I guess you don't see the point I'm trying to make. The point I'm making is your query could be failing. If its then your form won't be populated. Post your new code please.

PRodgers4284
03-05-2008, 09:58 PM
I guess you don't see the point I'm trying to make. The point I'm making is your query could be failing. If its then your form won't be populated. Post your new code please.

Aerospace there are no errors appearing, the form is just not being populated.

My code for the edit page is:


<?php
$username = $_GET['username'];
$id = $_GET['id'];

if (isset($_POST['submit'])) {

$error_stat = 0;
$jobtitle_message = '';
$jobcatergory_message = '';
$joblocation_message = '';
$employmenttype_message = '';
$salary_message = '';
$date_message = '';
$educationallevel_message = '';
$description_message = '';
$filesize_message = '';
$filetype_message = '';

$jobtitle = trim($_POST['jobtitle']);
$jobcatergory = trim($_POST['jobcatergory']);
$joblocation = trim($_POST['joblocation']);
$employmenttype = trim($_POST['employmenttype']);
$salary = trim($_POST['salary']);
$date = trim($_POST['date']);
$educationallevel = trim($_POST['educationallevel']);
$description = trim($_POST['description']);

//Error checking



// Job Title check)
if (!$jobtitle) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$jobtitle_message = '*Please enter a job title*';
}

else if (ctype_digit($jobtitle)) {
$error_stat = 1;
$jobtitle_message .= '*Invalid Job Title*';
}

else if ( preg_match( '/\W/', $jobtitle)){
$error_stat = 1;
$jobtitle_message = '*Invalid jobtitle, letters only, no spaces*';

}

$jobtitle = $_POST['jobtitle'];
$jobtitle = trim($jobtitle);

if (strlen($jobtitle) > 30){
$error_stat = 1;
$jobtitle_message = '*Job Title must be 20 characters or less*';
}






// Job Catergory Check)
if ($jobcatergory == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$jobcatergory_message = '*Please select a Job Catergory*';
}





// Job Location Check)
if ($joblocation == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$joblocation_message = '*Please select a Job location*';
}


// Employment Type Check)
if ($employmenttype == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$employmenttype_message = '*Please select Employment type*';
}





// Salary check)
if (!$salary) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$salary_message = '*Please enter job salary*';
}

else if (!ctype_digit($salary)) {
$error_stat = 1;
$salary_message .= '*Invalid salary*';
}




//Date check)
if (empty($date)) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a dob
$date_message = '*Please enter job closing date*';
}

//Check the format and explode into $parts
elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$",
$date, $parts)){
$error_stat = 1;

//Set the message to tell the user the date is invalid
$date_message = '*Invalid date, must be DD/MM/YYYY format*';
}

elseif (!checkdate($parts[2],$parts[1],$parts[3]))
{
$error_stat = 1;

//Set the message to tell the date is invalid for the month entered
$date_message = '*Invalid date, month must be between 1-12*';
}


// Job Description check)
if (!$description) {
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$description_message = '*Please enter a job description*';
}

$description = $_POST['description'];
$description = trim($description);

if (strlen($description) > 150){
$error_stat = 1;
$description_message = '*Job Title must be 150 characters or less*';
}




// Educational Level Check)
if ($educationallevel == 'Please Select'){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$educationallevel_message = '*Please select Educational level required*';
}


if( $_FILES['userfile']['size'] > 2000000 ){
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$filesize_message = '*Filesize too large *';

}

$fileTypes = array("application/pdf", "application/msword");

if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) ){
$error_stat = 1;
$filetype_message = '*Filetype not allowed *';

}




$uploadDir = 'applicationforms/';

if (isset($_POST['submit']) && $error_stat == 0) {


$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

// the files will be saved in filePath
$filePath = $uploadDir . $fileName;

// move the files to the specified directory
// if the upload directory is not writable or
// something else went wrong $result will be false
$result = move_uploaded_file($tmpName, $filePath);


include("database.php");

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}


$update = mysql_query("UPDATE job SET jobtitle='" . $_POST["jobtitle"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',joblocation='" . $_POST["joblocation"] . "',employmenttype='" . $_POST["employmenttype"] . "',salary='" . $_POST["salary"] . "',date='" . $_POST["date"] . "',educationallevel='" . $_POST["educationallevel"] . "',description='" . $_POST["description"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='$username' AND id='$id'");


?>

<br />
<a href="index.php">Back to main page</a>
<br />
<br />
<br />
The Job record has been successfully updated.
<?php
}
else
{

$sql = "SELECT * FROM job WHERE username='$username' AND id='$id'";
$result = mysql_query($sql) or die(mysql_error());
$account = mysql_fetch_array($result);
}
}

?>
<form method="post" class="addform" action="" enctype="multipart/fom-data">
<fieldset>
<label for="cvtitle">Edit Job</label><fieldset>
<p align="right">&nbsp;</p>
</fieldset>
<label for="username">Username:</label>
<input readonly name="username" type="text" id="username" value="<?php echo $_SESSION["username"]; ?>" /><br />
</fieldset>

<hr class="hr_blue"/>

<fieldset>
<label for="jobtitle">Job Title:</label>
<input name="jobtitle" type="text" id="jobtitle" value="<?php echo $account['jobtitle']; ?>"/>
<span class="redboldtxt"><?php echo "$jobtitle_message";?></fieldset></span>


<fieldset>
<label for="jobcatergory">Job Catergory:</label><p></p>
<select name="jobcatergory">
<option value="Please Select">Please Select</option>
<?php
$jobcatergory_opts = array(
"Accountancy and Finance",
"Banking and Insurance",
"Construction",
"Customer Service",
"Engineering",
"Management",
"Hotel and Catering",
"Information Technology",
"Legal",
"Marketing",
"Medical",
"Retail",
"Sales",
"Secretarial",
"Transport and Distribution",
"Working from home",
);
foreach($jobcatergory_opts as $opt){
$selected = $account['jobcatergory'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$jobcatergory_message";?><?php echo $error['jobcatergory']; ?></span></fieldset>

<fieldset>
<label for="joblocation">Location:</label>
<p></p>
<select name="joblocation">
<option value="Please Select">Please Select</option>
<?php
$joblocation_opts = array(
"Co.Antrim",
"Co.Armagh",
"Co.Down",
"Co.Fermanagh",
"Co.Londonderry",
"Co.Tyrone",
);
foreach($joblocation_opts as $opt){
$selected = $account['joblocation'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$joblocation_message";?><?php echo $error['joblocation']; ?></span></fieldset>


<fieldset>
<label for="employmenttype">Job Type:</label><p></p>
<select name="employmenttype">
<option value="Please Select">Please Select</option>
<?php
$employmenttype_opts = array(
"permanent fulltime",
"permanent parttime",
"temporary fulltime",
"temporary parttime",
);
foreach($employmenttype_opts as $opt){
$selected = $account['employmenttype'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$employmenttype_message";?><?php echo $error['employmenttype']; ?></span></fieldset>


<fieldset>
<label for="salary">Salary:</label>
<input name="salary" type="text" id="salary" value="<?php echo $account['salary']; ?>"/>
<span class="redboldtxt"><?php echo "$salary_message";?></span></fieldset>

<fieldset>
<label for="date">Closing Date:</label>
<input name="date" type="text" id="date" value="<?php echo $account['date']; ?>"/>
<span class="redboldtxt"><?php echo "$date_message";?></span></fieldset>


<fieldset>
<label for="educationallevel">Qualification Level Required:</label><p></p>
<select name="educationallevel">
<option value="Please Select">Please Select</option>
<?php
$educationallevel_opts = array(
"GCSE",
"A-Level",
"Third Level Certification",
"Third Level Diploma",
"Third Level Degree",
"Post Graduate Qualification",
"Masters",
"PHD",
"Professional Qualification",
"Part Professional Qualification",
"Trade Qualification",
);
foreach($educationallevel_opts as $opt){
$selected = $account['educationallevel'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$educationallevel_message";?><?php echo $error['educationallevel']; ?></span></fieldset>

<hr class="hr_blue"/>

<fieldset>
Job Description -<br />
</fieldset>

<fieldset>
<textarea rows="2" name="description" cols="20"><?php echo $account["description"]; ?></textarea><p></p>
<span class="redboldtxt"><?php echo "$description_message";?></span></fieldset>

Upload Application Form</label>
<input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" class="box" id="userfile">
<span class="redboldtxt"><?php echo "$filesize_message";?></span>
<span class="redboldtxt"><?php echo "$filetype_message";?></span>
</fieldset>

<p></p>
<fieldset>
<p class="submit"><input type="submit" name="submit" value="Add Job" />

</fieldset>
</form>


The username and id seem to be passing ok for each record, i get "http://localhost/Jobs4U/editjob.php?username=&id=7" when i select the record for editing.

_Aerospace_Eng_
03-05-2008, 10:23 PM
Try this, I added session_start(); at the top which you didn't have so sessions weren't being read. I also formatted the php a little better so its easier to read.

<?php
session_start();

// set these to nothing to help prevent sql injection
$username = '';
$id = '';

// set $username to the get variable using mysql_real_escape_string, if it doesn't exist set it to null so the query won't fail.
$username = (isset($_GET['username']) ? mysql_real_escape_string($_GET['username']) : NULL;

// set $id to the get variable using intval so we can be sure that only the int is taken
$id = (isset($_GET['id']) ? intval($_GET['id']) : 1;

if (isset($_POST['submit']))
{
$error_stat = 0;
$jobtitle_message = '';
$jobcatergory_message = '';
$joblocation_message = '';
$employmenttype_message = '';
$salary_message = '';
$date_message = '';
$educationallevel_message = '';
$description_message = '';
$filesize_message = '';
$filetype_message = '';

$jobtitle = trim($_POST['jobtitle']);
$jobcatergory = trim($_POST['jobcatergory']);
$joblocation = trim($_POST['joblocation']);
$employmenttype = trim($_POST['employmenttype']);
$salary = trim($_POST['salary']);
$date = trim($_POST['date']);
$educationallevel = trim($_POST['educationallevel']);
$description = trim($_POST['description']);

//Error checking



// Job Title check)
if (!$jobtitle)
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$jobtitle_message = '*Please enter a job title*';
}
else if (ctype_digit($jobtitle))
{
$error_stat = 1;
$jobtitle_message .= '*Invalid Job Title*';
}
else if ( preg_match( '/\W/', $jobtitle))
{
$error_stat = 1;
$jobtitle_message = '*Invalid jobtitle, letters only, no spaces*';
}

$jobtitle = $_POST['jobtitle'];
$jobtitle = trim($jobtitle);

if (strlen($jobtitle) > 30)
{
$error_stat = 1;
$jobtitle_message = '*Job Title must be 20 characters or less*';
}
// Job Catergory Check)
if ($jobcatergory == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$jobcatergory_message = '*Please select a Job Catergory*';
}

// Job Location Check)
if ($joblocation == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$joblocation_message = '*Please select a Job location*';
}

// Employment Type Check)
if ($employmenttype == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$employmenttype_message = '*Please select Employment type*';
}

// Salary check)
if (!$salary)
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$salary_message = '*Please enter job salary*';
}
else if (!ctype_digit($salary))
{
$error_stat = 1;
$salary_message .= '*Invalid salary*';
}

//Date check)
if (empty($date))
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a dob
$date_message = '*Please enter job closing date*';
}
//Check the format and explode into $parts
elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$",$date, $parts))
{
$error_stat = 1;

//Set the message to tell the user the date is invalid
$date_message = '*Invalid date, must be DD/MM/YYYY format*';
}

elseif (!checkdate($parts[2],$parts[1],$parts[3]))
{
$error_stat = 1;

//Set the message to tell the date is invalid for the month entered
$date_message = '*Invalid date, month must be between 1-12*';
}

// Job Description check)
if (!$description)
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$description_message = '*Please enter a job description*';
}

$description = $_POST['description'];
$description = trim($description);

if (strlen($description) > 150)
{
$error_stat = 1;
$description_message = '*Job Title must be 150 characters or less*';
}

// Educational Level Check)
if ($educationallevel == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$educationallevel_message = '*Please select Educational level required*';
}

if( $_FILES['userfile']['size'] > 2000000 )
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$filesize_message = '*Filesize too large *';

}

$fileTypes = array("application/pdf", "application/msword");

if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) )
{
$error_stat = 1;
$filetype_message = '*Filetype not allowed *';
}

$uploadDir = 'applicationforms/';
if (isset($_POST['submit']) && $error_stat == 0)
{


$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

// the files will be saved in filePath
$filePath = $uploadDir . $fileName;

// move the files to the specified directory
// if the upload directory is not writable or
// something else went wrong $result will be false
$result = move_uploaded_file($tmpName, $filePath);


include("database.php");

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}


$update = mysql_query("UPDATE job SET jobtitle='" . $_POST["jobtitle"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',joblocation='" . $_POST["joblocation"] . "',employmenttype='" . $_POST["employmenttype"] . "',salary='" . $_POST["salary"] . "',date='" . $_POST["date"] . "',educationallevel='" . $_POST["educationallevel"] . "',description='" . $_POST["description"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='$username' AND id='$id'");


?>

<br />
<a href="index.php">Back to main page</a> <br />
<br />
<br />
The Job record has been successfully updated.
<?php
}
else
{

$sql = "SELECT * FROM job WHERE username='$username' AND id='$id'";
$result = mysql_query($sql) or die(mysql_error());
$account = mysql_fetch_array($result);
}
}

?>
<form method="post" class="addform" action="" enctype="multipart/fom-data">
<fieldset>
<label for="cvtitle">Edit Job</label>
<fieldset>
<p align="right">&nbsp;</p>
</fieldset>
<label for="username">Username:</label>
<input readonly name="username" type="text" id="username" value="<?php echo $_SESSION["username"]; ?>" />
<br />
</fieldset>
<hr class="hr_blue"/>
<fieldset>
<label for="jobtitle">Job Title:</label>
<input name="jobtitle" type="text" id="jobtitle" value="<?php echo $account['jobtitle']; ?>"/>
<span class="redboldtxt"><?php echo "$jobtitle_message";?>
</fieldset>
</span>
<fieldset>
<label for="jobcatergory">Job Catergory:</label>
<p></p>
<select name="jobcatergory">
<option value="Please Select">Please Select</option>
<?php
$jobcatergory_opts = array(
"Accountancy and Finance",
"Banking and Insurance",
"Construction",
"Customer Service",
"Engineering",
"Management",
"Hotel and Catering",
"Information Technology",
"Legal",
"Marketing",
"Medical",
"Retail",
"Sales",
"Secretarial",
"Transport and Distribution",
"Working from home",
);
foreach($jobcatergory_opts as $opt){
$selected = $account['jobcatergory'] == $opt ? " selected='selected'":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$jobcatergory_message";?><?php echo $error['jobcatergory']; ?></span>
</fieldset>
<fieldset>
<label for="joblocation">Location:</label>
<p></p>
<select name="joblocation">
<option value="Please Select">Please Select</option>
<?php
$joblocation_opts = array(
"Co.Antrim",
"Co.Armagh",
"Co.Down",
"Co.Fermanagh",
"Co.Londonderry",
"Co.Tyrone",
);
foreach($joblocation_opts as $opt){
$selected = $account['joblocation'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$joblocation_message";?><?php echo $error['joblocation']; ?></span>
</fieldset>
<fieldset>
<label for="employmenttype">Job Type:</label>
<p></p>
<select name="employmenttype">
<option value="Please Select">Please Select</option>
<?php
$employmenttype_opts = array(
"permanent fulltime",
"permanent parttime",
"temporary fulltime",
"temporary parttime",
);
foreach($employmenttype_opts as $opt){
$selected = $account['employmenttype'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$employmenttype_message";?><?php echo $error['employmenttype']; ?></span>
</fieldset>
<fieldset>
<label for="salary">Salary:</label>
<input name="salary" type="text" id="salary" value="<?php echo $account['salary']; ?>"/>
<span class="redboldtxt"><?php echo "$salary_message";?></span>
</fieldset>
<fieldset>
<label for="date">Closing Date:</label>
<input name="date" type="text" id="date" value="<?php echo $account['date']; ?>"/>
<span class="redboldtxt"><?php echo "$date_message";?></span>
</fieldset>
<fieldset>
<label for="educationallevel">Qualification Level Required:</label>
<p></p>
<select name="educationallevel">
<option value="Please Select">Please Select</option>
<?php
$educationallevel_opts = array(
"GCSE",
"A-Level",
"Third Level Certification",
"Third Level Diploma",
"Third Level Degree",
"Post Graduate Qualification",
"Masters",
"PHD",
"Professional Qualification",
"Part Professional Qualification",
"Trade Qualification",
);
foreach($educationallevel_opts as $opt){
$selected = $account['educationallevel'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$educationallevel_message";?><?php echo $error['educationallevel']; ?></span>
</fieldset>
<hr class="hr_blue"/>
<fieldset>
Job Description -<br />
</fieldset>
<fieldset>
<textarea rows="2" name="description" cols="20"><?php echo $account["description"]; ?></textarea>
<p></p>
<span class="redboldtxt"><?php echo "$description_message";?></span>
</fieldset>
Upload Application Form
</label>
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" class="box" id="userfile">
<span class="redboldtxt"><?php echo "$filesize_message";?></span> <span class="redboldtxt"><?php echo "$filetype_message";?></span>
</fieldset>
<p></p>
<fieldset>
<p class="submit">
<input type="submit" name="submit" value="Add Job" />
</fieldset>
</form>
I just noticed you posted what you get for the edit record link. Notice how username isn't even there? Where are you passing that value into the url? Remember if you want to use sessions you need to use session_start(); at the top of EVERY page that you need sessions before any output to the browser. Also I noticed in some of your queries you use $_POST['name'] but you don't use mysql_real_escape_string. If some how someone got into this area of the site they could run sql injections because you are queries don't prevent it. I suggest you read http://www.ilovejackdaniels.com/php/writing-secure-php/
all parts. Parts 2 and 3 are linked just after the start of the article. You will learn a lot about writing secure php.

PRodgers4284
03-05-2008, 10:33 PM
Try this, I added session_start(); at the top which you didn't have so sessions weren't being read. I also formatted the php a little better so its easier to read.

<?php
session_start();
$username = '';
$id = '';

$username = (isset($_GET['username']) ? mysql_real_escape_string($_GET['username']) : NULL;
$id = (isset($_GET['id']) ? intval($_GET['id']) : 1;

if (isset($_POST['submit']))
{
$error_stat = 0;
$jobtitle_message = '';
$jobcatergory_message = '';
$joblocation_message = '';
$employmenttype_message = '';
$salary_message = '';
$date_message = '';
$educationallevel_message = '';
$description_message = '';
$filesize_message = '';
$filetype_message = '';

$jobtitle = trim($_POST['jobtitle']);
$jobcatergory = trim($_POST['jobcatergory']);
$joblocation = trim($_POST['joblocation']);
$employmenttype = trim($_POST['employmenttype']);
$salary = trim($_POST['salary']);
$date = trim($_POST['date']);
$educationallevel = trim($_POST['educationallevel']);
$description = trim($_POST['description']);

//Error checking



// Job Title check)
if (!$jobtitle)
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$jobtitle_message = '*Please enter a job title*';
}
else if (ctype_digit($jobtitle))
{
$error_stat = 1;
$jobtitle_message .= '*Invalid Job Title*';
}
else if ( preg_match( '/\W/', $jobtitle))
{
$error_stat = 1;
$jobtitle_message = '*Invalid jobtitle, letters only, no spaces*';
}

$jobtitle = $_POST['jobtitle'];
$jobtitle = trim($jobtitle);

if (strlen($jobtitle) > 30)
{
$error_stat = 1;
$jobtitle_message = '*Job Title must be 20 characters or less*';
}
// Job Catergory Check)
if ($jobcatergory == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$jobcatergory_message = '*Please select a Job Catergory*';
}

// Job Location Check)
if ($joblocation == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$joblocation_message = '*Please select a Job location*';
}

// Employment Type Check)
if ($employmenttype == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$employmenttype_message = '*Please select Employment type*';
}

// Salary check)
if (!$salary)
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$salary_message = '*Please enter job salary*';
}
else if (!ctype_digit($salary))
{
$error_stat = 1;
$salary_message .= '*Invalid salary*';
}

//Date check)
if (empty($date))
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a dob
$date_message = '*Please enter job closing date*';
}
//Check the format and explode into $parts
elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$",$date, $parts))
{
$error_stat = 1;

//Set the message to tell the user the date is invalid
$date_message = '*Invalid date, must be DD/MM/YYYY format*';
}

elseif (!checkdate($parts[2],$parts[1],$parts[3]))
{
$error_stat = 1;

//Set the message to tell the date is invalid for the month entered
$date_message = '*Invalid date, month must be between 1-12*';
}

// Job Description check)
if (!$description)
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;

//Set the message to tell the user to enter a username
$description_message = '*Please enter a job description*';
}

$description = $_POST['description'];
$description = trim($description);

if (strlen($description) > 150)
{
$error_stat = 1;
$description_message = '*Job Title must be 150 characters or less*';
}

// Educational Level Check)
if ($educationallevel == 'Please Select')
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$educationallevel_message = '*Please select Educational level required*';
}

if( $_FILES['userfile']['size'] > 2000000 )
{
//Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$filesize_message = '*Filesize too large *';

}

$fileTypes = array("application/pdf", "application/msword");

if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) )
{
$error_stat = 1;
$filetype_message = '*Filetype not allowed *';
}

$uploadDir = 'applicationforms/';
if (isset($_POST['submit']) && $error_stat == 0)
{


$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

// the files will be saved in filePath
$filePath = $uploadDir . $fileName;

// move the files to the specified directory
// if the upload directory is not writable or
// something else went wrong $result will be false
$result = move_uploaded_file($tmpName, $filePath);


include("database.php");

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}


$update = mysql_query("UPDATE job SET jobtitle='" . $_POST["jobtitle"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',joblocation='" . $_POST["joblocation"] . "',employmenttype='" . $_POST["employmenttype"] . "',salary='" . $_POST["salary"] . "',date='" . $_POST["date"] . "',educationallevel='" . $_POST["educationallevel"] . "',description='" . $_POST["description"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='$username' AND id='$id'");


?>

<br />
<a href="index.php">Back to main page</a> <br />
<br />
<br />
The Job record has been successfully updated.
<?php
}
else
{

$sql = "SELECT * FROM job WHERE username='$username' AND id='$id'";
$result = mysql_query($sql) or die(mysql_error());
$account = mysql_fetch_array($result);
}
}

?>
<form method="post" class="addform" action="" enctype="multipart/fom-data">
<fieldset>
<label for="cvtitle">Edit Job</label>
<fieldset>
<p align="right">&nbsp;</p>
</fieldset>
<label for="username">Username:</label>
<input readonly name="username" type="text" id="username" value="<?php echo $_SESSION["username"]; ?>" />
<br />
</fieldset>
<hr class="hr_blue"/>
<fieldset>
<label for="jobtitle">Job Title:</label>
<input name="jobtitle" type="text" id="jobtitle" value="<?php echo $account['jobtitle']; ?>"/>
<span class="redboldtxt"><?php echo "$jobtitle_message";?>
</fieldset>
</span>
<fieldset>
<label for="jobcatergory">Job Catergory:</label>
<p></p>
<select name="jobcatergory">
<option value="Please Select">Please Select</option>
<?php
$jobcatergory_opts = array(
"Accountancy and Finance",
"Banking and Insurance",
"Construction",
"Customer Service",
"Engineering",
"Management",
"Hotel and Catering",
"Information Technology",
"Legal",
"Marketing",
"Medical",
"Retail",
"Sales",
"Secretarial",
"Transport and Distribution",
"Working from home",
);
foreach($jobcatergory_opts as $opt){
$selected = $account['jobcatergory'] == $opt ? " selected='selected'":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$jobcatergory_message";?><?php echo $error['jobcatergory']; ?></span>
</fieldset>
<fieldset>
<label for="joblocation">Location:</label>
<p></p>
<select name="joblocation">
<option value="Please Select">Please Select</option>
<?php
$joblocation_opts = array(
"Co.Antrim",
"Co.Armagh",
"Co.Down",
"Co.Fermanagh",
"Co.Londonderry",
"Co.Tyrone",
);
foreach($joblocation_opts as $opt){
$selected = $account['joblocation'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$joblocation_message";?><?php echo $error['joblocation']; ?></span>
</fieldset>
<fieldset>
<label for="employmenttype">Job Type:</label>
<p></p>
<select name="employmenttype">
<option value="Please Select">Please Select</option>
<?php
$employmenttype_opts = array(
"permanent fulltime",
"permanent parttime",
"temporary fulltime",
"temporary parttime",
);
foreach($employmenttype_opts as $opt){
$selected = $account['employmenttype'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$employmenttype_message";?><?php echo $error['employmenttype']; ?></span>
</fieldset>
<fieldset>
<label for="salary">Salary:</label>
<input name="salary" type="text" id="salary" value="<?php echo $account['salary']; ?>"/>
<span class="redboldtxt"><?php echo "$salary_message";?></span>
</fieldset>
<fieldset>
<label for="date">Closing Date:</label>
<input name="date" type="text" id="date" value="<?php echo $account['date']; ?>"/>
<span class="redboldtxt"><?php echo "$date_message";?></span>
</fieldset>
<fieldset>
<label for="educationallevel">Qualification Level Required:</label>
<p></p>
<select name="educationallevel">
<option value="Please Select">Please Select</option>
<?php
$educationallevel_opts = array(
"GCSE",
"A-Level",
"Third Level Certification",
"Third Level Diploma",
"Third Level Degree",
"Post Graduate Qualification",
"Masters",
"PHD",
"Professional Qualification",
"Part Professional Qualification",
"Trade Qualification",
);
foreach($educationallevel_opts as $opt){
$selected = $account['educationallevel'] == $opt ? " selected=true":"";
print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
}
?>
</select>
<span class="redboldtxt"><?php echo "$educationallevel_message";?><?php echo $error['educationallevel']; ?></span>
</fieldset>
<hr class="hr_blue"/>
<fieldset>
Job Description -<br />
</fieldset>
<fieldset>
<textarea rows="2" name="description" cols="20"><?php echo $account["description"]; ?></textarea>
<p></p>
<span class="redboldtxt"><?php echo "$description_message";?></span>
</fieldset>
Upload Application Form
</label>
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" class="box" id="userfile">
<span class="redboldtxt"><?php echo "$filesize_message";?></span> <span class="redboldtxt"><?php echo "$filetype_message";?></span>
</fieldset>
<p></p>
<fieldset>
<p class="submit">
<input type="submit" name="submit" value="Add Job" />
</fieldset>
</form>
I just noticed you posted what you get for the edit record link. Notice how username isn't even there? Where are you passing that value into the url? Remember if you want to use sessions you need to use session_start(); at the top of EVERY page that you need sessions before any output to the browser.

Aerospace, i tried the code, im getting error on line 69, "Parse error: syntax error, unexpected ';'"

I have session start at the very top of script:


<?php
session_start();
if(!isset($_SESSION['username'])){
header("Location: index2.php");
}
include("database.php");
include("loginemployer.php");
?>


I am passing the value into the url from a view record page which includes the link to the edit page, the link passes the username and id.

The code for the view records is:



<?php

$sessid = $_SESSION["username"] ;

$query = "SELECT * FROM job WHERE username='" . $sessid. "'";


$result = mysql_query($query);
if(!$result){
// check if is something wrong
print "Error";
}else{
if(mysql_num_rows($result) == 0){
print "No Jobs Exist";
}else{
while ($account = @mysql_fetch_array($result)) {
$id=$account["id"];
$jobtitle=$account["jobtitle"];
$jobcatergory=$account["jobcatergory"];
?>
<form class="jobform" action="">
<fieldset>
<p class="edit">
</fieldset>
<fieldset>
<label for="jobtitle">Job Title:</label>
<input readonly name="jobtitle" type="text" id="jobtitle" value="<?php echo $account["jobtitle"]; ?>" /><br />
</fieldset>
<fieldset style="width: 602; height: 58">
<label for="jobcatergory">Job Catergory:</label>
<input readonly name="jobcatergory" type="text" id="jobcatergory" value="<?php echo $account["jobcatergory"]; ?>" />
</fieldset>
<fieldset>
<table border="0" align=right width="40&#37;" id="table14">
<tr>
<td align="right"><span class="navyboldtxt"><p align="right"><?php echo "<a href='editjob.php?username=$username&id=$id'>Edit/Update Job</a>"?></p></td>
<td align="right"><span class="navyboldtxt"><p align="right"><?php echo "<a href='editjob.php?username=$username&id=$id'>Delete Job</a>"?></p></td>
</td>
</tr>
</table>
</fieldset>
</form

Thanks for the link about the sql injection, im know my code is unsecure at the minute, i intend to look into the security issues, i appreciate you advice on this.

_Aerospace_Eng_
03-06-2008, 03:20 AM
You don't have session_start(); on view records. Again the EXACT error you are getting would be useful because it tells you where the error is. I didn't change much other than the two lines on the top.

PRodgers4284
03-06-2008, 10:57 AM
You don't have session_start(); on view records. Again the EXACT error you are getting would be useful because it tells you where the error is. I didn't change much other than the two lines on the top.

Aerospace i managed to get this workin, the problem was on the viewjob page, I have session start on the viewjob page, didnt think i needed to post it up, sorryy for the confusion. I was missing "$username=$account["username"];" in the while statement on the viewjob page, thats why the username was not being sent. Thanks for your help, really appreciate it.

Thank again



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum