[End User]

Code:

if(isset($_GET['job_copy'])){ // copy the job

$qac = "select jobid from jobs order by jobid desc";
	       $rac = mysql_query($qac) or die(mysql_error(Error2));
	       $ac = mysql_fetch_array($rac);
	       $newjobid = $ac[0] + 1;
		   
$old_jobid = $_GET['old_jobid'];

Please be aware that this code, specifically the unfiltered GET statements, is a recipe for disaster. As it stands, a malicious user could pass in a SQL statement (or other code) that would compromise your server completely. There isn't anything they couldn't do once they had control. And your biggest fear isn't an individual user, it's bots that scan the web for forms and then start "fuzzing" the forms automatically, looking for exploits and vulnerabilities. This happens all the time and I can just about guarantee you that your site will be hacked before long if you ran that code as shown.