Hi I am new to php programming, I have a website that has a mysql database that has the ability to add new rows, edit old rows but what I want to do is to take an existing row, and with a click of a copy link create a duplicate record with a new primary key.
I've used this code snippet to create a new row locally in mysql
update jobs set jobid=0 where jobid=9;
insert into jobs select * from jobs where jobid=0;
update jobs set jobid=9 where jobid=0;
and it does create a new row with a new jobid,
my quandry is how to create a button(link) that will take the jobid variable and
select ( name, description, title, length) from jobs where jobid=\$jobid\
insert (name, description, title, length) into jobs
This is the general idea of what I think you want. Be aware I have excluded any sort of data cleansing and as such the script may be vulnerable to SQL injection.
// Fetch job based on the jobID passed in the URL
$sql = mysql_query("SELECT * FROM `jobs` WHERE `jobid` = '$_GET[jobID]'");
$row = mysql_fetch_assoc($sql);
// $row['jobid'] = Job ID
// $row['description'] = Job description
// Now we have the selected job details, we can create a new record
mysql_query("INSERT INTO `jobs` (`jobid`, `description`) VALUES ('$row[jobid]', '$row[description]'");
// If the Job ID is the index and will autoincrement, we don't need to worry about it as it'll be auto-assigned. We can access the new ID using
$newJobID = mysql_insert_id();
ok, here's the final working version, thanks to all of you!!!
Code:
if(isset($_GET['job_copy'])){ // copy the job
$qac = "select jobid from jobs order by jobid desc";
$rac = mysql_query($qac) or die(mysql_error(Error2));
$ac = mysql_fetch_array($rac);
$newjobid = $ac[0] + 1;
$old_jobid = $_GET['old_jobid'];
$qc = "insert into jobs(jobref,position,category,description,requirements,expiry,postdate,
benefits,hour,surgicalarea,callpoint,contract,deadline,start,status,tel,fax,cemail, cname ,
hide,rules,country,education,levels, recruiterid)
select jobref,position,category,description,requirements,expiry,postdate,
benefits,hour,surgicalarea,callpoint,contract,deadline,start,status,tel,fax,cemail, cname ,
hide,rules,country,education,levels, recruiterid from jobs where jobid = $old_jobid" ;
/*echo $qc = "insert into jobs
select * from jobs where
jobid = $old_jobid " ;*/
$rqc = mysql_query($qc) or die(mysql_error());
$q1c = "update jobs set jobid = $newjobid where jobid = '0'";
$rq1c = mysql_query($q1c) or die(mysql_error());
Hi I am having a new issue in that two of the fields (country and subcounty) are not being copied correctly when I either update the job or copy the job.
Code:
editjob.html
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td align="left" class="tcat">Job Details</td>
</tr>
<tr>
<td class="tborder">
<?
$q6 = "select * from content where lang = \"$lang\" and section = \"Recruiters\" and title = \"Advertise posting\"";
$r6 = mysql_query($q6) or die(mysql_error(Error5));
$a6 = mysql_fetch_array($r6);
echo "$a6[content]";
?>
<script language="javascript">
<!--//
var currentTextArea = null
function openEditor(description) {
// location of edit.php file:
var editFile = 'edit.php';
currentTextArea = description;
var edit = window.open(editFile, 'editorWindow', 'width=720, height=450');
edit.focus();
}
function CheckPostJob()
{
if(document.PostJobForm.jobref.value=="")
{
window.alert('Please enter a job reference number');
document.PostJobForm.jobref.focus();
return false;
}
if(document.PostJobForm.position.value=="")
{
window.alert('Please enter the title of the job posting');
document.PostJobForm.position.focus();
return false;
}
if(document.PostJobForm.description.value=="")
{
window.alert('Please enter a description of the job posting');
document.PostJobForm.description.focus();
return false;
}
}
//-->
</script>
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<form method=post name=PostJobForm onsubmit="return CheckPostJob();">
<input type="hidden" name="subcountyhiddenval" id="subcountyhiddenval" />
<input type="hidden" name="subcityhiddenval" id="subcityhiddenval" />
<tr>
<td colspan="2" align="left">
</td>
</tr>
<?
if($message == "Your job vacancy has been successfully updated")
{
echo "
<tr>
<td colspan='2' align='left'><font color='#2E71B7'><b>Your posting has been successfully updated.</b></font>
</td>
</tr>";
}
?>
<tr>
<td colspan="2" align="left">Please enter a reference for the posting you are about to advertise.</td>
</tr>
<tr>
<td width="25%" align="left" valign="top">Job Ref:</td>
<td align="left" valign="top"><input name="jobref" type="text" size="40" value="<?=$a4[jobref]?>"/></td>
</tr>
<tr>
<td colspan="2" align="left">Please enter the contact name so applicants know who to contact when applying for this job posting.</td>
</tr>
<tr>
<tr>
<td align="left" valign="top">Contact Name:</td>
<td align="left" valign="top"><input name="cname" type="text" size="40" value="<?=$a4[cname]?>"/></td>
</tr>
<tr>
<td colspan="2" align="left">Please enter the contact details where you want all applications to be forwarded to.</td>
</tr>
<tr>
<td align="left" valign="top">Email Address:</td>
<td align="left" valign="top"><input name="cemail" type="text" size="40" value="<?=$a4[cemail]?>"/></td>
</tr>
<tr>
<td align="left" valign="top">Telephone:</td>
<td align="left" valign="top"><input name="tel" type="text" size="40" value="<?=$a4[tel]?>"/></td>
</tr>
<tr>
<td align="left" valign="top">Fax: </td>
<td align="left" valign="top"><input name="fax" type="text" size="40" value="<?=$a4[fax]?>">
</td>
</tr>
<tr>
<td colspan="2" align="left">Do you wish for your contact details to be hidden when displaying this job posting.</td>
</tr>
<tr>
<td align="left" valign="top">Hide contact details:</td>
<td align="left" valign="top">
<?
if($a4[hide] == 'Yes')
{
echo "
<input type=radio name=hide value='Yes' checked>Yes
<input type=radio name=hide value='No'>No
";
}
else
{
echo "
<input type=radio name=hide value='Yes'>Yes
<input type=radio name=hide value='No' checked>No
";
}
?>
</td>
</tr>
<tr>
<td colspan="2" align="left">Please enter the title of the posting you are advertising.</td>
</tr>
<tr>
<td align="left" valign="top">Job Title:</td>
<td align="left" valign="top"><input name="position" type="text" size="40" value="<?=$a4[position]?>"/></td>
</tr>
<tr>
<td colspan="2" align="left">Please select a category for this posting.</td>
</tr>
</tr>
<?
if(!empty($a4[category]))
{
?>
<tr>
<td colspan='2' align='left'><b>You previously selected:</b> <font color=red><?=$a4[category]?></font></td>
</tr>
<?
}
?>
<tr>
<td align="left" valign="top">Job Category:</td>
<td align="left" valign="top"><select name=category>
<OPTION VALUE='' selected>Select One</OPTION>
<?
$category_query=mysql_query("select * from categories order by category asc");
while ($category_result=mysql_fetch_array($category_query))
{
?>
<option value="<?=$category_result['category']?>" <? if($a1[category]==$category_result['category']){echo '';}?>><?=$category_result['category']?></option>
<?
}
?>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="left">Please enter a detailed description for this posting.</td>
</tr>
<tr>
<td align="left" valign="top">Job description:</td>
<td align="left" valign="top">
<textarea cols="40" rows="10" name="description"><?=$a4[description]?></textarea>
<br>
<a href="javascript:openEditor(document.PostJobForm.description)"><b><font color=red>Use HTML Editor</font></b></a>
</td>
</tr>
<tr>
<td align="left" valign="top">Job Requirements:</td>
<td align="left" valign="top">
<textarea cols="40" rows="10" name="requirements"><?=$a4[requirements]?></textarea>
<br>
<a href="javascript:openEditor(document.PostJobForm.requirements)"><b><font color=red>Use HTML Editor</font></b></a>
</td>
</tr>
<tr>
<td align="left" valign="top">Benefits and Compensation:</td>
<td align="left" valign="top">
<textarea cols="40" rows="10" name="benefits"><?=$a4[benefits]?></textarea>
<br>
<a href="javascript:openEditor(document.PostJobForm.benefits)"><b><font color=red>Use HTML Editor</font></b></a>
</td>
</tr>
<tr>
<td colspan="2" align="left">Please select the number of years work experience level the applicant will need.</td>
</tr>
<?
if(!empty($a4[levels]))
{
?>
<tr>
<td colspan='2' align='left'><b>You previously selected:</b> <font color=red><?=$a4[levels]?></font></td>
</tr>
<?
}
?>
<tr>
<td align="left" valign="top">Work Experience:</td>
<td align="left" valign="top">
<select name="levels[]" multiple>
<?php
$level_query=mysql_query("select * from levels order by level asc");
while ($level_result=mysql_fetch_array($level_query))
{
echo '<option value="'.$level_result['level'].'"';
if (strstr($level_result['level'],$level_result['level']))
echo '>'.$level_result['level'].'</option>';
}
?>
</select><br><small>Hold CTRL to select multiple</small>
</td>
</tr>
<tr>
<td colspan="2" align="left">Please select the education level that the applicant will need to have.</td>
</tr>
<?
if(!empty($a4[education]))
{
?>
<tr>
<td colspan='2' align='left'><b>You previously selected:</b> <font color=red><?=$a4[education]?></font></td>
</tr>
<?
}
?>
<tr>
<td align="left" valign="top">Education Level:</td>
<td align="left" valign="top">
<select name="education[]" multiple>
<?php
$level_query=mysql_query("select * from educationlevel order by level asc");
while ($level_result=mysql_fetch_array($level_query))
{
echo '<option value="'.$level_result['level'].'"';
if (strstr($level_result['level'],$level_result['level']))
echo '>'.$level_result['level'].'</option>';
}
?>
</select><br><small>Hold CTRL to select multiple</small>
</td>
</tr>
<tr>
<td colspan="2" align="left">Please select the surgical area.</td>
</tr>
<tr>
<td align="left" valign="top">Surgical Area:</td>
<td align="left" valign="top">
<select name="surgicalarea">
<?
if (!empty($a4[surgicalarea]))
{
echo "
<OPTION VALUE='$a4[surgicalarea]' selected>$a4[surgicalarea]</OPTION>
";
}
else
{
echo "
<OPTION VALUE='' selected>Select One</OPTION>
";
}
?>
<?php
$level_query=mysql_query("select * from surgicalarea order by level asc");
while ($level_result=mysql_fetch_array($level_query))
{
echo '<option value="'.$level_result['level'].'"';
if (strstr($level_result['level'],$level_result['level']))
echo '>'.$level_result['level'].'</option>';
}
?>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="left">Please select the Call Point.</td>
</tr>
<tr>
<td align="left" valign="top">Call Point:</td>
<td align="left" valign="top">
<select name="callpoint">
<?
if (!empty($a4[callpoint]))
{
echo "
<OPTION VALUE='$a4[callpoint]' selected>$a4[callpoint]</OPTION>
";
}
else
{
echo "
<OPTION VALUE='' selected>Select One</OPTION>
";
}
?>
<?php
$level_query=mysql_query("select * from callpoint order by level asc");
while ($level_result=mysql_fetch_array($level_query))
{
echo '<option value="'.$level_result['level'].'"';
if (strstr($level_result['level'],$level_result['level']))
echo '>'.$level_result['level'].'</option>';
}
?>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="left">Please indicate whether this is a permanent or temporary posting.</td>
</tr><tr>
<td colspan="2" align="left">Please enter the location where the posting is available.</td>
</tr>
<?
if(!empty($a4[country]))
{
echo "
<tr>
<td colspan='2' align='left'><b>You previously selected:</b> <font color=red>$a4[country]</font></td>
</tr>
";
}
if(!empty($a4[subcounty]))
{
?>
<tr>
<td colspan='2' align='left'><b>You previously selected:</b> <font color=red><?=$a4[subcounty]?></font></td>
</tr>
<?
}
?>
<tr>
<td align="left" valign="top">Select Location:</td>
<td><select name=country[] multiple>
<?
$country_query=mysql_query("select * from countries order by country asc");
while ($country_result=mysql_fetch_array($country_query))
{
?>
<option value="<?=$country_result['country']?>" <? if($a1[country]==$country_result['country']){echo '';}?>><?=$country_result['country']?></option>
<?
}
?>
</select><br><small>Hold CTRL to select multiple</small>
</td>
</tr>
<tr>
<td align="left" valign="top">Cities:</td>
<td align="left" valign="top"><textarea name="subcounty" rows="2" cols="30"><?=$a4[subcounty]?></textarea></td>
</tr>
<tr>
<td align="left" valign="top" colspan="2">Please indicate how you want potential applicants to apply for this job posting. If you leave this section blank, the system will use the default application system where applications will be forwarded to your specific email address.</td>
</tr>
<tr>
<td align="left" valign="top">Application Rules:</td>
<td align="left" valign="top"><textarea name="rules" rows="3" cols="45"><?=$a4[rules]?></textarea></td>
</tr>
<tr>
<td align="center" colspan="2">
<?
if(!empty($a4[country]))
{
echo "<input type='hidden' name='country2' value='$a4[country]'>";
}
if(!empty($a4[category]))
{
echo "<input type='hidden' name='category2' value='$a4[category]'>";
}
if(!empty($a4[levels]))
{
echo "<input type='hidden' name='levels2' value='$a4[levels]'>";
}
if(!empty($a4[education]))
{
echo "<input type='hidden' name='education2' value='$a4[education]'>";
}
?>
<input name="submit" type="submit" value="Submit" /> <input name="submitcopy" type="submit" value="Copy Job" /></td>
</tr>
</form>
</table>
</td>
</tr>
</table>
Code:
PHP Code:
editjob.php
<?
include_once "accesscontrol.php";
include_once "../lang/$lang/header.html";
include_once "../lang/$lang/employers/side1.html";
if(isset($submit))
{
$subcounty = base64_decode($_REQUEST['subcountyhiddenval']);
$q3 = "update jobs set
jobref = \"$jobref\",
position = \"$position\",
category = \"$category\",
description = \"$description\",
hour = \"$hour\",
contract = \"$contract\",
deadline = \"$deadline\",
start = \"$start\",
salary = \"$salary\",
status = \"0\",
tel = \"$tel\",
cemail = \"$cemail\",
cname = \"$cname\",
hide = \"$hide\",
rules = \"$rules\"
where jobid = \"$jobid\"";
$r3 = mysql_query($q3) or die(mysql_error());
if(!empty($country))
{
$q5 = "update jobs set
country = \"$country\",
subcounty = \"$subcounty\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
else
{
$q5 = "update jobs set
country = \"$country2\",
subcounty = \"$subcounty2\",
subcity = \"$subcity2\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
if(!empty($category))
{
$q5 = "update jobs set
category = \"$category\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
else
{
$q5 = "update jobs set
category = \"$category2\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
$q4 = "select * from jobs where jobid = \"$jobid\" ";
$r4 = mysql_query($q4) or die(mysql_error());
$a4 = mysql_fetch_array($r4);
$message = 'Your job vacancy has been successfully updated';
include "../lang/$lang/employers/editjob.html";
include_once "../lang/$lang/employers/side2.html";
include "../lang/$lang/footer.html";
exit;
}
else
{
$q4 = "select * from jobs where jobid = \"$jobid\" ";
$r4 = mysql_query($q4) or die(mysql_error());
$a4 = mysql_fetch_array($r4);
include_once "../lang/$lang/employers/editjob.html";
include_once "../lang/$lang/employers/side2.html";
}
include_once "../lang/$lang/footer.html";
?>:crying: :confused:
if(!empty($country))
{
$q5 = "update jobs set
country = \"$country\",
subcounty = \"$subcounty\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
else
{
$q5 = "update jobs set
country = \"$country2\",
subcounty = \"$subcounty2\",
subcity = \"$subcity2\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
if(!empty($category))
{
$q5 = "update jobs set
category = \"$category\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
else
{
$q5 = "update jobs set
category = \"$category2\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
if(!empty($education))
{
$q5 = "update jobs set
education = \"$education\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
else
{
$q5 = "update jobs set
education = \"$education2\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
if(!empty($levels))
{
$q5 = "update jobs set
levels = \"$levels\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
else
{
$q5 = "update jobs set
levels = \"$levels2\"
where jobid = \"$jobid\"";
$r5 = mysql_query($q5) or die(mysql_error(Error3));
}
$q4 = "select * from jobs where jobid = \"$jobid\" ";
$r4 = mysql_query($q4) or die(mysql_error());
$a4 = mysql_fetch_array($r4);
$message = 'Your job vacancy has been successfully updated';
include "../lang/$lang/recruiters/editjob.html";
include_once "../lang/$lang/recruiters/side2.html";
include "../lang/$lang/footer.html";
exit;
}
else
{
$q4 = "select * from jobs where jobid = \"$jobid\" ";
$r4 = mysql_query($q4) or die(mysql_error());
$a4 = mysql_fetch_array($r4);
if(isset($_GET['job_copy'])){ // copy the job
$qac = "select jobid from jobs order by jobid desc";
$rac = mysql_query($qac) or die(mysql_error(Error2));
$ac = mysql_fetch_array($rac);
$newjobid = $ac[0] + 1;
$old_jobid = $_GET['old_jobid'];
Please be aware that this code, specifically the unfiltered GET statements, is a recipe for disaster. As it stands, a malicious user could pass in a SQL statement (or other code) that would compromise your server completely. There isn't anything they couldn't do once they had control. And your biggest fear isn't an individual user, it's bots that scan the web for forms and then start "fuzzing" the forms automatically, looking for exploits and vulnerabilities. This happens all the time and I can just about guarantee you that your site will be hacked before long if you ran that code as shown.
newbie question duplicating record
Linear Mode
