Edit record help

[PRodgers4284]

I am trying to populate an edit form with a record from a mysql database, i have a view record page with an edit option which gets the username and id assigned to the record and this should then populate the edit record form with the record selected. Im have used a link to the edit page which is:

 

<?php echo "<a href='editjob.php?username=$username&&id=$id'>Edit/Update Job</a>"?>

 

The username and id is being selected but i cant same to get it to populate the edit form with the record. Can anyone help?

 

My code for the edit page is:

 

<?php  
if (isset($_POST['submit'])) { 

$username = $_GET['username'];
$id = $_GET['id'];

$error_stat = 0;  
$jobtitle_message = ''; 
$jobcatergory_message = ''; 
$joblocation_message = ''; 
$employmenttype_message = ''; 
$salary_message = ''; 
$date_message = ''; 
$educationallevel_message = ''; 
$description_message = ''; 
$filesize_message = '';
$filetype_message = '';

$jobtitle = trim($_POST['jobtitle']);
$jobcatergory = trim($_POST['jobcatergory']);
$joblocation = trim($_POST['joblocation']);
$employmenttype = trim($_POST['employmenttype']);
$salary = trim($_POST['salary']);
$date = trim($_POST['date']);
$educationallevel = trim($_POST['educationallevel']);
$description = trim($_POST['description']);

//Error checking  



// Job Title check)  
if (!$jobtitle) { 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $jobtitle_message = '*Please enter a job title*'; 
} 

else if (ctype_digit($jobtitle)) {  
   $error_stat = 1;  
   $jobtitle_message .= '*Invalid Job Title*';  
}  

else if ( preg_match( '/\W/', $jobtitle)){ 
     $error_stat = 1;  
    $jobtitle_message = '*Invalid jobtitle, letters only, no spaces*';  

}  

$jobtitle = $_POST['jobtitle'];  
$jobtitle = trim($jobtitle);  

   if (strlen($jobtitle) > 30){  
   $error_stat = 1;  
   $jobtitle_message = '*Job Title must be 20 characters or less*';  
}  






//  Job Catergory Check)   
if ($jobcatergory == 'Please Select'){ 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 
    $jobcatergory_message = '*Please select a Job Catergory*'; 
} 





//    Job Location Check)   
if ($joblocation == 'Please Select'){ 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 
    $joblocation_message = '*Please select a Job location*'; 
} 


// Employment Type Check)   
if ($employmenttype == 'Please Select'){ 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 
    $employmenttype_message = '*Please select Employment type*'; 
} 





// Salary check)  
if (!$salary) { 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 

//Set the message to tell the user to enter a username 
$salary_message = '*Please enter job salary*'; 
} 

else if (!ctype_digit($salary)) {  
   $error_stat = 1;  
   $salary_message .= '*Invalid salary*';  
} 




//Date check)  
if (empty($date)) { 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 

//Set the message to tell the user to enter a dob 
$date_message = '*Please enter job closing date*'; 
} 

//Check the format and explode into $parts 
  elseif (!ereg("^([0-9]{2})/([0-9]{2})/([0-9]{4})$",  
          $date, $parts)){ 
     $error_stat = 1;      

//Set the message to tell the user the date is invalid 
$date_message = '*Invalid date, must be DD/MM/YYYY format*'; 
} 
     
  elseif (!checkdate($parts[2],$parts[1],$parts[3])) 
  { 
  $error_stat = 1;  
   
  //Set the message to tell the date is invalid for the month entered 
    $date_message = '*Invalid date, month must be between 1-12*'; 
} 
   

// Job Description check)  
if (!$description) { 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 

//Set the message to tell the user to enter a username 
    $description_message = '*Please enter a job description*'; 
} 

$description = $_POST['description'];  
$description = trim($description);  

   if (strlen($description) > 150){  
   $error_stat = 1;  
   $description_message = '*Job Title must be 150 characters or less*';  
}  

   
   
   
//    Educational Level Check)   
if ($educationallevel == 'Please Select'){ 
//Set the error_stat to 1, which means that an error has occurred 
    $error_stat = 1; 
    $educationallevel_message = '*Please select Educational level required*'; 
} 


if( $_FILES['userfile']['size'] > 2000000 ){
    //Set the error_stat to 1, which means that an error has occurred
$error_stat = 1;
$filesize_message = '*Filesize too large *';

}

$fileTypes = array("application/pdf", "application/msword");

if( !in_array("{$_FILES['userfile']['type']}", $fileTypes) ){
    $error_stat = 1;
$filetype_message = '*Filetype not allowed *';

}




$uploadDir = 'applicationforms/';  

if (isset($_POST['submit']) && $error_stat == 0) { 


    $fileName = $_FILES['userfile']['name']; 
    $tmpName  = $_FILES['userfile']['tmp_name']; 
    $fileSize = $_FILES['userfile']['size']; 
    $fileType = $_FILES['userfile']['type']; 

    // the files will be saved in filePath  
    $filePath = $uploadDir . $fileName; 

    // move the files to the specified directory 
    // if the upload directory is not writable or 
    // something else went wrong $result will be false 
    $result    = move_uploaded_file($tmpName, $filePath); 
     
     
    include("database.php"); 

    if(!get_magic_quotes_gpc()) 
    { 
        $fileName  = addslashes($fileName); 
        $filePath  = addslashes($filePath); 
    }   
}   
    
    

 	 mysql_query("UPDATE job SET username='" . $_POST["username"] . "',jobtitle='" . $_POST["jobtitle"] . "',jobcatergory='" . $_POST["jobcatergory"] . "',joblocation='" . $_POST["joblocation"] . "',employmenttype='" . $_POST["employmenttype"] . "',salary='" . $_POST["salary"] . "',date='" . $_POST["date"] . "',educationallevel='" . $_POST["educationallevel"] . "',description='" . $_POST["description"] . "', name='$fileName', type='$fileType', size='$fileSize', path='$filePath' WHERE username='$username' AND id='$id'"); 

  
?>  
           
<br /> 
<a href="index.php">Back to main page</a> 
<br /> 
<br /> 
<br /> 
The Job record has been successfully updated. 
<?php  
}  
else  
{  
$account = mysql_fetch_array(mysql_query("SELECT * FROM job WHERE username='$username' AND id='$id'"))
?>  
<form method="post" class="addform" action="" enctype="multipart/fom-data"> 
<fieldset>  
<label for="cvtitle">Edit Job</label><fieldset> 
<p align="right"> </p>
</fieldset> 
<label for="username">Username:</label>  
<input readonly name="username" type="text" id="username" value="<?php echo $_SESSION["username"]; ?>" /><br />  
</fieldset>  

<hr class="hr_blue"/>

<fieldset> 
<label for="jobtitle">Job Title:</label> 
<input name="jobtitle" type="text" id="jobtitle" value="<?php echo $account['jobtitle']; ?>"/> 
<span class="redboldtxt"><?php echo "$jobtitle_message";?></fieldset></span>


<fieldset>    
<label for="jobcatergory">Job Catergory:</label><p></p>   
<select name="jobcatergory"> 
<option value="Please Select">Please Select</option> 
<?php 
  $jobcatergory_opts = array( 
    "Accountancy and Finance", 
    "Banking and Insurance", 
    "Construction", 
    "Customer Service", 
    "Engineering", 
    "Management",
    "Hotel and Catering", 
    "Information Technology",
    "Legal",
    "Marketing", 
    "Medical",
    "Retail",
    "Sales",
    "Secretarial",
    "Transport and Distribution",
    "Working from home",        
  ); 
  foreach($jobcatergory_opts as $opt){
    $selected = $account['jobcatergory'] == $opt ? " selected=true":"";
    print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
  }
?>
</select>
<span class="redboldtxt"><?php echo "$jobcatergory_message";?><?php echo $error['jobcatergory']; ?></span></fieldset> 

<fieldset> 
<label for="joblocation">Location:</label> 
<p></p>
<select name="joblocation">
<option value="Please Select">Please Select</option>
<?php
  $joblocation_opts = array(
    "Co.Antrim",
    "Co.Armagh",
    "Co.Down",
    "Co.Fermanagh",
    "Co.Londonderry",
    "Co.Tyrone",
  );
  foreach($joblocation_opts as $opt){
    $selected = $account['joblocation'] == $opt ? " selected=true":"";
    print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
  }
?>
</select>
<span class="redboldtxt"><?php echo "$joblocation_message";?><?php echo $error['joblocation']; ?></span></fieldset>  


<fieldset>  
<label for="employmenttype">Job Type:</label><p></p>  
<select name="employmenttype"> 
<option value="Please Select">Please Select</option> 
<?php 
  $employmenttype_opts = array( 
    "permanent fulltime", 
    "permanent parttime", 
    "temporary fulltime", 
    "temporary parttime", 
  ); 
  foreach($employmenttype_opts as $opt){
    $selected = $account['employmenttype'] == $opt ? " selected=true":"";
    print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
  }
?>
</select>
<span class="redboldtxt"><?php echo "$employmenttype_message";?><?php echo $error['employmenttype']; ?></span></fieldset> 


<fieldset> 
<label for="salary">Salary:</label> 
<input name="salary" type="text" id="salary" value="<?php echo $account['salary']; ?>"/> 
<span class="redboldtxt"><?php echo "$salary_message";?></span></fieldset>

<fieldset> 
<label for="date">Closing Date:</label> 
<input name="date" type="text" id="date" value="<?php echo $account['date']; ?>"/> 
<span class="redboldtxt"><?php echo "$date_message";?></span></fieldset> 


<fieldset>  
<label for="educationallevel">Qualification Level Required:</label><p></p>   
<select name="educationallevel"> 
<option value="Please Select">Please Select</option> 
<?php 
  $educationallevel_opts = array( 
    "GCSE", 
    "A-Level", 
    "Third Level Certification", 
    "Third Level Diploma", 
    "Third Level Degree", 
    "Post Graduate Qualification",
    "Masters",
    "PHD",
    "Professional Qualification",
    "Part Professional Qualification",
    "Trade Qualification", 
  ); 
  foreach($educationallevel_opts as $opt){
    $selected = $account['educationallevel'] == $opt ? " selected=true":"";
    print "<option value=\"{$opt}\"{$selected}>{$opt}</option>";
  }
?>
</select>
<span class="redboldtxt"><?php echo "$educationallevel_message";?><?php echo $error['educationallevel']; ?></span></fieldset> 

<hr class="hr_blue"/>

<fieldset> 
Job Description -<br /> 
</fieldset> 

<fieldset> 
<textarea rows="2" name="description" cols="20"><?php echo $account["description"]; ?></textarea><p></p> 
<span class="redboldtxt"><?php echo "$description_message";?></span></fieldset> 

Upload Application Form</label> 
<input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" class="box" id="userfile">
<span class="redboldtxt"><?php echo "$filesize_message";?></span>
<span class="redboldtxt"><?php echo "$filetype_message";?></span>
</fieldset>

<p></p>
<fieldset> 
<p class="submit"><input type="submit" name="submit" value="Edit Job" />

</fieldset>
</form> 
<?php  
}  
?> 

[Cep]

I am not about to resolve your issue here but I just had to post this because your script is full of security holes.

 

On all your POST vars use the mysql_real_escape function because your just wide open for SQL injection attacks.

[redarrow]

also as stated below, Your posted code needs lots off valadation or the code you have provided is classed as floored....... meaning hackerable or crackable.........

 

<?php echo "<a href='editjob.php?username=$username&&id=$id'>Edit/Update Job</a>"?>

 

& <<<<<< once in url, young person lol

 

<?php echo "<a href='editjob.php?username=$username&id=$id'>Edit/Update Job</a>"?>

[PRodgers4284]

Has anybody got any ideas of what is causing the problem with the edit form, i cant get the record posted to the form.

[revraz]

First thing to do, echo the query so you can see what is trying to be entered.

Second thing to do, is use mysql_error() after the query so you can see any errors from it.

[PRodgers4284]

Thanks for the reply, il give that a try