function getAllCategoriesDetails() { $db = new database(); $db->pick_db("workoutlog"); $res = $db->send_sql("SELECT table_name, column_name, data_type FROM information_schema.columns WHERE table_schema='workoutlog' and table_name LIKE 'tbl_workoutlog_category_%'"); $categories = $res->fetch_all(MYSQLI_ASSOC); foreach ($categories as $category) { $categoryName = substr($category['table_name'], 24); $columnName = $category['column_name']; $columnDataType = $category['data_type']; if (strtolower($columnName) != strtolower($categoryName . "Id") && strtolower($columnName) != strtolower("ExerciseId")) { $allCategoriesDetails[$categoryName][$columnName] = $columnDataType; } } return json_encode($allCategoriesDetails); }
</form> </div> </div> <div class="container"> <fieldset> <legend>Content</legend> <?php //change to your path include "./include/DB.php"; $LIMITATION = 10; $db = new database(); $db->connect(); $query_question = "SELECT user.Name,questions.Title,questions.time,questions.QID\n FROM `user` \n INNER JOIN `questions`\n ON user.UID=questions.UID\n"; if (!($res_question = $db->send_sql($query_question))) { $db->disconnect(); echo "Get Questions failed!<br>\n"; return -1; } $num = mysqli_num_rows($res_question); $i = 0; while ($i < $num) { $content = $res_question->fetch_assoc(); $content_question[$i][0] = $content['Name']; $content_question[$i][1] = $content['Title']; $content_question[$i][2] = $content['time']; $content_question[$i][3] = $content['QID']; $i++; } $i = 0;
} return implode($pass); //turn the array into a string } $db = new database(); $db->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); if ($_POST["proftype"] == "advisor") { ini_set('SMTP', 'localhost'); ini_set('sendmail_from', '*****@*****.**'); $header = 'From: webmaster@example.com' . "\r\n" . 'Reply-To: webmaster@example.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $rpass = randomPassword(); echo "Advisor has been created and password is "; echo $rpass; //mail($profmail,"password for subject waiver account",$rpass,$header); $createinstructor = "INSERT INTO instructor (i_id, i_name,ph_no,i_email,advisor_bool,admin_bool,department) VALUES ('" . $profid . "', '" . $profname . "', '" . $profphone . "', '" . $profmail . "', '1', '0','" . $profdept . "')"; $db->send_sql($createinstructor); $hpassword = md5($rpass); //Hashing the password $createlogin = "******" . $profid . "','" . $hpassword . "')"; $db->send_sql($createlogin); } elseif ($_POST["proftype"] == "admin") { $createinstructor = "INSERT INTO instructor (i_id, i_name,ph_no,i_email,advisor_bool,admin_bool,department) VALUES ('" . $profid . "', '" . $profname . "', '" . $profphone . "', '" . $profmail . "', '0', '1','" . $profdept . "')"; $db->send_sql($createinstructor); $rpass = randomPassword(); echo "Admin has been created and password is "; echo $rpass; $hpassword = md5($rpass); //Hashing the password $createlogin = "******" . $profid . "','" . $hpassword . "')"; $db->send_sql($createlogin); } else {
header('Content-Type: application/json'); $db = new database(); $results = array(); if (isset($_POST['post']) && isset($_POST['for_name']) && $_POST['post'] != '') { if (isset($_POST['showName'])) { $showName = $db->escape($_POST['showName']); if ($showName === true || $showName === 'true') { $showName = 1; } else { $showName = 0; } } else { $showName = 0; } if ($session->checkLoggedIn() === true) { $db->send_sql("insert into ownage(u_id) values ('{$session->uid}')"); $ownage = $db->insert_id(); date_default_timezone_set('UTC'); $post = $db->escape($_POST['post']); $for_name = $db->escape($_POST['for_name']); $query = 'insert into posts(u_id, post, showName, ownage_id, for_name) values (\'' . $session->uid . '\', \'' . $post . '\', \'' . $showName . '\', \'' . $ownage . '\', \'' . $for_name . '\')'; $db->send_sql($query); array_push($results, "success"); } else { array_push($results, "Please log in"); } } else { if (isset($_POST['delete']) && $_POST['delete'] != '') { $delete = $db->escape($_POST['delete']); if ($session->isAdmin()) { $query = 'update posts set hidden=1 where p_id=\'' . $delete . '\'';
<?php session_start(); include "databaseClassMySQLi.php"; //include("projconfig.php"); $db = new database(); $db->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); if (isset($_POST['sit']) && isset($_POST['password'])) { $sit = addslashes(strip_tags($_POST['sit'])); $password = md5($_POST['password']); $sql = "SELECT * FROM login WHERE id='{$sit}' AND password='******' "; $res = $db->send_sql($sql); $row = mysqli_num_rows($res); if ($row > 0) { $_SESSION['cwid'] = $sit; echo 'true'; } else { echo 'false'; } }
if (!isset($_POST["submit"])) { echo 'Please use the form to enter the fields'; } else { $courseprofname = $_POST["courseprofname"]; $db1 = new database(); $db1->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); $courseprofid = "SELECT i_id FROM instructor WHERE i_name='" . $courseprofname . "'"; $res = $db1->send_sql($courseprofid); $courserefid = "SELECT course_id FROM course WHERE i_id='" . $row['i_id'] . "'"; $res1 = $db1->send_sql($courserefid); $db2 = new database(); $db2->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); while (($fetch = mysqli_fetch_array($res1)) != NULL) { $row = $db1->next_row(); $selfile = "SELECT subq_id FROM files WHERE course_id='" . $row1['course_id'] . "'"; $res3 = $db2->send_sql($selfile); $row3 = $db2->next_row(); $selsubq = "SELECT s_id FROM submissionqueue WHERE subq_id='" . $row3['subq_id'] . "'"; $res4 = $db2->send_sql($selsubq); $row4 = $db2->next_row(); $delstud = "DELETE FROM student WHERE s_id='" . $row4['s_id'] . "'"; $res5 = $db2->send_sql($delstud); $delsubq = "DELETE FROM submissionqueue WHERE subq_id='" . $row3['subq_id'] . "'"; $res6 = $db2->send_sql($delsubq); /*$delfile="DELETE FROM files WHERE course_id='".$row1['course_id']."'"; $res7=$db1->send_sql($delfile); /*$delsubt="DELETE FROM submissiontype WHERE course_id='".$row1['course_id']."'"; $res8=$db1->send_sql($delsubt);*/ $delcoursename = "DELETE FROM course WHERE course_id='" . $row['i_id'] . "'"; $res9 = $db2->send_sql($delcoursename);
<head> <title>File upload</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <link rel="stylesheet" type="text/css" href="style.css"> </head> <body bgcolor="#E6E6FA"> <form id = "theForm" action = "add_file.php" method = "POST" enctype = "multipart/form-data"> <?php include "headerStudent.php"; include "databaseClassMySQLi.php"; //include("projconfig.php"); $databaseObj = new database(); $databaseObj->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); $courseid = addslashes(strip_tags($_POST["course"])); $query = "SELECT * FROM submissiontype WHERE course_id='" . $courseid . "'"; $result = $databaseObj->send_sql($query); while ($row = $databaseObj->next_row()) { $jsonData = stripslashes($row['submission_type']); $jsonArray = json_decode($jsonData, true); foreach ($jsonArray as $key => $key_v) { echo "<b>" . $key . ":</b><br>"; foreach ($key_v as $value => $element) { echo "<label for='{$element}'>{$element}</label>"; echo "<input type='file' name='{$element}' /><br/>"; } } } ?> <input type ="hidden" name = "hid" value = "<?php if (isset($_POST['course'])) { echo $_POST['course'];
ob_start(); session_start(); include "databaseClassMySQLi.php"; //include("projconfig.php"); $db = new database(); $db->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); $datab = new database(); $datab->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); if (isset($_POST['sit']) && isset($_POST['password'])) { $sid = addslashes(strip_tags($_POST['sit'])); $password = md5($_POST['password']); // $password=$_POST['password']; $sit = intval($sid); $queryIns = "SELECT * FROM instructor WHERE i_id=" . $sit; $query = "SELECT * FROM login WHERE id='{$sit}' AND password='******' "; $res1 = $db->send_sql($queryIns); $row1 = mysqli_num_rows($res1); $ans = mysqli_fetch_array($res1); $admin_bool = $ans['admin_bool']; $res = $datab->send_sql($query); $row = mysqli_num_rows($res); if ($row1 > 0) { if ($row > 0) { $_SESSION['admin_bool'] = $admin_bool; $_SESSION['cwid'] = $sit; echo 'true'; } } else { echo 'false'; } }
include "Includes/commonFuncs.php"; if (isset($_POST["exercises"]) && isset($_POST["date"]) && isset($_SESSION["username"])) { $exercises = $_POST["exercises"]; $date = $_POST["date"]; $username = $_SESSION["username"]; $db = new database(); $db->pick_db("workoutlog"); $userId = getUserIdFromUsername($username); if ($userId != null) { //Add workout to tbl_workoutlog_workout, get workoutId $stmt = $db->prepare("INSERT INTO tbl_workoutlog_workout (UserId, WorkoutDate) VALUES (?, STR_TO_DATE(?, '%Y-%m-%d'))"); $stmt->bind_param('is', $userId, $date); $stmt->execute(); if ($stmt->affected_rows == 1) { $stmt->free_result(); $res = $db->send_sql("SELECT LAST_INSERT_ID() AS Id"); if ($res->num_rows > 0) { $row = $res->fetch_assoc(); $workoutId = $row['Id']; foreach ($exercises as $exercise) { //Add each exercise to tbl_WorkoutLog_Exercise linking to the workoutId $stmt = $db->prepare("SELECT ExerciseNameId FROM tbl_workoutlog_exercisename WHERE ExerciseName = ?"); $stmt->bind_param('s', $exercise['name']); $stmt->execute(); $stmt->bind_result($exerciseNameId); $stmt->fetch(); $stmt->free_result(); if ($exerciseNameId == null) { //New exercise name, add it to tbl_workoutlog_exercisename $stmt = $db->prepare("INSERT INTO tbl_workoutlog_exercisename (ExerciseName, ExerciseCategory) VALUE (?, ?)"); $stmt->bind_param('ss', $exercise['name'], $exercise['category']);
<?php ob_start(); session_start(); if (!isset($_SESSION['username'])) { header('Location:index.php'); } include "./Class_Database.php"; $db = new database(); //$db->setup("kaushal", "kaushal", "localhost", "jobportaldb"); $userid = $_GET['id']; $query = "Select * from users where id_user={$userid}"; $res = $db->send_sql($query); if (mysql_num_rows($res) > 0) { while ($row = mysql_fetch_array($res)) { $to = stripslashes($row["email_user"]); } } if (isset($res)) { unset($res); } $username = $_SESSION['username']; $query1 = "Select * from admin where username='******' and usertype='admin'"; $res1 = $db->send_sql($query1); if (mysql_num_rows($res1) > 0) { while ($row = mysql_fetch_array($res1)) { $from = stripslashes($row["email"]); } } ?> <html xmlns="http://www.w3.org/1999/xhtml">
<header> <h1> Waiver Request Form</h1><header> <div id="form"> <form id="theForm" method="post" action="upload.php" > <p><label>Select your major:</label> <select name="department" required=""> <option value="" disabled selected>---Select your major-----</option> <?php include "databaseClassMySQLi.php"; //include ("projconfig.php"); $db = new database(); $db->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); $res = $db->send_sql("SELECT DISTINCT department FROM course"); $db1 = new database(); $db1->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); $res1 = $db1->send_sql("SELECT DISTINCT course_id FROM course"); while (($row = mysqli_fetch_array($res)) != NULL) { echo "<option>" . $row['department'] . "</option>"; } ?> </select></p><br> <p> <label for="course">Select the course you wish to enroll:</label> <select name="course" required=""> <option value="" disabled selected>-----Select the course you want the waiver for----</option> <?php while (($row = mysqli_fetch_array($res1)) != NULL) { echo "<option>" . $row['course_id'] . "</option>"; }
<header> <center><h1>Remove Instructor and Remove Course Form</h1></center> </header> <div class="form"> <form id="deletecourse1" name="deletecourse1" action="deletecourse2.php" method="post"> <p><label>Enter the instructor you wish to remove</label></p><br> <select name="courseprofname"> <option>---Select the name of the professor---</option>--> <?php include "databaseClassMySQLi.php"; $db = new database(); $db->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); $res = $db->send_sql("SELECT * FROM instructor"); while (($row = mysqli_fetch_array($res)) != NULL) { echo "<option>" . $row['i_name'] . "</option>"; } ?> </select><br><br> <input type="submit" name="submit"> </form> </div> </div> </body> </html>
<p><label>Enter the pre-requisite course required</label></p><br> <input type="text" name="prerequisite" pattern="^[a-zA-Z]{2,3}[0-9]{3}" title="Enter valid course ID, eg:CS123" required=""><br> <p><label>Enter the name of the professor</label></p><br> <select name="courseprofname" required=""> <option>---Select the name of the professor---</option>--> <?php include "databaseClassMySQLi.php"; //include("projconfig.php"); $db = new database(); $db1 = new database(); $db->setup(DB_USER, DB_PASS, "localhost", DB_NAME); $db1->setup(DB_USER, DB_PASS, "localhost", DB_NAME); $res = $db->send_sql("SELECT DISTINCT i_name FROM instructor"); $res1 = $db1->send_sql("SELECT DISTINCT department FROM course"); //$num_row= mysqli_num_rows($res); while (($row = mysqli_fetch_array($res)) != NULL) { //$row = $db->next_row(); echo "<option>" . $row['i_name'] . "</option>"; //$num_row=$num_row-1; } ?> </select> <p><label>Enter the name of the major</label></p><br> <select name="coursemajor" required=""> <option>---Select the name of the major---</option> <option value="NONE">---Select your major--- <option value="BME">Biomedical Engineering
<fieldset> <legend>Search Result</legend> <?php $search_word = $_POST["search_input"]; if (empty($search_word)) { echo "None input"; } else { $search_word2 = addslashes($search_word); //echo $search_word2; include "../include/DB.php"; $db = new database(); $db->connect(); $query_search_title = "SELECT user.Name,questions.Title,questions.time,questions.QID\r\n\t From `user`\r\n\t\t\t\t INNER JOIN `questions`\r\n\t\t\t\t ON user.UID=questions.UID\r\n\t\t\t\t where Title Like '%{$search_word2}%'\r\n\t"; $query_search_content = "SELECT user.Name,questions.Content,questions.time,questions.QID,questions.Title\r\n\t From `user`\r\n\t\t\t\t\t\t INNER JOIN `questions`\r\n\t\t\t\t\t\t ON user.UID=questions.UID\r\n\t\t\t\t\t\t where Content LIKE '%{$search_word2}%'\r\n\t"; if (!($res_search = $db->send_sql($query_search_title))) { $db->disconnect(); echo "Get search result failed!<br>\n"; return -1; } $i = 0; $num_title = mysqli_num_rows($res_search); while ($i < $num_title) { $content = $res_search->fetch_assoc(); $str = $content['Title']; $rep = "<span style=\"background-color: #66CCFF\">" . $search_word . "</span>"; $str = preg_replace('/' . $search_word . '/i', $rep, $str); echo "<div class=\"jumbotron\">\n"; echo "<h4><a href=\"edit_answer.php?var=" . $content['QID'] . "\" >" . $str . "</a></h4>\n"; echo "<h6>Poster:" . $content['Name'] . "</h6>\n"; echo "<h6>Time:" . $content['time'] . "</h6>\n";
<?php //get //votePost.php?p_id=1&up //votePost.php?p_id=1&down require_once "include/databaseClassMySQLi.php"; require_once "include/session.php"; header('Content-Type: application/json'); $db = new database(); $results = array(); if (isset($_POST['p_id']) && $_POST['p_id'] != '') { $p_id = $db->escape($_POST['p_id']); if (isset($_POST['up'])) { $query = 'select value from post_votes where p_id=\'' . $p_id . '\' and u_id=\'' . $session->uid . '\''; $db->send_sql($query); $row = $db->next_row(); if ($row === false || empty($row)) { $query = 'insert into post_votes (p_id, u_id, value) values(\'' . $p_id . '\', \'' . $session->uid . '\', 1)'; $db->send_sql($query); $query = 'update posts set votes = votes + 1 where p_id=' . $p_id; $db->send_sql($query); } else { $query = 'update post_votes set value=1 where p_id=\'' . $p_id . '\' and u_id=\'' . $session->uid . '\''; $db->send_sql($query); $value = $row['value']; if ($value == -1) { $query = 'update posts set votes = votes + 2 where p_id=\'' . $p_id . '\''; $db->send_sql($query); } } } else {
<a href="emptrash.php"><br/>Trash</a></label></td> </tr> </table> </div> </div> <!--FIRST COLUMN--> <!--SECOND COLUMN--> <div style="float:left; width:70%; background-color:#FFF"> <div style="padding:10px"> <h2>Send Message</h2> <?php $query2 = "Select * from admin_message where to_user='******' and from_user='******'and blockmessage= 1"; //echo $query2; $res2 = $db->send_sql($query2); if (mysql_num_rows($res2) > 0) { echo "You are blocked by {$from_user}"; } else { ?> <form action="empsavesendmessage.php" name="frmmessage" method="post" onSubmit="return ValidateForm(this)"> <table border="0" cellpadding="2" cellspacing="0" style="font-family:Verdana, Geneva, sans-serif; font-size:12px"> <tr> <td id="errormessage" colspan="2" align="left"> <?php if (isset($_GET['e']) && $_GET['e'] == 1) { echo "<b style='color:red'>Please Enter Subject Name!</b>"; } else { if (isset($_GET['e']) && $_GET['e'] == "2") { echo "<b style='color:red'>Please Enter Message Body!</b>";
if ($mime != 'application/pdf') { $databaseObj->__destruct(); header('location:waiver.php'); } } foreach ($_FILES as $x => $x_value) { if (isset($_FILES[$x])) { // Make sure the file was sent without errors if ($_FILES[$x]['error'] == 0) { /*echo $_FILES['uploaded_file']['name']; echo $_FILES['uploaded_file']['type']; echo file_get_contents($_FILES ['uploaded_file']['tmp_name']);*/ // Gather all required data if ($flag == false) { $q = "INSERT INTO submissionqueue (s_id, time_stamp, status, comments) VALUES ('{$s_id}', '" . time() . "', 'Pending', ' ')"; $db->send_sql($q); $q = "SELECT MAX(subq_id) as subq_id FROM submissionqueue"; $r = $db->send_sql($q); while (list($subid) = mysqli_fetch_array($r)) { $subq_id = $subid; } $flag = true; } $name = $databaseObj->escape($_FILES[$x]['name']); $mime = $databaseObj->escape($_FILES[$x]['type']); $data = $databaseObj->escape($_FILES[$x]['tmp_name']); $size = intval($_FILES[$x]['size']); $fhand = fopen($data, 'r'); $content = fread($fhand, filesize($data)); $content = addslashes($content); fclose($fhand);
<?php include "databaseClassMySQLi.php"; if ($_SESSION['admin_bool'] == 1) { include "headerInstructorAdvisor.php"; } else { include "headerInstructor.php"; } if (!isset($_POST["submit"])) { echo 'Please use the form to enter the fields'; } else { $courseid = addslashes(strip_tags($_POST["courseid"])); $coursename = addslashes(strip_tags($_POST["coursename"])); $courseprofname = addslashes(strip_tags($_POST["courseprofname"])); $coursemajor = addslashes(strip_tags($_POST["coursemajor"])); $prerequisite = addslashes(strip_tags($_POST["prerequisite"])); //echo $courseprofid; $db = new database(); $db->setup(DB_USER, DB_PASS, DB_HOST, DB_NAME); $fetchprofid = "SELECT i_id FROM instructor WHERE i_name='" . $courseprofname . "'"; $res = $db->send_sql($fetchprofid); $row = $db->next_row(); $courseprofid = $row['i_id']; $createcourse = "INSERT INTO course (course_id,course_name,i_id,department,prerequisite) VALUES ('" . $courseid . "', '" . $coursename . "', '" . $courseprofid . "', '" . $coursemajor . "','" . $prerequisite . "')"; $db->send_sql($createcourse); echo "<html><body><h1> Course Created successfully </h1></body></html>"; } //} ?> </body> </html>
<!--Inbox--> <div style="float:left; width:70%; background-color:#FFF"> <div style="padding:10px"> <hr size="1" color="#069" align="center"> <h2>Deleted Message</h2> <hr size="1" color="#069" align="center"> <br/> <?php include "./Class_Database.php"; $db = new database(); //$db->setup("kaushal", "kaushal", "localhost", "jobportaldb"); $username = $_SESSION['username']; $query = "select * from users where name_user='******' "; //echo $query; $res = $db->send_sql($query); if (mysql_num_rows($res) > 0) { while ($row = mysql_fetch_array($res)) { $from = stripslashes($row["email_user"]); //echo $from; } } if (isset($res)) { unset($res); } //$username = $_SESSION['username']; $query = "Select * from admin_message where (from_user='******'and is_deletesent=1) or (to_user='******' and is_delete=1)"; //echo $query; //echo $query; $res = $db->send_sql($query); //If Experience Detail is available show them in one table.
} } ?> <div class="container"> <fieldset> <legend>Articles</legend> <?php $db = new database(); $db->connect(); $query_article = "SELECT user.Name,article.*,user.UID\r\n FROM `user`\r\n\t\t\t\tINNER JOIN `article`\r\n\t\t\t\tON user.UID=article.UID\r\n"; if (!($res_article = $db->send_sql($query_article))) { $db->disconnect(); echo "Get Questions failed!<br>\n"; return -1; } $i = 0; $num = mysqli_num_rows($res_article); while ($i < $num) { $content = $res_article->fetch_assoc(); echo "<div class=\"jumbotron\">\n"; echo "<h4><a href=\"article_view.php?var=" . $content['ArtID'] . "\">" . $content['Title'] . "</a></h4>"; echo "<h6>Author:" . $content['Name'] . "</h6>\n"; echo "<h6>Time:" . $content['Time'] . "</h6>\n"; echo "</div>"; $i++; }
<?php ob_start(); session_start(); include "./Class_Database.php"; $db = new database(); //$db->setup("kaushal", "kaushal", "localhost", "jobportaldb"); $query = "Select * from admin where id_admin='1'"; if ($res = $db->send_sql($query)) { if (mysql_num_rows($res) > 0) { while ($row = mysql_fetch_array($res)) { $contactus = str_replace("\n", "<br/>", stripslashes($row["contactus"])); } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Contact Us</title> <link rel="stylesheet" type="text/css" media="screen" href="css/maincss.css"> <script type="text/javascript"> function ShowJsLogin() { document.getElementById("JS").style.color="#FFF"; document.getElementById("EMP").style.color="#045"; document.getElementById("L1").innerHTML="<form action='login.php' method='post' name='loginform'><label for='username'>Username:</label><input type='text' name='username' placeholder='Username' /><label for='password'>Password:</label><input type='password' name='password' placeholder='Password' /><input type='hidden' name='usertype' value='JobSeeker' /><br /><input type='submit' name='login' value='Login' /></form><form action='register.php' method='post' name='registerform' style='font-size:10px'><br /><label style='font-family:Verdana, Geneva, sans-serif'>Don't Have a JobSeeker Account?</label><input type='submit' style='border:none; background:none; cursor:pointer; padding:0; font-family:Tahoma, Geneva, sans-serif; font-size:11px; font-weight:bold' name='register' value='Register' /><br /><br /><a href='forget.php' style='text-decoration:none; color:#000'>Forgot your Username/Passwod?</a><input type='hidden' name='usertype' value='JobSeeker' /></form>"; }
<?php ob_start(); session_start(); if (!isset($_SESSION['username'])) { header('Location:index.php?profile=EMP'); } //include("Combo_Values.php"); $id = $_SESSION['userid']; if (isset($id)) { include "./Class_Database.php"; $db = new database(); //$db->setup("root", "", "localhost", "jobportaldb"); $Query = "SELECT * from emp_personalinfo where id_user={$id}"; $res = $db->send_sql($Query); while ($row = mysql_fetch_array($res)) { $companyname = stripslashes($row['companyname']); $companyprofile = stripslashes($row['companyprofile']); $companytype = stripslashes($row['companytype']); $contactpersonfirstname = stripslashes($row['contactpersonfirstname']); $contactpersonlastname = stripslashes($row['contactpersonlastname']); $designation = stripslashes($row['designation']); $phonenumber = stripslashes($row['phonenumber']); $mobilenumber = stripslashes($row['mobilenumber']); $email = stripslashes($row['email']); $url = stripslashes($row['url']); $address1 = stripslashes($row['address1']); $address2 = stripslashes($row['address2']); $city = stripslashes($row['city']); $state = stripslashes($row['state']); $zip = stripslashes($row['zip']);