function AddData($conn)
{
global $x_jobid, $user;
$sFilter = ewSqlKeyWhere;
// Check for duplicate key
$bCheckKey = true;
if (@$x_jobid == "" || is_null(@$x_jobid)) {
$bCheckKey = false;
} else {
$sFilter = str_replace("@jobid", AdjustSql($x_jobid), $sFilter);
// Replace key value
}
if ($bCheckKey) {
$sSqlChk = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
$rsChk = phpmkr_query($sSqlChk, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSqlChk);
if (phpmkr_num_rows($rsChk) > 0) {
$_SESSION[ewSessionMessage] = "Duplicate value for primary key";
phpmkr_free_result($rsChk);
return false;
}
phpmkr_free_result($rsChk);
}
// Field onlineuser_onlineuserid
$fieldList["`onlineuser_onlineuserid`"] = $user->onlineuserId;
// Field job_status
$fieldList["`job_status`"] = " 'active'";
// Field expiry
$fieldList["`dt_expire`"] = "'" . expiryDate() . "'";
// Field position
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_position"]) : $GLOBALS["x_position"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`position`"] = $theValue;
// Field overview
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_overview"]) : $GLOBALS["x_overview"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`overview`"] = $theValue;
// Field salary
$theValue = $GLOBALS["x_salary"] != "" ? intval($GLOBALS["x_salary"]) : "NULL";
$fieldList["`salary`"] = $theValue;
// Field bonus
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_bonus"]) : $GLOBALS["x_bonus"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`bonus`"] = $theValue;
// Field benifits
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_benifits"]) : $GLOBALS["x_benifits"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`benifits`"] = $theValue;
// Field location
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_location"]) : $GLOBALS["x_location"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`location`"] = $theValue;
// Field company
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_company"]) : $GLOBALS["x_company"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`company`"] = $theValue;
// Field profile
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_profile"]) : $GLOBALS["x_profile"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`profile`"] = $theValue;
// Field contact_email
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_contact_email"]) : $GLOBALS["x_contact_email"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`contact_email`"] = $theValue;
// Field link
$theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_link"]) : $GLOBALS["x_link"];
$theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL";
$fieldList["`link`"] = $theValue;
// Inserting event
if (Recordset_Inserting($fieldList)) {
// Insert
$sSql = "INSERT INTO `job` (";
$sSql .= implode(",", array_keys($fieldList));
$sSql .= ") VALUES (";
$sSql .= implode(",", array_values($fieldList));
$sSql .= ")";
phpmkr_query($sSql, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql);
$result = phpmkr_affected_rows($conn) > 0;
// Inserted event
if ($result) {
Recordset_Inserted($fieldList);
}
} else {
$result = false;
}
return $result;
}
$id = intval($_POST["id"]);
}
if ($id > 0) {
$isNew = 0;
$supplier = $supplier->Get($id);
//check to see user has access to modify this object
$user->canAccess($supplier);
} else {
//new object
$isNew = 1;
$supplier->onlineuser_onlineuserid = $user->onlineuserId;
//default link
$supplier->link = "http://";
//free for now
$supplier->supplier_status = 'active';
$supplier->dt_expire = expiryDate();
}
//check if form is being submitted
if ((bool) $_POST["submitting"]) {
$isNew = $_POST["isNew"];
$supplier->logo = $_POST["currentFilename"];
$supplier->name = $_POST["name"];
$supplier->description = $_POST["description"];
$supplier->link = $_POST["link"];
$supplier->tel = $_POST["tel"];
$supplier->supplier_category_id = (int) $_POST["category"];
$tempFilename = $_FILES["logo"]["tmp_name"];
if ($tempFilename != "") {
$supplier->logo = generateFilename($user->onlineuserId, $_FILES["logo"]["name"]);
move_uploaded_file($tempFilename, "logos/{$supplier->logo}");
}
<?php
require "common_user.php";
require "top.php";
$class = stripslashes($_GET["type"]);
$id = (int) $_GET["id"];
$newExpiryDate = expiryDate();
if ($class == "gold_membership" || $class == "platinum_membership") {
$newExpiryDate = expiryYear();
}
if ($class == "Job") {
$db = new DatabaseConnection();
$db->Query("update job set job_status = 'active', dt_expire='{$newExpiryDate}' where onlineuser_onlineuserid={$user->onlineuserId} and jobid={$id}");
} else {
$object = new $class();
$object = $object->Get($id);
if (isSuperUser(false) || $user->canAccess($object)) {
/* no point check this, where if an object is live or not are determined by status and expiry date
$expires=strtotime($object->dt_expire);
if (date("U") > $expires){
// at this point the advert has already expired
// maybe redirect to a pay now link ?
exit;
}
*/
$status = $class . "_status";
$object->{$status} = "active";
$object->dt_expire = $newExpiryDate;
$object->Save();
} else {
// this user is not allowed to access this resource