function setFromPost() { global $strEvent; if (isset($_POST["person"])) { $this->person_id = quote_smart($_POST["person"]); } if (isset($_POST["frmChild"])) { $this->child_id = quote_smart($_POST["frmChild"]); } if (isset($_POST["frmGender"])) { $this->gender = $_POST["frmGender"]; } //Ignore the rest if we don't need them if (!isset($_POST["frmSurname"])) { return; } @($frmBCert = $_POST["frmBCert"]); if ($frmBCert == "") { $frmBCert = "N"; } @($frmDCert = $_POST["frmDCert"]); if ($frmDCert == "") { $frmDCert = "N"; } $this->name = new Name(); $this->name->setFromPost(); $this->death_reason = htmlspecialchars($_POST["frmDeathReason"], ENT_QUOTES); $this->mother = new PersonDetail(); @($this->mother->person_id = $_POST["frmMother"]); $this->father = new PersonDetail(); @($this->father->person_id = $_POST["frmFather"]); $this->narrative = add_quotes($_POST["frmNarrative"]); }
echo $requiredErr; } else { $required = test_input($_POST["required"]); } if (!(empty($_POST["title"]) || empty($_POST["description"]) || empty($_POST["duties"]) || empty($_POST["required"]))) { //Add quotations $title = add_quotes($_POST["title"]); $description = add_quotes($_POST["description"]); $duties = add_quotes($_POST["duties"]); $required = add_quotes($_POST["required"]); $expyear = test_input($_POST["expyear"]); $expday = test_input($_POST["expday"]); $expmonth = test_input($_POST["expmonth"]); $expDate = $expyear . "-" . $expmonth . "-" . $expday; $expDate = add_quotes($expDate); $type = add_quotes($_POST["type"]); $deploc = test_input($_POST["deploc"]); $expDate = $expyear . "-" . $expmonth . "-" . $expday; $sqlQueryInsertJob = "INSERT INTO joblisting VALUES " . "((getLastJobID() + 1), curdate(), DATE(\"{$expDate}\"), curtime(), " . "{$title}, {$description}, {$duties}, {$required}, " . "{$type}, {$deploc}, {$empID});"; //echo $sqlQueryInsertJob; if ($conn->query($sqlQueryInsertJob) === TRUE) { echo "<h3>Job added Successfully!</h3>"; } else { echo "Error: " . $sql . "<br>" . $conn->error; } } /* if (empty($_POST["deploc"])) { $deplocErr = "Required experience is required"; } else { $required = test_input($_POST["required"]);
<td><textarea name="coverletter" cols="50" rows="15"></textarea></td> </tr> <tr> <td></td> <td><input name="Submit1" type="submit" value="Submit Application" /></td> </tr> </table> <?php $resume = $coverletter = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $resume = test_input($_POST["resume"]); $coverletter = test_input($_POST["coverletter"]); $resume = add_quotes($resume); $coverletter = add_quotes($coverletter); if (!(empty($_POST["resume"]) || empty($_POST["coverletter"]))) { $sqlQueryAddResume = "INSERT INTO `resume` VALUES (getLastResumeID() + 1, {$resume}, NULL)"; $sqlQueryAddCoverLetter = "INSERT INTO coverletter VALUES (getLastCoverLetterID() + 1, {$coverletter}, NULL)"; $sqlQueryApply = "INSERT INTO application VALUES " . "((getLastAppID() + 1), curdate(), {$appID}, {$jobID}, getLastResumeID(), getLastCoverLetterID())"; //echo $sqlQueryApply; if ($conn->query($sqlQueryAddResume) === TRUE && $conn->query($sqlQueryAddCoverLetter) === TRUE && $conn->query($sqlQueryApply) === TRUE) { echo "<h3>Application Successful!</h3>"; } else { echo "Error: " . $sql . "<br>" . $conn->error; } } } function add_quotes($data) { return "\"" . $data . "\"";