0

i think i have a problem in my code , i have page that displays a list of jobs available with two buttons one to show the job profile 'profile' and the second to apply for the job 'apply', the expected result when hitting apply is to have the applied job disappeared from the list of all available jobs. The code works just fine on localhost, but after uploading it to server, I have to refresh the page after clicking apply to see the result of the action made. This is the code of AvailableJobs.php:

 <?php $sql1= "SELECT * FROM Job"; // select all the Job
$result1= mysqli_query($conn,$sql1);                 
while($row1=mysqli_fetch_array($result1))
{ $JobName= $row1['JobName'];
    $JID= $row1['JobID']; 
    $OrgID= $row1['OrgID']; // get the Org ID for the available Job 

$sql10=" SELECT * FROM JobStudent WHERE JobID='$JID' AND StudentID='$SID'";
$resultss = mysqli_query($conn,$sql10);
$numResults = mysqli_fetch_array($resultss);
if ($numResults == 0) { 

 $sql2="SELECT * FROM RequestedOrganization WHERE OrgID='$OrgID'"; 
$result2= mysqli_query($conn,$sql2);                     
  while($row2=mysqli_fetch_array($result2))
{ $OrgGPA= $row2['GPA'];
    $OrgTrack= $row2['Track']; 
    $Priority= $row2['priorityGT'];
} 
 ?>  
<li><input disabled style="border:none; margin-bottom: 10px; width:100%;" name="JobName" value="<?php echo $row1['JobName'];?>"> </li> <?php
 echo "<form action='AvailableJobAction_page.php' method='POST'>
<input type='hidden' name='tempId' value='$JID'/>
<input style='border-radius: 12px; margin-bottom: 10px; background-color: #ccc;' type='submit' class='right' name='submit-btn' value='Apply' onclick='return func1()'/>
</form>"; 
echo "<form action='OrgProfileSS.php' method='POST'>
<input type='hidden' name='temppId' value='$JID'/>
<input type='hidden' name='tempppId' value='$OrgID'/>
<input style='border-radius: 12px; background-color: #ccc;' type='submit' name='submit-btnn' class='right' value='Profile'/>
</form><br/>"; ?>

this is the execute page AvailableJobAction_page.php:

$USER=$_SESSION['login_user']; 

if (isset($_POST['submit-btn'])){ 
$Jobid=$_POST['tempId'];  // J ID


$Sql="SELECT * FROM Job WHERE JobID='$Jobid'";
$Result2= mysqli_query($conn,$Sql);
while ( $Row1 =mysqli_fetch_array($Result2)){ 
$JN= $Row1['JobName']; 
$orgid= $Row1['OrgID']; 

$Sql10="SELECT * FROM Employer WHERE EmployerID='$orgid'";
$Result10= mysqli_query($conn,$Sql10);
while ( $Row10 =mysqli_fetch_array($Result10)){ 
$EmpEmail= $Row10['EmailAccount']; 
}  

}     

$sql="SELECT * FROM Student WHERE KsuEmailStuent='$USER'"; // Get S ID 
$result2= mysqli_query($conn,$sql);
while ( $row1 =mysqli_fetch_array($result2)){ 
$StID= $row1['StudentID']; 
}  

$sql4="SELECT * FROM JobStudent WHERE StudentID='$StID' AND JobID='$Jobid'";
$result4= mysqli_query($conn,$sql4);
$rows= mysqli_num_rows($result4);
if ($rows>0){
echo "<script type='text/javascript'>alert('You Already Applied before!')</script>";
echo "<script>window.location.href='AvailableJobs.php';</script>";
}else{ 
$sql4="INSERT INTO JobStudent (JobID,StudentID,Status) VALUES ('$Jobid','$StID','Pending')"; 
$result4= mysqli_query($conn,$sql4);

$sql1="SELECT * FROM Job WHERE JobID='$Jobid'";
$result1= mysqli_query($conn,$sql1);
while ( $row2 =mysqli_fetch_array($result1)){ 
$Nos= $row2['NoOfAppliedstudnets']; 
}   
$Nos++; 
$sql3= "UPDATE Job SET NoOfstudnets='$Nos' WHERE JobID='$Jobid'"; 
$result3= mysqli_query($conn,$sql3);

$to =  $USER; // Send Email with the new Pass 
$subject = "Applied done sucsessfully!";
$message = "Your request have been sent, Please wait for response from employer and note that you can view your request status in your account home";
$message = wordwrap($message,70);
//$headers = "From : Admin@PTN.com";
if(mail($to, $subject, $message)){
echo "<script type='text/javascript'>alert('Applied done sucsessfully!')</script>";
echo "<script>window.location.href='AvailableJobs.php';</script>";
}else{
echo "<script type='text/javascript'>alert('Erorr in send Email ')</script>";
echo "<script>window.location.href='AvailableJobs.php';</script>";
}   

$to =  $EmpEmail; // Send Email with the new Pass 
$subject = "New student have Applied!";
$message = "New student have Applied to this Job ".$JN ;
$message = wordwrap($message,70);
//$headers = "From : Admin@PTN.com";
mail($to, $subject, $message);  
}
}   
else echo "<script type='text/javascript'>alert('ERROR!')</script>";
Philip Brack
  • 1,340
  • 14
  • 26
Sara
  • 1
  • 2
    Welcome to Stackoverflow! Your code is a mess, I'm not trying to read that. – caramba Dec 08 '17 at 18:51
  • thank you, mostly i would be as tidy as i can but unfortunately, this time i don't have time. it's up to you, but i hope someone else can help – Sara Dec 08 '17 at 18:59
  • This doesn't answer your question, because I'm not reading through your code, but your code is vulnerable to SQL injection. Use [parameterized queries](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – AuxTaco Dec 08 '17 at 19:53

1 Answers1

0

change the code in the part :

$sql10=" SELECT * FROM JobStudent WHERE JobID='$JID' AND StudentID='$SID'";
$resultss = mysqli_query($conn,$sql10);

change the check to first mysqli_num_rows instead of mysqli_fetch_array

$numResults = mysqli_num_rows($resultss);
if ($numResults == 0) {
shushu304
  • 1,506
  • 1
  • 7
  • 15