avillanu

Well it's just a rating script for a content site, I don't think anybody would go through the trouble of really going out of their way to find a workaround.

Well I'll be releasing my script for free, I just want my users to have the easiest time possible. Thanks everyone for the help.

I forgot to mention that this script will be released for free and help small-time webmasters, so your contribution will help the good of humanity

Site: http://www.crawfordresearch.com/arcade/ This is one of my first PHP scripts, so please be forgiving. I would also highly appreciate it if you guys had any suggestions. Note: I know that users can vote multiple times, I'm working on a solution for this. Thanks Alex

Wouldn't the IP database eventually get huge if there is one row for every vote?

ok, would the best way to do this is with IP addresses or is there another way?

MySQL I forgot to mention: I've done a bit of googling and seen some solutions. But what makes mine a bit more complex is that it's okay for users to vote on multiple pieces of content, just not on the same one.

In my CMS I have a rating program where people can rate each piece of content. Fairly simple to implement - the only problem is that voters can vote multiple times. Anyone know a way to prevent this?

Would it be okay to put it in the query or should it be before it as suggested by hackerkts?

I've fully read http://us.php.net/manual/en/function.mysql-real-escape-string.php and I'm still confused. Everyone has their own "best practice" code and they're all different. I've done extensive googling and it's the same. This is a huge headache as everyone is acting like an authority.. This is what I'm planning to do for my script. Please let me know of any shortcomings. 1) [Example 1442 in link] - add mysql_real_escape_string to ALL MySQL queries. Would this be enough? It would seem this would catch anything. 2) $id = intval($_GET['id']) instead of a simple $_GET['id']. Would this be necessary if I do the previous prevention method (1) and is there some code that be used if the variable passed is a string? Also, how are these methods affected if magic_quotes_gpc is onor off?

I have a simple division between two variables but I'd like the output to only show the answer with two decimal places and truncate the rest. Is there anyway to do this?

Working, thanks

I'm rewriting my first script (CMS). As you can imagine, it's written like a newbie. I haven't learned OOP yet so nothing revolutionary, but I'd like to made the code cleaner and more secure. My thoughts: * Anti-MySQL Injection Use: $id = intval($_GET['id']) What should I use regarding username/password and strings passed by the users? * Make variables more memorable/descriptive * Should I bother using LOCK tables? I have a basic CMS which tracks views, user ratings and such. More info here: http://www.php-mysql-tutorial.com/mysql-update-and-delete.php * Add indents to make code more readable. * Should I add MySQL close connect? I see this is some tutorial examples and not in others. * Should I use functions? something like displayTopContent(); instead of having multiple lines of code...once again this would make the code much more readable, are there any drawbacks to doing this? Any other suggestions would be greatly appreciated.

Thanks - it does work when I remove the desc part... 'desc' however does not work...I'd really prefer not having to rename the column, any ideas how this can be done?

OK I inserted the code as instructed. This is what I got: Problem with Query: update generic_games set name = '12 Holes of X-Mazzzx', desc = 'Pick your putter and go out to putt a hole in one.Move the ball to where you want it then click,move your mouse according to the arrow then click to shoot the ball, and play all twelve holes', image = '12 Holes of X-Mas.png', filename = '12 Holes of X-Mas.swf', cat = '1' where id='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc = 'Pick your putter and go out to putt a hole in one.Move the ball to where' at line 2

I have spent a good amount of time testing this. Does not work: $query31 = "update generic_games set name = '$name' where id='$id'"; $result31 = mysql_query($query31); $query31 = "update generic_games set name = '$name', desc = '$desc', image = '$image', filename = '$filename', cat = '$cat' where id='$id'"; $result31 = mysql_query($query31); Neither gives any error. The problem seems to be when I add multiple columns to update. I have done tons of googling and they all seem to say to separate columns with a simple comma...

I'm not sure if that would solve any problem I have? My main question is if using that sort of URL would hurt me in anyway

In my site I have a lot of content title with spaces. This makes some odd looking formatting: http://www.domain.com/file.php?name=word1%20word2 Should I be concerned with the %20? I plan on implementing some sort of search engine friendly URLs using mod rewrite soon.. What commands can I use to parse to remove it?

I'd like to have a "daily views" for my CMS. Of course, this number would reset every 24 hours. Would this be possible without a crontab?

Much appreciated.

Well my script is set up like this: www.domain.com/page.php?id=25 would jesirose's solution work?

I'd like to have a rating system for my CMS. I know how I'll set up the database. I'm just running into a very small problem regarding the form: <form method="post" action="rate.php"> <select name="rating"> <option value="1">1</option> <option value="2">2</option> <option value="3">3</option> <option value="4">4</option> <option value="5">5</option> </select> <input type="submit" name="submit" value="Rate" /> </form> The small problem is I don't know how to pass the content id (a number) to the form. How would I do this?

Thanks

I'm trying to create a table using a MySQL fetch array while loop that would look like this: CONTENT1 CONTENT2 CONTENT3 CONTENT4 CONTENT5 CONTENT6 I need a <TR></TR> for every other piece of content. But I don't know how to do this with a loop that uses a MySQL fetch array while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { PHP CODE THAT IS LOOPED;}; I'm trying to remember from my old college Java class that we did something with loops for whenever the counter variable was even the loop would do something special...I don't know if this is possible with a while+mysql_fetch_array loop though

Interesting...I've done a little research and it seems that I could simply create an excel file with the values I want. So I'm thinking: Use a simple PHP file to create the database column attributes I would like (mediumint, autoincrement and such) and then import an excel file. Would this work? Any drawbacks?