Jump to content

Recommended Posts

I'm somewhat a newbie in php & mysql.  This one has me stumped. I've modified the poll below to conform to my database but I can't for the life of me figure out why this is not updating it or inserting as it should.  Note that I use dreamweaver but for this php page I removed the "GetValueString" function which prevents sql injection attacks. Please, please help.  I'm I missing something? Also note that I removed the recordsets from here. Thanks!

 

<?php require_once('Connections/connQuery.php'); ?>
<?php


$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
  
}


// function to examine and secure mysql input
function escape_data ($data) {
        global $dbc;
	$data = htmlentities($data);
        if (ini_get('magic_quotes_gpc')) {
            $data = stripslashes($data);
            }
        return mysql_real_escape_string(trim($data),$dbc);
        }										 






// when poll is submitted:
if ((isset($_POST['choice'])) && ($_POST['choice'] == 'form')) {
// set check point variables: (see if user has taken poll before) 
// each IP is allowed to take the test twice, in case two members of a household
// want to vote separately - all data is verified to protect against SQL injection 
// attack



$chart = mysql_fetch_array($rsDisplaygumor,MYSQL_ASSOC);
$rsDisplayGumor = escape_data($_POST['poll_name']);
$ip = escape_data($_POST['ip']);
$match_ip = escape_data($_POST['match_ip']);//new ip value
$field = escape_data($_POST['choice']);
// create new mysql queries
$check = mysql_query("SELECT * FROM poll_ip WHERE poll_ip.ip='$ip' AND post_id = $colname4_rsDisplayGumor");//query poll_ip fields
$poll_ip = "INSERT INTO poll_ip VALUES ('','$ip',1)";//insert user's ip
$up_poll_ip = "UPDATE poll_ip SET ip_inc=ip_inc+1";//update number of uses
$poll_update = "UPDATE post_table SET $field=$field+1 WHERE poll_ip.ip='$ip' AND post_id = $colname6_rsDisplayGumor";




// update poll for selected choice
// see if this IP address has already taken the poll, update if not
// change $ip_reg ==  to 2, 3, 4.. if you want to adjust multiple voting
$checkquery = mysql_fetch_array($check, MYSQL_ASSOC);
$ip_reg = $checkquery['ip_inc'];
if (isset($checkquery['ip'])) {
    	if ($ip_reg == 1) {
        $update_ip = mysql_query($up_poll_ip);
        $update_poll = mysql_query($poll_update);
        } else {
        // alert if poll has already been taken twice at this IP
    	echo "<p>$alert</p>";
        }
	} else {
	$update_ip = mysql_query($poll_ip);
        $update_poll = mysql_query($poll_update);
	} 

  mysql_select_db($database_connQuery, $connQuery);
  $Result1 = mysql_query($field, $poll_update, $connQuery) or die(mysql_error());

}
?>


//process the form



<form action="<?php echo $editFormAction; ?>" method= "POST" name="form" id="poll-form"> 

<p>
  <input type='radio' name='choice' value='choice1' id='choice1' /><label for='choice1'>True</label>
  <input type='hidden' name='poll_name' id= 'poll_name' value='$chart' />
  <input type='hidden' name='ip' value='$ip_match' />
  <br />
<input type='radio' name='choice' value='choice2' id='choice2' /><label for='choice2'>False</label>
</p>

<p>
<input type='submit' value='Vote' class='button' /><br />
</p>

</form>
<div id='poll_footer'>


<?php
mysql_free_result($match_ip);

mysql_free_result($rsDisplayGumor);
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.