fuuumanchu Posted July 2, 2008 Share Posted July 2, 2008 I'm somewhat a newbie in php & mysql. This one has me stumped. I've modified the poll below to conform to my database but I can't for the life of me figure out why this is not updating it or inserting as it should. Note that I use dreamweaver but for this php page I removed the "GetValueString" function which prevents sql injection attacks. Please, please help. I'm I missing something? Also note that I removed the recordsets from here. Thanks! <?php require_once('Connections/connQuery.php'); ?> <?php $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } // function to examine and secure mysql input function escape_data ($data) { global $dbc; $data = htmlentities($data); if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string(trim($data),$dbc); } // when poll is submitted: if ((isset($_POST['choice'])) && ($_POST['choice'] == 'form')) { // set check point variables: (see if user has taken poll before) // each IP is allowed to take the test twice, in case two members of a household // want to vote separately - all data is verified to protect against SQL injection // attack $chart = mysql_fetch_array($rsDisplaygumor,MYSQL_ASSOC); $rsDisplayGumor = escape_data($_POST['poll_name']); $ip = escape_data($_POST['ip']); $match_ip = escape_data($_POST['match_ip']);//new ip value $field = escape_data($_POST['choice']); // create new mysql queries $check = mysql_query("SELECT * FROM poll_ip WHERE poll_ip.ip='$ip' AND post_id = $colname4_rsDisplayGumor");//query poll_ip fields $poll_ip = "INSERT INTO poll_ip VALUES ('','$ip',1)";//insert user's ip $up_poll_ip = "UPDATE poll_ip SET ip_inc=ip_inc+1";//update number of uses $poll_update = "UPDATE post_table SET $field=$field+1 WHERE poll_ip.ip='$ip' AND post_id = $colname6_rsDisplayGumor"; // update poll for selected choice // see if this IP address has already taken the poll, update if not // change $ip_reg == to 2, 3, 4.. if you want to adjust multiple voting $checkquery = mysql_fetch_array($check, MYSQL_ASSOC); $ip_reg = $checkquery['ip_inc']; if (isset($checkquery['ip'])) { if ($ip_reg == 1) { $update_ip = mysql_query($up_poll_ip); $update_poll = mysql_query($poll_update); } else { // alert if poll has already been taken twice at this IP echo "<p>$alert</p>"; } } else { $update_ip = mysql_query($poll_ip); $update_poll = mysql_query($poll_update); } mysql_select_db($database_connQuery, $connQuery); $Result1 = mysql_query($field, $poll_update, $connQuery) or die(mysql_error()); } ?> //process the form <form action="<?php echo $editFormAction; ?>" method= "POST" name="form" id="poll-form"> <p> <input type='radio' name='choice' value='choice1' id='choice1' /><label for='choice1'>True</label> <input type='hidden' name='poll_name' id= 'poll_name' value='$chart' /> <input type='hidden' name='ip' value='$ip_match' /> <br /> <input type='radio' name='choice' value='choice2' id='choice2' /><label for='choice2'>False</label> </p> <p> <input type='submit' value='Vote' class='button' /><br /> </p> </form> <div id='poll_footer'> <?php mysql_free_result($match_ip); mysql_free_result($rsDisplayGumor); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.