fuuumanchu Posted July 2, 2008 Share Posted July 2, 2008 I'm somewhat a newbie in php & mysql. This one has me stumped. I've modified the poll below to conform to my database but I can't for the life of me figure out why this is not updating it or inserting as it should. Note that I use dreamweaver but for this php page I removed the "GetValueString" function which prevents sql injection attacks. Please, please help. I'm I missing something? Also note that I removed the recordsets from here. Thanks! <?php require_once('Connections/connQuery.php'); ?> <?php $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } // function to examine and secure mysql input function escape_data ($data) { global $dbc; $data = htmlentities($data); if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string(trim($data),$dbc); } // when poll is submitted: if ((isset($_POST['choice'])) && ($_POST['choice'] == 'form')) { // set check point variables: (see if user has taken poll before) // each IP is allowed to take the test twice, in case two members of a household // want to vote separately - all data is verified to protect against SQL injection // attack $chart = mysql_fetch_array($rsDisplaygumor,MYSQL_ASSOC); $rsDisplayGumor = escape_data($_POST['poll_name']); $ip = escape_data($_POST['ip']); $match_ip = escape_data($_POST['match_ip']);//new ip value $field = escape_data($_POST['choice']); // create new mysql queries $check = mysql_query("SELECT * FROM poll_ip WHERE poll_ip.ip='$ip' AND post_id = $colname4_rsDisplayGumor");//query poll_ip fields $poll_ip = "INSERT INTO poll_ip VALUES ('','$ip',1)";//insert user's ip $up_poll_ip = "UPDATE poll_ip SET ip_inc=ip_inc+1";//update number of uses $poll_update = "UPDATE post_table SET $field=$field+1 WHERE poll_ip.ip='$ip' AND post_id = $colname6_rsDisplayGumor"; // update poll for selected choice // see if this IP address has already taken the poll, update if not // change $ip_reg == to 2, 3, 4.. if you want to adjust multiple voting $checkquery = mysql_fetch_array($check, MYSQL_ASSOC); $ip_reg = $checkquery['ip_inc']; if (isset($checkquery['ip'])) { if ($ip_reg == 1) { $update_ip = mysql_query($up_poll_ip); $update_poll = mysql_query($poll_update); } else { // alert if poll has already been taken twice at this IP echo "<p>$alert</p>"; } } else { $update_ip = mysql_query($poll_ip); $update_poll = mysql_query($poll_update); } mysql_select_db($database_connQuery, $connQuery); $Result1 = mysql_query($field, $poll_update, $connQuery) or die(mysql_error()); } ?> //process the form <form action="<?php echo $editFormAction; ?>" method= "POST" name="form" id="poll-form"> <p> <input type='radio' name='choice' value='choice1' id='choice1' /><label for='choice1'>True</label> <input type='hidden' name='poll_name' id= 'poll_name' value='$chart' /> <input type='hidden' name='ip' value='$ip_match' /> <br /> <input type='radio' name='choice' value='choice2' id='choice2' /><label for='choice2'>False</label> </p> <p> <input type='submit' value='Vote' class='button' /><br /> </p> </form> <div id='poll_footer'> <?php mysql_free_result($match_ip); mysql_free_result($rsDisplayGumor); ?> Link to comment https://forums.phpfreaks.com/topic/112995-php-poll-unable-to-insert-or-update-database/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.