Jump to content

Recommended Posts

Hey Guys and I'm sorry for this title but I can't think of a way to briefly describe this problem.

 

I have a file cakked "loggedin.php" which sends the variable $votername to the file called "sendtodb.php"

 

This is "sendtodb.php":

 

 

<?php
$host="localhost"; 
$username="********"; 
$password="********"; 
$db_name="********";  
$tbl_name="sample_voter";


mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


if (isset($_GET['votername'])) {
$votername = $_GET['votername'];
}


mysql_query("INSERT INTO $tbl_name(votername,votecount) VALUES ($votername,1)
  ON DUPLICATE KEY UPDATE votecount=votecount+1");


mysql_query("UPDATE table SET votecount=votecount+1 WHERE votername=$votername");


mysql_close();
?>
 

And this is how it should work:

 

The variable gets sent to "sendtodb.php" which checks if a row for $votername exists and if it doesn't then it adds a row and sets votecount (Its set as an INT in the MySql table) as 1 and if a row for $votername exists then it adds another 1 to the current value in votecount.

 

I am still learning PHP so I am a little confused as to why nothing happens in my database.

 

Is there a fault in the code somewhere?

 

Thanks,

Oskar

Link to comment
https://forums.phpfreaks.com/topic/275388-my-code-doesnt-work/
Share on other sites

1. You're not checking for SQL errors. See my signature.

2. Don't put variables in strings when they don't need to be. ("$host").

3. DO put variables in strings when they DO need to be. (in your queries when you send a string, mysql needs to know it's a string)

4. Your code appears to put in 2 votes per person.

Link to comment
https://forums.phpfreaks.com/topic/275388-my-code-doesnt-work/#findComment-1417357
Share on other sites

t is a good idea to get into the habit of always properly debugging code throughout the development process.

A good way of debugging SQL is to first store both the SQL statement and the actual call to the query in variables to be able to check their return values.

It is important to check the return value of mysql_query to make sure that the query did in fact work and did not return a boolean false value. We can do this as follows:

 

 

$sql = "INSERT INTO $tbl_name (votername, votecount) VALUES ('$votername', 1) ON DUPLICATE KEY UPDATE votecount = votecount + 1";
$result = mysql_query($sql);
if(!$result) //query failed, output error(s) and SQL statement
{
  echo "Error: " . mysql_error() . "<br>SQL: " . $sql;
}

 

This will output both any errors that were triggered and the SQL statement which will make it much easier to debug.

 

In this case the second query is not needed as the first query already takes care of incrementing the votecount column if there is already a row for a particular voter.

 

It is essential that you understand that arbitrary data from a user MUST be sanitized before it is used directly inside of an SQL statement. 

In this case, the mysql_real_escape_string function will do this for us:

 

 

if(isset($_GET['votername']))
{
  $votername = mysql_real_escape_string($_GET['votername']);
}

 

Since your query relies on $_GET['votername'] being set, I would include the query in the if condition that checks for it being set.

 

Also I must mention that the MYSQL extension is deprecated and should no longer be used. MYSQLi or PDO should be used instead, I recommend the latter.  

 

I believe that the actual error may be caused by the fact that you did not wrap $votername in single quotes inside of the SQL statement.

Edited by AyKay47
Link to comment
https://forums.phpfreaks.com/topic/275388-my-code-doesnt-work/#findComment-1417360
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.