HoTDaWg Posted January 5, 2007 Share Posted January 5, 2007 hi, i have a script here which takes data submitted from a form and inserts it into a db. the only problem is, for some reason, it says that the fields are empty, even when they arent.heres my script[code]<?php//first, check if the users ip needs to be added to the database.function insertuser(){include "config.php";$ip = $_SERVER["REMOTE_ADDR"];session_start(); if(session_is_registered('firsttime')){ $voted=1; $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES (0,'".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer(){include "config.php";$ip= $_SERVER["REMOTE_ADDR"];session_start(); if(session_is_registered('previoususer')){ $findhim="SELECT voted FROM users UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn); }}function request(){//get the variables and secure them blah blah blah$songname = $_REQUEST['songname'];$songartist = $_REQUEST['songartist'];$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h)if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); }}//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }else{ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES (0,'". $songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }}//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ error_reporting(E_ALL); $ip = $_SERVER["REMOTE_ADDR"]; include "config.php"; request(); global $songname, $songartist, $ip, $conn; insertuser(); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }?>[/code]any ideas?? ???thanks.HoTDaWg[b]Update:[/b] Interesting behaviour, before and only once before when i classifed myself as a first-time user, it actually inserted the stuff into the database, but it had a lot of errors like headers already sent and stuff. any ideas? Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 5, 2007 Author Share Posted January 5, 2007 k i mangaged to get the errors:[code]Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/idanc48d/public_html/index2.php on line 57The song was requested successfullyWarning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/idanc48d/public_html/index2.php:57) in /home/idanc48d/public_html/index2.php on line 6You can request or vote for two more songsNotice: A session had already been started - ignoring session_start() in /home/idanc48d/public_html/index2.php on line 22[/code] Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 5, 2007 Author Share Posted January 5, 2007 any ideas? Quote Link to comment Share on other sites More sharing options...
Hypnos Posted January 5, 2007 Share Posted January 5, 2007 First warning means there were no results for your query (The one that's checking to see if there are any previous songs).Second one is because you have two "session_start"s. Quote Link to comment Share on other sites More sharing options...
taith Posted January 5, 2007 Share Posted January 5, 2007 get the session_start(); out of the function... always put it at the top of your parent page. and nowhere else. also, on your queries... putmysql_query() or die(mysql_error());that'll tell ya exactly whats wrong with your query :-) Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 5, 2007 Author Share Posted January 5, 2007 thanks for the suggestio guys, but it still says a field was left blank when really it wasnt, when you have the session previoususer. once again, any ideas? Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 5, 2007 Author Share Posted January 5, 2007 btw, the code is now:[code]<?php//first, check if the users ip needs to be added to the database.function insertuser(){include "config.php";$ip = $_SERVER["REMOTE_ADDR"]; if(session_is_registered('firsttime')){ $voted=1; $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES (0,'".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer(){include "config.php";$ip= $_SERVER["REMOTE_ADDR"]; if(session_is_registered('previoususer')){ $findhim="SELECT voted FROM users UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn)or die(mysql_error()); }}function request(){//get the variables and secure them blah blah blah$songname = $_REQUEST['songname'];$songartist = $_REQUEST['songartist'];$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h)if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); }}//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn)or die(mysql_error()); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }elseif(mysql_num_rows < 1){ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES (0,'". $songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }}//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ session_start(); error_reporting(E_ALL); $ip = $_SERVER["REMOTE_ADDR"]; include "config.php"; request(); global $songname, $songartist, $ip, $conn; insertuser(); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }?>[/code] Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 5, 2007 Share Posted January 5, 2007 I notice a few problems with your script other those mentioned by the other posters.[list][*]A [b]global[/b] statement doesn't do anything unless it is within a function.[*]You are using the session_is_registered() function which is obsolete and will only work if register_globals is enabled. You should replace those with a test like[/list][code]<?phpif (isset($_SESSION['previoususer']))?>[/code]You will have to set the appriopriate session variable manual with something like:[code]<?php$_SESSION['previoususer'] = $previoususer;?>[/code][list][*]Move the "session_start()" call to immediately after the "<?php" tag at the start of your script.[/list]Ken Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 5, 2007 Author Share Posted January 5, 2007 thank you for your help, but my code still does not work. :( it just shows a blank page.here is the code:[code]<?php//first, check if the users ip needs to be added to the database.function insertuser(){include "config.php";$ip = $_SERVER["REMOTE_ADDR"]; if (isset($_SESSION['firsttime'])){ $voted=1; $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES (0,'".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer(){include "config.php";$ip= $_SERVER["REMOTE_ADDR"]; if (isset($_SESSION['previoususer'])){ $findhim="SELECT voted FROM users UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn)or die(mysql_error()); }}function request(){//get the variables and secure them blah blah blah$songname = $_REQUEST['songname'];$songartist = $_REQUEST['songartist'];$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h)if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); }}//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn)or die(mysql_error()); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn)or die(mysql_error()); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }elseif(mysql_num_rows < 1){ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES (0,'". $songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }}//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ session_start(); error_reporting(E_ALL); $ip = $_SERVER["REMOTE_ADDR"]; include "config.php"; request(); insertuser(); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }?>[/code] Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 5, 2007 Share Posted January 5, 2007 Your code is seriously screwed up. I'm trying to fix it as best as I can. I will post it when I get it looking reasonable.Ken Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 5, 2007 Author Share Posted January 5, 2007 [quote author=kenrbnsn link=topic=121087.msg497703#msg497703 date=1168031249]Your code is seriously screwed up. I'm trying to fix it as best as I can. I will post it when I get it looking reasonable.Ken[/quote]thanks a lotman. Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Author Share Posted January 6, 2007 does anyone have any thoughts? Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 Hold on I caught something that may be your problem im looking into it now and testing it myself Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Author Share Posted January 6, 2007 [quote author=Fearsoldier link=topic=121087.msg497814#msg497814 date=1168042982]Hold on I caught something that may be your problem im looking into it now and testing it myself[/quote]k thanks. Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 Give this a try tell me how it goes[code]<?//first, check if the users ip needs to be added to the database.function insertuser(){include "config.php"; $ip = $_SERVER["REMOTE_ADDR"]; if (isset($_SESSION['firsttime'])){ $voted=1; $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES ('','".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer(){include "config.php"; $ip= $_SERVER["REMOTE_ADDR"]; if (isset($_SESSION['previoususer'])){ $findhim="SELECT voted FROM users UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn)or die(mysql_error()); }}function request(){//get the variables and secure them blah blah blah$songname = $_REQUEST['songname'];$songartist = $_REQUEST['songartist'];$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h) if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); } }//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn)or die(mysql_error()); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn)or die(mysql_error()); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }elseif(mysql_num_rows < 1){ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES ('','".$songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ session_start(); error_reporting(E_ALL); $ip = $_SERVER["REMOTE_ADDR"]; include "config.php"; request(); insertuser(); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }?>[/code]I organized it a bit to show more of where things start and end you also had an unnecessary closing to a statement which is your white page problem Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Author Share Posted January 6, 2007 sorry man, but it did not have a } so i added it. and now, it shows a blank page. and when u view the page without having to go through the submit form it doesnt even show "a field was left blank"thanks for the help though. :( Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 One thing you dont have to worry about is an error in your coding causing the white screen such as a closing or opening not being there or being there without needed the page loads.But one thing i'm wondering is are you including this page somewhere and using these functions? Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Author Share Posted January 6, 2007 no, the page index.php has a form on it which leads to index2.php which is the file u are helpign me with. here is the index.php page.[code]<?php//first and foremost, report all errors, define the secruity statement and state some variables.define('inStereo',true);error_reporting(E_ALL);$ip = $_SERVER["REMOTE_ADDR"];$limit = 3;function beginthework(){include "config.php"; global $ip, $limit; //check to see if the user's ip exists in the DB and if he has crossed the max number of votes $sql = "SELECT ip AND voted FROM users WHERE ip='".$ip."' AND voted='".$limit."'"; $result= mysql_query($sql,$conn); if (mysql_num_rows($result)>0){ echo "Our records show that you have already voted three times. As much as we hate to say it, access denied."; }else{ $sql2 = "SELECT ip FROM users WHERE ip='".$ip."'"; $results= mysql_query($sql2,$conn); if (mysql_num_rows($results)>0){ session_start(); $_SESSION['previoususer']=$ip; echo 'You have voted before.<form name="request" action="index2.php"> Artist Name:<input type="text" name="artist">song name:<input type="text" name="song"><br> <br><br><br><input type="submit" value="Submit!"></form>'; }else{ session_start(); $_SESSION['firsttime'] = $ip; echo 'this is your first time voting.<form name="request" action="index2.php"> Artist Name: <input type="text" name="songartist">song name:<input type="text" name="songname"><br><br><input type="submit" value="Submit!"></form>'; } }} beginthework();?>[/code] Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 Well if your sending your form to index2.php which I understand to be the page we were working on, that page isn't using the functions it's creating them. See when you send that person to the page it compiles all those functions and puts them in standby waiting for you to use themFor example say you wanted to insert a user using that function[code]<?phpfunction insertuser($id,$ip,$voted) { if (isset($_SESSION['firsttime'])){ $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES ('','".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}$ip = $_SERVER["REMOTE_ADDR"];$voted=1;insertuser('',$ip,$voted);?>[/code]Any variables you want inside your function have to be added to the list just like database stuff Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Author Share Posted January 6, 2007 ohhh kk leemme modify then. thanks Fearsoldier.HoTDaWg. Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 Np...one thing i suggest for your database connecting is make a file called DBconnector or something have it connect to your database and include it in your files this way your functions can query your database without all those extra variables just PM me or post here again if you have anymore questions Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Author Share Posted January 6, 2007 dang, it still doesnt work. it just shows a blank page just like before.:( And when you view [b]index2.php[/b] it doesnt even show "a field was left blank"any help would be greatly apprecited. thanks for the help so far everyone.HoTDaWg[code]<?php//first, check if the users ip needs to be added to the database.function insertuser(){include "config.php"; $ip = $_SERVER["REMOTE_ADDR"]; if (isset($_SESSION['firsttime'])){ $voted=1; $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES ('','".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer(){include "config.php"; $ip= $_SERVER["REMOTE_ADDR"]; if (isset($_SESSION['previoususer'])){ $findhim="SELECT voted FROM users UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn)or die(mysql_error()); }}function request(){//get the variables and secure them blah blah blah$songname = $_REQUEST['songname'];$songartist = $_REQUEST['songartist'];$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h) if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); } }//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn)or die(mysql_error()); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn)or die(mysql_error()); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }elseif(mysql_num_rows < 1){ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES ('','".$songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ session_start(); error_reporting(E_ALL); $ip = $_SERVER["REMOTE_ADDR"]; include "config.php"; request('',$songname,$songartist); insertuser('',$ip,$voted); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }?>[/code](current draft) Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 [code]<?$ip = $_SERVER["REMOTE_ADDR"];$songname = $_GET['songname'];$songartist = $_GET['songartist'];//first, check if the users ip needs to be added to the database.function insertuser($id,$ip,$voted){include "config.php"; if (isset($_SESSION['firsttime'])){ $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES ('','".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer($ip){include "config.php"; if (isset($_SESSION['previoususer'])){ $findhim="SELECT voted FROM users WHERE ip = $ip UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn)or die(mysql_error()); }}function request($songname,$songartist){//get the variables and secure them blah blah blah$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h) if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); } }//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn)or die(mysql_error()); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn)or die(mysql_error()); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }elseif(mysql_num_rows < 1){ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES ('','".$songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ session_start(); error_reporting(E_ALL); $ip = $_SERVER["REMOTE_ADDR"]; include "config.php"; request(); insertuser(); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }}insertuser('',$ip,'1');previoususer($ip);request($songname,$songartist);?>[/code]I changed numerous things try that Quote Link to comment Share on other sites More sharing options...
HoTDaWg Posted January 6, 2007 Author Share Posted January 6, 2007 [quote author=Fearsoldier link=topic=121087.msg497856#msg497856 date=1168046786][code]<?$ip = $_SERVER["REMOTE_ADDR"];$songname = $_GET['songname'];$songartist = $_GET['songartist'];//first, check if the users ip needs to be added to the database.function insertuser($id,$ip,$voted){include "config.php"; if (isset($_SESSION['firsttime'])){ $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES ('','".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer($ip){include "config.php"; if (isset($_SESSION['previoususer'])){ $findhim="SELECT voted FROM users WHERE ip = $ip UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn)or die(mysql_error()); }}function request($songname,$songartist){//get the variables and secure them blah blah blah$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h) if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); } }//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn)or die(mysql_error()); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn)or die(mysql_error()); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }elseif(mysql_num_rows < 1){ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES ('','".$songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ session_start(); error_reporting(E_ALL); $ip = $_SERVER["REMOTE_ADDR"]; include "config.php"; request(); insertuser(); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }}insertuser('',$ip,'1');previoususer($ip);request($songname,$songartist);?>[/code]I changed numerous things try that[/quote]still, a blank page :(. Quote Link to comment Share on other sites More sharing options...
Asheeown Posted January 6, 2007 Share Posted January 6, 2007 [code]<?phpsession_start();header("Cache-control: private"); ?><?php$ip = $_SERVER["REMOTE_ADDR"];$songname = $_GET['songname'];$songartist = $_GET['songartist'];//first, check if the users ip needs to be added to the database.function insertuser($id,$ip,$voted){include "config.php"; if (isset($_SESSION['firsttime'])){ $insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES ('','".$ip."','".$voted."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery=mysql_query($insertsong)){ echo "You can request or vote for two more songs"; }else{ echo "An error has occurred. An administrator has been notified. thanks"; } }}//if the user has voted before, once he requestes, increase his voted by 1function previoususer($ip){include "config.php"; if (isset($_SESSION['previoususer'])){ $findhim="SELECT voted FROM users WHERE ip = $ip UPDATE voted SET voted=voted+1"; mysql_query($findhim,$conn)or die(mysql_error()); }}function request($songname,$songartist){//get the variables and secure them blah blah blah$songname = strtolower($songname);$songartist = strtolower($songartist);$songname=str_replace(" ","",$songname);$songartist=str_replace(" ","",$songartist);$songname=str_replace("%20","",$songname);$songartist=str_replace("%20","",$songartist);$songname=addslashes($songname);$songartist=addslashes($songartist);//secure it some more! ALRIGHT (h) if (!get_magic_quotes_gpc()) { foreach ($_REQUEST as $el) { $el = mysql_real_escape_string($el); } }//Check if the song already existsinclude "config.php";$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";$result=mysql_query($sql,$conn)or die(mysql_error()); if(mysql_num_rows($sql) > 0){ $query="UPDATE votes FROM songs SET votes=votes+1"; $gettowork= mysql_query($query,$conn)or die(mysql_error()); if($gettowork){ echo "Your request was submitted succesfully"; }else{ echo "An error occured, your request was not successful"; } }elseif(mysql_num_rows < 1){ $songvotes= 0; $insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES ('','".$songname."','".$songartist."','".$songvotes."')"; $insertquery=mysql_query($insertsong, $conn)or die(mysql_error()); if($insertquery){ echo "The song was requested successfully"; }else{ echo "There was an error. The song was not requested successfully"; } }//begin the actual script//determine whether this is hacking attempt/the user is lazy if(!empty ($songname) && ($songartist)){ error_reporting(E_ALL); include "config.php"; request(); insertuser(); previoususer(); mysql_close(); exit(); }else{ echo "A field was left blank"; exit(); }}insertuser('',$ip,'1');previoususer($ip);?>[/code]Okay try this...this is without the request function something is screwed up in the bottom half of that function try this and if it gives you a white screen no info check your database to see if your vote number or anything was changed...first delete your ip from your database table just see if these two functions work before we move onto request Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.