Jump to content

Seriously wierd- Goes directly to empty field echo

HoTDaWg

By HoTDaWg
in PHP Coding Help

Recommended Posts

HoTDaWg Regular Member

HoTDaWg

Posted
  • Author
Posted
thanks a lot guys for going out of your way to help me.
[code]
-- phpMyAdmin SQL Dump
-- version 2.9.0.2
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jan 05, 2007 at 10:19 PM
-- Server version: 4.1.21
-- PHP Version: 4.4.2
--
-- Database: `idanc48d_mbdance`
--

-- --------------------------------------------------------

--
-- Table structure for table `songs`
--

CREATE TABLE `songs` (
  `songid` int(11) NOT NULL auto_increment,
  `songname` varchar(32) default NULL,
  `songartist` varchar(32) default NULL,
  `songvotes` varchar(32) default NULL,
  PRIMARY KEY  (`songid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=34 ;

--
-- Dumping data for table `songs`
--

INSERT INTO `songs` VALUES (30, 'intheend', 'linkinpark', '0');
INSERT INTO `songs` VALUES (31, 'intheend', 'linkinpark', '0');
INSERT INTO `songs` VALUES (32, 'pieces', 'sum41', '0');
INSERT INTO `songs` VALUES (33, 'entersandman', 'metallica', '0');

-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE `users` (
  `id` int(11) NOT NULL auto_increment,
  `ip` varchar(255) default NULL,
  `voted` varchar(32) NOT NULL default '',
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;

--
-- Dumping data for table `users`
--
[/code]
[b]index.php[/b]
[code]
<?php
//first and foremost, report all errors, define the secruity statement and state some variables.
define('inStereo',true);
error_reporting(E_ALL);
$ip = $_SERVER["REMOTE_ADDR"];
$limit = 3;
session_start();
header("Cache-control: private");


function beginthework(){
include "config.php";
global $ip, $limit;
//check to see if the user's ip exists in the DB and if he has crossed the max number of votes
$sql = "SELECT ip AND voted FROM users WHERE ip='".$ip."' AND voted='".$limit."'";
$result= mysql_query($sql,$conn);
if (mysql_num_rows($result)>0){
echo "Our records show that you have already voted three times. As much as we hate to say it, access denied.";
}else{
$sql2 = "SELECT ip FROM users WHERE ip='".$ip."'";
$results= mysql_query($sql2,$conn);
if (mysql_num_rows($results)>0){
$_SESSION['previoususer']=$ip;
echo 'You have voted before.<form name="request" action="index2.php">
Artist Name:<input type="text" name="artist">song name:<input type="text" name="song"><br> <br><br><br><input type="submit" value="Submit!"></form>';
}else{
$_SESSION['firsttime'] = $ip;
echo 'this is your first time voting.<form name="request" action="index2.php"> Artist Name: <input type="text" name="songartist">song name:<input type="text" name="songname"><br><br>
<input type="submit" value="Submit!"></form>';
}
}
}

beginthework();
?>
[/code]
[b]index2.php[/b]
[code]
<?php
session_start();
header("Cache-control: private");
?>
<?php
$ip = $_SERVER["REMOTE_ADDR"];
$songname = $_GET['songname'];
$songartist = $_GET['songartist'];
//first, check if the users ip needs to be added to the database.
function insertuser($id,$ip,$voted){
include "config.php";
if (isset($_SESSION['firsttime'])){
$insertsong = "INSERT INTO users (`id`, `ip`, `voted`) VALUES ('','".$ip."','".$voted."')";
$insertquery=mysql_query($insertsong, $conn)or die(mysql_error());
if($insertquery=mysql_query($insertsong)){
echo "You can request or vote for two more songs";
}else{
echo "An error has occurred. An administrator has been notified. thanks";
}
}
}

//if the user has voted before, once he requestes, increase his voted by 1
function previoususer($ip){
include "config.php";
if (isset($_SESSION['previoususer'])){
$findhim="SELECT voted FROM users WHERE ip = $ip UPDATE voted SET voted=voted+1";
mysql_query($findhim,$conn)or die(mysql_error());
}
}

function request($songname,$songartist){
//get the variables and secure them blah blah blah
$songname = strtolower($songname);
$songartist = strtolower($songartist);

$songname=str_replace(" ","",$songname);
$songartist=str_replace(" ","",$songartist);

$songname=str_replace("%20","",$songname);
$songartist=str_replace("%20","",$songartist);

$songname=addslashes($songname);
$songartist=addslashes($songartist);

//secure it some more! ALRIGHT (h)
if (!get_magic_quotes_gpc()) {
  foreach ($_REQUEST as $el) {
        $el = mysql_real_escape_string($el);
  }
}

//Check if the song already exists
include "config.php";
$sql = "SELECT songname AND songartist FROM songs WHERE songname='".$songname."' AND songartist='".$songartist."'";
$result=mysql_query($sql,$conn)or die(mysql_error());
if(mysql_num_rows($sql) > 0){
$query="UPDATE votes FROM songs SET votes=votes+1";
$gettowork= mysql_query($query,$conn)or die(mysql_error());
if($gettowork){
echo "Your request was submitted succesfully";
}else{
echo "An error occured, your request was not successful";
}
}elseif(mysql_num_rows < 1){
$songvotes= 0;
$insertsong = "INSERT INTO songs (`songid`, `songname`, `songartist`, `songvotes`) VALUES ('','".$songname."','".$songartist."','".$songvotes."')";
$insertquery=mysql_query($insertsong, $conn)or die(mysql_error());
if($insertquery){
echo "The song was requested successfully";
}else{
echo "There was an error. The song was not requested successfully";
}
}

//begin the actual script
//determine whether this is hacking attempt/the user is lazy
if(!empty ($songname) && ($songartist)){
error_reporting(E_ALL);
include "config.php";
request();
insertuser();
previoususer();
mysql_close();
exit();

}else{

echo "A field was left blank";
exit();
}
}

insertuser('',$ip,'1');
previoususer($ip);
?>
[/code]

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.