Unexpected Numbers

[The Little Guy]

This is mostly a math question, but users are able to vote on my scripts, and it uses the get variable to decide on what to rate each script

like this:

vote.php?id=4&vote=3

 

well... when I do the math, I get numbers such as .43

 

Is that even possible when the lowest number that can be entered is 1?

 

If a person manually types in vote.php?id=4&vote=0, I use php to change the 0 to a 1.

 

I use something like this to make the variable that is saved in the database.

<?php
if($_GET['vote']<1){
     $vote = 1;
}elseif($_GET['vote']>5){
     $vote = 5;
}else{
     $vote = $_GET['vote'];
}
?>

 

either some how someone found a way to add smaller numbers, or my math is wrong.

 

here is my math:

<?php
if($row['voteTotal']!=0||$row['votes']!=0){
$voteTotal = $row['voteTotal']/$row['votes'];
}
if($voteTotal <= 0){
$voteTotal = 'No votes yet';
}else{
$voteTotal = round($voteTotal,2);
$totalVotes = $row['votes'];
}
?>

$row['votes'] = number of voters

$row['voteTotal'] = sum of all the votes

[per1os]

The problem is that the total votes lets say equals 13 2 people did 5 one person did 3.

 

What is 13/3  ??? Isn't math fun?

 

What exactly are you trying to get out of it?

[Wildbug]

Can you look in your database to confirm all number are within the expected range?

[The Little Guy]

13/3 is 4.33333

 

That is fine, go here http://snippets.tzfiles.com/

 

in the blue section, you will see the number of views, then to the right of that there will be the vote amount, the very first on is instantly wrong, with a total of 0.45,

 

the database shows 17, 38, where 17 can not be correct, the minimum there must be 38, meaning everyone voted a 1.

 

here is my whole calculation page

<?php
include "db.php";

if(!isset($_GET['id'])){
header("Location: index.php");
exit;
}
if(!isset($_GET['vote'])){
header("Location: snippet.php?id=".$_GET['id']);
exit;
}
if($_GET['vote']>5){
$vote = 5;
}elseif($_GET['vote']<1){
$vote = 1;
}else{
$vote = $_GET['vote'];
}
$id = $_GET['id'];
$ip = $_SERVER['REMOTE_ADDR'];
$minutes = 2880;
$search = mysql_query("SELECT * FROM `votes` WHERE ip='$ip' AND id='$id'")or die(mysql_error());
$num_rows = mysql_num_rows($search);
mysql_query("DELETE FROM `votes` WHERE `date` < DATE_SUB(NOW(),INTERVAL $minutes MINUTE)")or die(mysql_error());
if($num_rows < 1){
mysql_query("UPDATE snippets SET voteTotal=voteTotal+$vote, votes=votes+1 WHERE id='$id'")or die(mysql_error());
mysql_query("INSERT INTO `votes` (`ip`,`vote`,`id`,`date`)VALUES('$ip','$vote','$id',NOW())")or die(mysql_error());
}
header("Location: snippet.php?id=".$id);
exit;
?>

[per1os]

Have you tried a raw dump of your DB to see what is actually in there and where it could be going wrong?

 

Have you thought about redoing the code? Why have 2 places to have errors when you can just have one without having to worry about the update?

 

IE:

 

<?php
mysql_query("INSERT INTO `votes` (`ip`,`vote`,`id`,`date`)VALUES('$ip','$vote','$id',NOW())")or die(mysql_error());

$query = mysql_query("SELECT SUM(vote) as votetotal, count(id) as numvotes FROM votes;"); 
$row = mysql_fetch_assoc($query);
$votetotal = $row['votetotal'];
$numvotes = $row['numvotes'];
?>

 

Note that query might be wrong, but hopefully you get the idea. With that function you do not have to update a seperate table and have 2 places for errors.

[The Little Guy]

one table holds the date of when the vote took place, and the other holds the actual votes

 

the one that holds the time is so a user can not vote repeatedly. but has to wait 2880 minutes till they can vote again.

[per1os]

Gotcha.

 

Well I would do some debugging and see what is going on after an insert of votes. Like print out the $vote and $id and $ip before the update statement pull what the current data is, print that out to the screen update the snippets and than do another select statement and print it to the screen.

 

See if something is not totaling up right or if maybe a value is not showing up right etc. It seems to be some type of a mis-communication inside the Update SQL statement.

[Wildbug]

So your voting code updates the database by incrementing TotalVotes by one and adding the vote (1,2,3,4 or 5) to Votes?  If that's true, and you have those values (17 and 38 for votes and total, respectively), then the problem must lie in the voting mechanism, not in the averaging.

 

Also, I think your OR (||) should be an AND -- you can still get division by zero, at least logically, with that comparison.  And the rating, shouldn't it be x.x out of 5, not of the total of votes?  Of course, it's still wrong, but....

 

What's the column type and default value for votes?  It's not hard to make that $_GET code equal to another value, and if it gets passed to the database, MySQL might be turning it into zero.  I think you should write a better routine for error checking $_GET['vote'].  For instance, I made it equal to "1-10" and PHP left it alone.

[Wildbug]

Yeah, I think that's it.  I just messed up the value for "Zodiac Sign" snippet by entering "?vote=1-100".  (Sorry.)

 

Perhaps you should use something like:

if (in_array($_GET['vote'],array('1','2','3','4','5'))) {
// use it
} else {
// skip it
}

[The Little Guy]

Yeah, I think that's it.  I just messed up the value for "Zodiac Sign" snippet by entering "?vote=1-100".  (Sorry.)

 

Perhaps you should use something like:

if (in_array($_GET['vote'],array('1','2','3','4','5'))) {
// use it
} else {
// skip it
}

When I check my votes table, here is what you inserted:

 

Ip              id               date          vote
Your IP 	9 	2007-05-30 13:01:53 	1

 

And here is what it changed the values to when it calculates in the other table.

totalvotes      votes
    -6  	 11

[Wildbug]

When I check my votes table, here is what you inserted:

 

Ip              id               date          vote
Your IP 	9 	2007-05-30 13:01:53 	1

 

And here is what it changed the values to when it calculates in the other table.

totalvotes      votes
    -6  	 11

 

That's because you've quoted the $vote value when you insert it into the votes table, but not when you insert it into the snippets table.  Yet, the votes.vote column type is probably some form of integer, so MySQL sees the "1-100" string and converts it to a number (1) by taking everything until a non-numeric character ("-").  Also, on the snippets.voteTotal UPDATE, the query is built as "...voteTotal=voteTotal+1-100," so it gets set minus 99.

 

You should (a) not use quotes when inserting integers into an integer column and (b) use a better user-submitted-data check in your script such as in_array() for enumerated values.

 

In fact, someone could potentially insert some nasty things into SQL with your current method since PHP is letting the whole value of $_GET['vote'] pass as long as it gets converted from string to number and the number is between 1-5.  That's a potentially serious security problem.