Hi,
I am currently writing PHP code for some polling software. When someone
votes, it stores their IP address in the database. From then on, they
cannot vote in that particular poll, they only view the results. There
are several polls in the database, and there is a field called
"status". When it is 0, the poll is "active" and can be voted upon.
When it is 1, it is archived and one can only view the results.
But, there seems to be some kind of off-by one error. Here's an example
of how it goes. Say that I have two active polls, poll 1 and poll 2. If
I vote in poll 1, it displays what the results were prior to voting.
Then, if I vote in poll 2, it shows the correct results for poll 1, but
poll 2 still appears like you can vote in it. I have to cast a second
vote in poll 2 for the results to display. I hope that this makes
sense!
Anyway, here is my code. I am stumped; does anyone have any ideas?
Thanks in advance!!
<html>
<!-- Copyright @2004 -->
<!-- do whatever you want with it, just retain the copyright -->
<head>
<?php
// The file with various global settings
include "include.ph p";
// create connection
$conn = mysql_connect($ hostname, $username, $password);
if (!$conn) {
die ("Couldn't connect to server : " . mysql_error());
}
// select database
$db = mysql_select_db ($database, $conn);
if (!$db) {
die ("Couldn't select $database : " . mysql_error());
}
echo "</head>";
echo "<body>";
/* Create an array to mark active polls
so that we don't have to iterate through
the entire database table */
// Make array of all the active polls
$sql_active = "SELECT poll_ID FROM poll_titles WHERE status=0";
$sql_active_res ult = mysql_query($sq l_active,$conn) ;
if (!$sql_active_r esult) {
die ("Couldn't execute query : " . mysql_error());
}
$j = 0; // keeps track of array index
while ($row = mysql_fetch_arr ay($sql_active_ result)) {
$arr_active[$j] = $row["poll_ID"];
$j++;
}
/* Print all the active polls */
// Variable for number of array items, to use for the for loop
$arr_max = $j;
for ($i=0; $i < $arr_max; $i++) {
// Get the poll title
$sql_title = "SELECT title AS title FROM poll_titles WHERE
poll_ID=$arr_ac tive[$i]";
$sql_title_resu lt = mysql_query($sq l_title,$conn);
if (!$sql_title_re sult) {
die ("Couldn't execute query : " . mysql_error());
}
$row = mysql_fetch_arr ay($sql_title_r esult);
$title = $row["title"];
if ($title) {
echo "<p><table bgcolor='#FF00A A'><tr><td align='center'
colspan='2'><b> $title</b></td></tr><tr><td><p></p></td></tr>";
// See if user has already voted
$sql_ip = "SELECT COUNT(*) AS count FROM visited_ips WHERE
ip='$REMOTE_ADD R' AND poll_ID=$arr_ac tive[$i]";
$sql_ip_result = mysql_query($sq l_ip,$conn);
if (!$sql_ip_resul t) {
die ("Couldn't execute query : " . mysql_error());
}
$row = mysql_fetch_arr ay($sql_ip_resu lt);
$count = $row["count"];
// Get options and votes
$sql_options = "SELECT options, votes, id, poll_ID FROM poll WHERE
poll_ID=$arr_ac tive[$i]";
$sql_options_re sult = mysql_query($sq l_options,$conn );
if (!$sql_options_ result) {
die ("Couldn't execute query : " . mysql_error());
}
if (($count == 0) && ($_POST["hidden_id"] == $arr_active[$i])) {
/* See which value is checked */
// which poll was submitted?
$cur_poll = $_POST["hidden_id"];
$tmp = "group" . $cur_poll;
$val = $_POST[$tmp];
$sql_update = "UPDATE poll SET votes = votes + 1 WHERE ID = $val";
// execute the query
mysql_query($sq l_update);
// add ip to visited_ips
$sql_visited = "INSERT INTO visited_ips (ip, poll_ID) VALUES
('$REMOTE_ADDR' , $cur_poll)";
mysql_query($sq l_visited);
echo "<tr><td align='left'><u >Option</u></td><td
align='right'>< u>Votes</u></td></tr>";
while ($row = mysql_fetch_arr ay($sql_options _result)) {
$option = $row["options"];
$votes = $row["votes"];
echo "<tr><td align='left'>$o ption: </td><td
align='right'>$ votes</td></tr>";
}
echo "</table></p>";
}
// Display the poll if the user has not yet voted
else if (($count == 0) && ($_POST["hidden_id"] != $arr_active[$i])) {
echo "<form action='pollkit ty.php' method='post'>" ;
while ($row = mysql_fetch_arr ay($sql_options _result)) {
$option = $row["options"];
$id = $row["id"];
$poll_ID = $row["poll_ID"];
$groupname = "group" . $poll_ID;
echo "<tr><td align='left'><i nput type='radio' name='$groupnam e'
value='$id'>$op tion</td></tr>";
}
echo "<tr><td align='right'>
<input type='hidden' name='hidden_id ' value='$poll_ID '>
<input type='Submit' value='submit'> </td></tr>
</form>
</table></p>";
}
// Otherwise, if the user has already voted, display results
else {
echo "<tr><td align='left'><u >Option</u></td><td
align='right'>< u>Votes</u></td></tr>";
while ($row = mysql_fetch_arr ay($sql_options _result)) {
$option = $row["options"];
$votes = $row["votes"];
echo "<tr><td align='left'>$o ption: </td><td
align='right'>$ votes</td></tr>";
}
echo "</table></p>";
}
}
}
echo "</body></html>";
?> 2 1963
.oO(erica) I am currently writing PHP code for some polling software. When someone votes, it stores their IP address in the database. From then on, they cannot vote in that particular poll, they only view the results.
What about proxies?
Micha I am currently writing PHP code for some polling software. When someone votes, it stores their IP address in the database. From then on, they cannot vote in that particular poll, they only view the results.
Wrong. Many users have different IP assigned each time they
connect to the web.
The chances are that you would block someone else, who didn't vote.
Use cookies for permanent 'ban' and use IP to block
for a limited amount of time only (2-5hrs?)
$conn = mysql_connect($ hostname, $username, $password); if (!$conn) { die ("Couldn't connect to server : " . mysql_error()); }
That outputs text in <head> section.
// See if user has already voted
You first read data for polls and then add new vote.
Add new vote first.
// which poll was submitted? $cur_poll = $_POST["hidden_id"]; $tmp = "group" . $cur_poll; $val = $_POST[$tmp];
$sql_update = "UPDATE poll SET votes = votes + 1 WHERE ID = $val";
Think what will happen when I submit:
hidden_id = "0"
group0 = "1 OR 1"
$sql_visited = "INSERT INTO visited_ips (ip, poll_ID) VALUES ('$REMOTE_ADDR' , $cur_poll)"; mysql_query($sq l_visited);
This query may be manipulated too.
You blindly trust data from external source. This way you trust all
crackers out there.
If you expect number, make *sure* you've got a number.
Simple way: $number = (int)$number;
--
* html {redirect-to: url(http://browsehappy.pl) ;} This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Frank |
last post by:
Whats best :
register_globals ON ?
OR
register_globals OFF ?
I currently use:
$_POST
|
by: kishor kotecha |
last post by:
Hi,
I have created a .net app.
all works fine.
but, i want to prevent closure (kill) of this app when the user of the
machine does a 'log off' of windows/xp.
currently what is happening is that when the user does 'log off', the log
|
by: Alexander Schmidt |
last post by:
Hi,
I am not very familiar with C++ programming, so before I do a dirty hack I
ask for a more elegant solution (but only the usage of STL is allowed, no
special libs).
So I need to read a file in OFF format and store the values read in some
file format, I suppose in arrays of floats or ints would be meaningful:
My general idea:
|
by: scorp7355 |
last post by:
I was wondering if there is some other way to turn autocomplete off
besides using "autocomplete=off", using a meta tag or something
similar. It would be great if there is some way to turn it off at a
page level.
Any ideas/thought would be greatly appreciated.
Thanks in advance,
Zac
|
by: Gaffer |
last post by:
Is it possible to change the following code so that the music is 'off' when
the page is loaded and the user gets the option to turn it on?
---------------------------------------------------
<script language="JavaScript"><!--
function musicOff() {
document.midi.stop()
}function musicOn() {
| |
by: peter |
last post by:
I just took over the website at work. I am still learning PHP.
Register_globals are on and the script appears to be coded to take
advantage of this. I know how to recode the script, but am unsure how
to turn them off when I am done. I have googled and came up with
placing
php_flag register_globals off
in the .htaccess file.
|
by: - Steve - |
last post by:
Two questions.
1. Is there a good way to include a log off button on every page on the
site. Like using an include for a banner at the top or bottom. I tried to
add it to my header banner but I can't see how to tie that button into the
code.
2. If someone clicks the log off button it requires that all the
validations are okay. If they hit "submit" I want the validation to apply,
but if they click "Log Off" I want to log them off,...
|
by: robert112 |
last post by:
Hi All,
I have a webpage.aspx and a webusercontrol.ascx with both of them
having viewstate turned off.
Then in my web user control I have got some code reading the request
stream:
Dim str As IO.Stream
Dim strLen As Integer
Dim strRead As Integer
|
by: Michael Starberg |
last post by:
cat, I wouldn't be worried about linq nor IDisposable.
http://www.youtube.com/watch?v=MQ4vmSvCVbc
Enjoy, and if you hate silly cats, at least the music is great! =)
- Michael Starberg
|
by: tvnaidu |
last post by:
I have these two ON and OFF buttons html code below, based on condition I am displaying status on screen(I have mutliple lines for each LED), my row shifting when some displaying ON and some displaying OFF, because ON button is smaller than OFF (ON is 2 character and OFF is 3 character), Is there anyway I can specify for both should take fixed length?.
<input type="button" value="ON " style="background-color: #00cc00; color: #ffffff;" />
...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |