By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,968 Members | 1,871 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,968 IT Pros & Developers. It's quick & easy.

Off-by-one error in display

P: n/a
Hi,

I am currently writing PHP code for some polling software. When someone
votes, it stores their IP address in the database. From then on, they
cannot vote in that particular poll, they only view the results. There
are several polls in the database, and there is a field called
"status". When it is 0, the poll is "active" and can be voted upon.
When it is 1, it is archived and one can only view the results.

But, there seems to be some kind of off-by one error. Here's an example
of how it goes. Say that I have two active polls, poll 1 and poll 2. If
I vote in poll 1, it displays what the results were prior to voting.
Then, if I vote in poll 2, it shows the correct results for poll 1, but
poll 2 still appears like you can vote in it. I have to cast a second
vote in poll 2 for the results to display. I hope that this makes
sense!

Anyway, here is my code. I am stumped; does anyone have any ideas?
Thanks in advance!!

<html>
<!-- Copyright @2004 -->
<!-- do whatever you want with it, just retain the copyright -->
<head>
<?php
// The file with various global settings
include "include.php";

// create connection
$conn = mysql_connect($hostname, $username, $password);
if (!$conn) {
die ("Couldn't connect to server : " . mysql_error());
}

// select database
$db = mysql_select_db($database, $conn);
if (!$db) {
die ("Couldn't select $database : " . mysql_error());
}

echo "</head>";
echo "<body>";

/* Create an array to mark active polls
so that we don't have to iterate through
the entire database table */

// Make array of all the active polls
$sql_active = "SELECT poll_ID FROM poll_titles WHERE status=0";

$sql_active_result = mysql_query($sql_active,$conn);
if (!$sql_active_result) {
die ("Couldn't execute query : " . mysql_error());
}

$j = 0; // keeps track of array index
while ($row = mysql_fetch_array($sql_active_result)) {

$arr_active[$j] = $row["poll_ID"];
$j++;

}

/* Print all the active polls */

// Variable for number of array items, to use for the for loop
$arr_max = $j;

for ($i=0; $i < $arr_max; $i++) {

// Get the poll title
$sql_title = "SELECT title AS title FROM poll_titles WHERE
poll_ID=$arr_active[$i]";

$sql_title_result = mysql_query($sql_title,$conn);
if (!$sql_title_result) {
die ("Couldn't execute query : " . mysql_error());
}

$row = mysql_fetch_array($sql_title_result);
$title = $row["title"];

if ($title) {
echo "<p><table bgcolor='#FF00AA'><tr><td align='center'
colspan='2'><b>$title</b></td></tr><tr><td><p></p></td></tr>";

// See if user has already voted
$sql_ip = "SELECT COUNT(*) AS count FROM visited_ips WHERE
ip='$REMOTE_ADDR' AND poll_ID=$arr_active[$i]";

$sql_ip_result = mysql_query($sql_ip,$conn);
if (!$sql_ip_result) {
die ("Couldn't execute query : " . mysql_error());
}

$row = mysql_fetch_array($sql_ip_result);
$count = $row["count"];

// Get options and votes
$sql_options = "SELECT options, votes, id, poll_ID FROM poll WHERE
poll_ID=$arr_active[$i]";

$sql_options_result = mysql_query($sql_options,$conn);
if (!$sql_options_result) {
die ("Couldn't execute query : " . mysql_error());
}

if (($count == 0) && ($_POST["hidden_id"] == $arr_active[$i])) {

/* See which value is checked */

// which poll was submitted?
$cur_poll = $_POST["hidden_id"];
$tmp = "group" . $cur_poll;
$val = $_POST[$tmp];

$sql_update = "UPDATE poll SET votes = votes + 1 WHERE ID = $val";
// execute the query
mysql_query($sql_update);

// add ip to visited_ips
$sql_visited = "INSERT INTO visited_ips (ip, poll_ID) VALUES
('$REMOTE_ADDR', $cur_poll)";
mysql_query($sql_visited);

echo "<tr><td align='left'><u>Option</u></td><td
align='right'><u>Votes</u></td></tr>";

while ($row = mysql_fetch_array($sql_options_result)) {

$option = $row["options"];
$votes = $row["votes"];
echo "<tr><td align='left'>$option: </td><td
align='right'>$votes</td></tr>";

}

echo "</table></p>";

}

// Display the poll if the user has not yet voted
else if (($count == 0) && ($_POST["hidden_id"] != $arr_active[$i])) {

echo "<form action='pollkitty.php' method='post'>";

while ($row = mysql_fetch_array($sql_options_result)) {

$option = $row["options"];
$id = $row["id"];
$poll_ID = $row["poll_ID"];

$groupname = "group" . $poll_ID;

echo "<tr><td align='left'><input type='radio' name='$groupname'
value='$id'>$option</td></tr>";
}

echo "<tr><td align='right'>
<input type='hidden' name='hidden_id' value='$poll_ID'>
<input type='Submit' value='submit'></td></tr>
</form>
</table></p>";

}

// Otherwise, if the user has already voted, display results
else {

echo "<tr><td align='left'><u>Option</u></td><td
align='right'><u>Votes</u></td></tr>";

while ($row = mysql_fetch_array($sql_options_result)) {

$option = $row["options"];
$votes = $row["votes"];
echo "<tr><td align='left'>$option: </td><td
align='right'>$votes</td></tr>";
}

echo "</table></p>";

}

}
}

echo "</body></html>";
?>

Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
.oO(erica)
I am currently writing PHP code for some polling software. When someone
votes, it stores their IP address in the database. From then on, they
cannot vote in that particular poll, they only view the results.


What about proxies?

Micha
Jul 17 '05 #2

P: n/a
I am currently writing PHP code for some polling software. When someone
votes, it stores their IP address in the database. From then on, they
cannot vote in that particular poll, they only view the results.
Wrong. Many users have different IP assigned each time they
connect to the web.
The chances are that you would block someone else, who didn't vote.

Use cookies for permanent 'ban' and use IP to block
for a limited amount of time only (2-5hrs?)

$conn = mysql_connect($hostname, $username, $password);
if (!$conn) {
die ("Couldn't connect to server : " . mysql_error());
}
That outputs text in <head> section.

// See if user has already voted
You first read data for polls and then add new vote.
Add new vote first.

// which poll was submitted?
$cur_poll = $_POST["hidden_id"];
$tmp = "group" . $cur_poll;
$val = $_POST[$tmp];

$sql_update = "UPDATE poll SET votes = votes + 1 WHERE ID = $val";
Think what will happen when I submit:
hidden_id = "0"
group0 = "1 OR 1"

$sql_visited = "INSERT INTO visited_ips (ip, poll_ID) VALUES
('$REMOTE_ADDR', $cur_poll)";
mysql_query($sql_visited);


This query may be manipulated too.

You blindly trust data from external source. This way you trust all
crackers out there.
If you expect number, make *sure* you've got a number.
Simple way: $number = (int)$number;
--
* html {redirect-to: url(http://browsehappy.pl);}
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.