Newgrounds.com — Everything, By Everyone.

I've decided to improve the jokes section on my website my including a rating system from one to five. I've added the following code to the bottom of the view page:

<br>Rate this entry:
<?php
echo'<form method="post" action="vote.php?id='.$id.'">
<select name="vote">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
<option>5</option>
</select>
<input type="submit" name="Submit" value="Vote">
</form>
</p>';
?>

and the following to the actual vote.php page

# Check that the submit button has been pressed and the user has not executed script directly
if ($submit == "Submit")
{
#Assign the query a variable so that it can be parsed by the custom error handler
$query = "SELECT `score`, `votes` FROM phpbb_content_sms WHERE `id` = $id";
@mysql_query($query, $connection)
or ThrowError("error with query: " . mysql_error() . "\n\nQuery: " . $query);

$result = mysql_query($query);
while( $row = mysql_fetch_array($result) )

{
$newscore == ($row['score']+$vote);
$newvotes == $row['votes']++;

echo $newscore;
echo $newvotes;

#Assign the query a variable so that it can be parsed by the custom error handler
$query = "UPDATE phpbb_content_sms SET `score` = '$newscore', `votes` = '$newvotes' WHERE `id` = '$id'";
@mysql_query($query, $connection)
or ThrowError("error with query: " . mysql_error() . "\n\nQuery: " . $query);

}

}

The second part is probably the most horrible coding ever, and it doesn't work. I don't want anybody to write the new code for me, just to talk me through what should be happening.

Secondly I want to pass the joke id from the view.php page to the vote.php without having to have it in the URL (i.e vote.php?id=7) Could somone either, talk me through it or link me to a tutorial because I've searched the manual teim and time again and I don't get it :)

- Anthony

Thanks a lot for your help I think I've managed to fix everything you suggested:

1) Sorted the first query out
2) Removed the while loop
3) Checked that $id is a numberic value
4) Checked that the vote is a numeric value
5) Checked that the vote is in the specified range
6) Added the hidden field for the id

I'd heard of using a hidden field before but I thought there was another way that I'd read about somewhere...

here's the new script:

# Check that the id passed is a number
if (is_numeric($id))
{
}
else
{
echo 'Error: That id is not a valid integer';
exit();
}

#Assign the query a variable so that it can be parsed by the custom error handler
$query = "SELECT `score`, `votes` FROM phpbb_content_sms WHERE `id` = $id";
$result = @mysql_query($query, $connection)
or ThrowError("error with query: " . mysql_error() . "\n\nQuery: " . $query);

if (mysql_num_rows($result) < 1)
{
echo 'Error: That entry does not exist';
exit();
}

# Assign a variable to the row
$row = mysql_fetch_array($result);

# If the vote from the form is numberic give the new total score a value, else the appropriate error message
if (is_numeric($vote))
{
$newtotalscore = ($row['score']+$vote);
}
else
{
echo 'Error the vote is not a valid integer';
exit();
}

# Assign the new total number of votes by adding one to the current total
$newtotalvotes = $row['votes']+1;

# Update the database with the new info
$query = "UPDATE phpbb_content_sms SET `score` = '$newtotalscore', `votes` = '$newtotalvotes' WHERE `id` = '$id'";
@mysql_query($query, $connection)
or ThrowError("error with query: " . mysql_error() . "\n\nQuery: " . $query);

# Leave outside curl brackets so that if it's the first vote the new score if establised for the user message
$newscore = ($newtotalscore / $newtotalvotes);

# If the votes is greater than zero assign appropriate user messages otherwise skip so that php does not try to divide by zero
if ($row['votes'] > 0)
{
$originalscore = ($row['score'] / $row['votes']);

if ($originalscore > $newscore)
{
$difference = ($originalscore - $newscore);
$message = ' lowered this entry by '.$difference;
}
elseif ($originalscore < $newscore)
{
$difference = ($newscore - $originalscore);
$message = ' raised this entry by '.$difference;
}
elseif ($originalscore == $newscore)
{
$message = ' helped keep this entry at '.$newscore;
}
}

# If this is the first vote (i.e $row['votes'] is zero) give the user message a value that they have not changed the score
else
{
$message = ' helped keep this entry at '.$newscore;
}

# Echo the user a message for voting
echo 'Thanks for voting '.$userdata['username'].' your vote of '.$vote.$message.' to give it a new score of '.$newscore;

I'd appreicate it greatly if you could have a quick look through to see if there are any other errors.

- Anthony

if your still having problems i would take the @ error suppressors out to make sure your queries are working.

Thanks, I did wonder if there was a better way of doing that. The $userdata comes from phpBB and just allows you to pull user info from the db more easily. :) Thanks a lot for your help and Merry Christmas.

The script runs fine, I just wanted to make sure that whilst I'm learning new things, I'm learning them the right way.

- Anthony

Lemme insert my PHP for my voting script.

<?php
include '/home/retro956/includes/db.inc';
include '/home/retro956/public_html/header2.php';

$sql = mysql_query("SELECT * FROM Photoshop WHERE image_id='$vote_id'");
$roww = mysql_fetch_assoc($sql);

$title = $roww[title];
$osco = $roww[score];

$vp = mysql_query("SELECT ip FROM votes WHERE ip='$REMOTE_ADDR' AND image_id='$vote_id'");
$num = mysql_num_rows($vp);

if($vote < 0 || $vote > 5) {
$error = "Stop trying to cheat the system!";
include '/home/retro956/public_html/bbs/errortemp.php';
include '/home/retro956/public_html/footer.php';
exit;
}
if($num > 0) {
$error = "You have already voted today! Please try again at 12:00AM GMT.";
include '/home/retro956/public_html/bbs/errortemp.php';
include '/home/retro956/public_html/footer.php';
exit;
}
$rating = $_GET["vote"];
if(!isset($rating)) {
$error = "You have not selected what you want to vote on";
include '/home/retro956/public_html/bbs/errortemp.php';
include '/home/retro956/public_html/footer.php';
exit;
}
if(!$vote_id) {
$error = "You have not selected the submission what you want to vote on";
include '/home/retro956/public_html/bbs/errortemp.php';
include '/home/retro956/public_html/footer.php';
exit;
}
$get_count = mysql_query("SELECT score,votes FROM Photoshop WHERE image_id=$vote_id");
$roww2 = mysql_fetch_row($get_count);
$tut_num_votes = $roww2[1];
$tut_rating = $roww2[0];

$new_count = ($tut_num_votes + 1);
$tut_rating2 = ($tut_rating * $tut_num_votes);
$new_rating = (($rating + $tut_rating2) / ($new_count));
$new_rating2 = number_format($new_rating, 2, '.', '');
mysql_query("UPDATE Photoshop SET score='$new_rating2',votes='$new_count' WHERE image_id=$vote_id") or die(mysql_error());

if($osco > $new_rating2) {
$st = "lowering ";
}
ELSE {
$st = "raising ";
}
$error = "You have voted on \"{$title}\", {$st} it's score from {$osco} to {$new_rating2}";
mysql_query("INSERT into votes VALUES ('$vote_id','$vote','$REMOTE_ADDR')") or die(mysql_error());
include '/home/retro956/public_html/bbs/errortemp.php';
include '/home/retro956/public_html/footer.php';

?>

Thanks a lot for your script. When I get the chance (more than likely after Christmas,) I'll compare the two and hopefully make improvements to mine. :-)

- Anthony