Thumbs up/down

[Chris2k]

Can any1 tell me whats wrong here:

	$thumbsUp = $_POST['good'];
	$thumbsDown = $_POST['bad'];
	
	$id = isset($_GET['id']) ? mysql_real_escape_string(trim($_GET['id'])): '';
	
	if ($thumbsUp) {
		mysql_query("UPDATE wcddl_downloads SET thumbsup=thumbsup+1 WHERE id='$id'");
	}

Basically when i press the thumbsu button i want to increment the field +1 for tht ddl.

 

[Putin]

$thumbsUp = isset($_POST['good']) ? true : false;
$thumbsDown = isset($_POST['bad']) ? true : false;

$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;

if ($thumbsUp) {
mysql_query("UPDATE `wcddl_downloads` SET `thumbsup`=thumbsup+1 WHERE `id`=".$id."");
}

I've changed a few things to clean the script up to make it work better. But it wont solve the problem...

the SQL query you've entered it FINE, maybe you've mis-spelt something in the query or the POST isn't POSTing...

Edit: I also noticed...GET for id, and POST for good/bad, maybe they are both GET or POST? ..

 

[Gaurav]

@MP3Drug: isset() returns boolean TRUE or FALSE so using a ternary operator won't do anything better..

 

[Mr Happy]

Warning that your not recording anyone's IP address for particular submit ID. I'd have another table that contains the IP address and id. When they vote as well as recording if it's a vote up or down like your doing I'd make it record the IP and submit id in the new table. Whenever someone tries to vote first check if the IP has already voted for that id. If not then let them vote. If they have return a message saying they've already voted.

The way it is currently anyone can vote a hundred times for the same submit.

 

[soft2050]

I see no syntax error in your php code and i guess it would be right

I guess there could be problem in mysql query:

mysql_query("UPDATE wcddl_downloads SET thumbsup=thumbsup+1 WHERE id='$id'");

Add die with mysql query:

mysql_query("UPDATE wcddl_downloads SET thumbsup=thumbsup+1 WHERE id='$id'") or die(mysql_error());

This will let you know if there's problem in the query

The other problem i am guessing is the 'good' data is not posted

Try seeing if its posted

$thumbsUp = $_POST['good']; 
    $thumbsDown = $_POST['bad']; 
     
    $id = isset($_GET['id']) ? mysql_real_escape_string(trim($_GET['id'])): ''; 
     
    if ($thumbsUp) { 
        mysql_query("UPDATE wcddl_downloads SET thumbsup=thumbsup+1 WHERE id='$id'"); 
    } else {
  die('Shit Happened and you didn't posted anything');
}

I guess it would be the above error

Edit: Just replace this too if the above doesn't works:

$id = (isset($_GET['id'])) ? mysql_real_escape_string(trim($_GET['id'])): '';

 

[Chris2k]

i tried ur code soft2050 in my leftbar.php, this what im getting even i didnt press buttton

EDIT: better thinking, im gonna add my php code to funcs.php

 

[soft2050]

i tried ur code soft2050 in my leftbar.php, this what im getting even i didnt press buttton

Hmm! Yeah! Just ignore that for now! You can try it for testing and remove afterwards
Try to press Good Download xD now
And see if it still shows that thing or something else

 

[Chris2k]

tested, no luck.


EDIT: better thinking, im gonna add my php code to funcs.php

 

[soft2050]

tested, no luck.


EDIT: better thinking, im gonna add my php code to funcs.php

Adding it to funcs.php wont help

Paste the output of the html (page source) here
There's some problem in posting data

 

[Chris2k]

here is my form,

	<form action="" method="post">
	
        <input name="good" type="button" value="Good Download xD" /> <input name="bad" type="button" value="Bad Download :)" />
    </form>

here's a test http://warezrelease.info/download-11197-Dark-Souls-(2011)-(EUR)-PS3.html

 

[Kw3rLn]

Your buttons doesnt work, are you trying to make them work? What functions they have? I didnt work with DDL scripts before.

 

[soft2050]

here is my form,

    <form action="" method="post">
    
        <input name="good" type="button" value="Good Download xD" /> <input name="bad" type="button" value="Bad Download :)" />
    </form>

here's a test http://warezrelease.info/download-11197-Dark-Souls-(2011)-(EUR)-PS3.html

Wheres the submit button?
Add it somewhere and it will be fine

 

[Chris2k]

ty m8, it works.

obvios fix lol, any suggestions to recoord IP?

 

[soft2050]

ty m8, it works.

obvios fix lol, any suggestions to recoord IP?

Use $_SERVER['REMOTE_ADDR'] for getting user ip
Add it in a table and search for the ip in the database! Add only if it doesn't existAlso, it would be better if you use RadioButtons

 

[Putin]

@MP3Drug: isset() returns boolean TRUE or FALSE so using a ternary operator won't do anything better..

Yes as I said.. "I've changed a few things to clean the script up to make it work better. But it wont solve the problem..."

:-)

He uses isset() on other parts of the script but not the parts where it's actually needed to be a 100% error free snippet of script.

Also that $id = isset($_GET['id']) ? mysql_real_escape_string(trim($_GET['id'])): '';
it rather pointless... only a (int) is required as mysql_real_escape_string() makes an unnecassary database query.

 

[Putin]

Actually, using the IP is no longer a thing which webmasters should use in my own personal opinion. Many people have dynamic IP addresses - some even have a new IP every page load.

I'd use a md5 hash to be sent which blocks multiple inserts and also if they manage to unset the session of there end... the md5 can confirm it's the same or similar browser - in the md5 I'd have user agent and other header information (more header information the better, makes them more unique + a day / month via date()).

^ and that would mean you'd be XSS protected.

 

[Chris2k]

ok so now im adding an IP check, here's what ive come up with:

	$IP = gethostbyname($_SERVER['REMOTE_ADDR']);
    $id = (isset($_GET['id'])) ? mysql_real_escape_string(trim($_GET['id'])): ''; 
	
 	$check = "SELECT ip FROM wcddl_downloads WHERE id = '$id'";
    $result = mysql_query($check) or die(mysql_error());
	
	if ($IP == $result) {
		$thumbsHTML .= 'You have already voted';
	} else {
		$thumbsHTML .= '
		<center>
		<form action="" method="post">
        
	        <input name="good" type="submit" value="." id="upBtn" /><br />
			<input name="bad" type="submit" value="." id="downBtn" />
        
    	</form>
	    </center>';
	}

doesnt seem to work, why? any help.

 

[soft2050]

ok so now im adding an IP check, here's what ive come up with:

    $IP = gethostbyname($_SERVER['REMOTE_ADDR']);
    $id = (isset($_GET['id'])) ? mysql_real_escape_string(trim($_GET['id'])): ''; 
    
     $check = "SELECT ip FROM wcddl_downloads WHERE id = '$id'";
    $result = mysql_query($check) or die(mysql_error());
    
    if ($IP == $result) {
        $thumbsHTML .= 'You have already voted';
    } else {
        $thumbsHTML .= '
        <center>
        <form action="" method="post">
        
            <input name="good" type="submit" value="." id="upBtn" /><br />
            <input name="bad" type="submit" value="." id="downBtn" />
        
        </form>
        </center>';
    }

doesnt seem to work, why? any help.

I see no point why you should use gethostbyname after getting user ip
And you are checking the ip with the mysql query results :O
[STRIKE]$IP == $result[/STRIKE]

Use mysql_num_rows to count results! Try this:

    $IP = $_SERVER['REMOTE_ADDR'];
    $id = (isset($_GET['id'])) ? mysql_real_escape_string(trim($_GET['id'])): ''; 
    
    $check = "SELECT ip FROM wcddl_downloads WHERE id = '$id'";
    $result = mysql_query($check) or die(mysql_error());
    
    if (mysql_num_rows($result)==0) {
        $thumbsHTML .= '
        <center>
        <form action="" method="post">
        
            <input name="good" type="submit" value="." id="upBtn" /><br />
            <input name="bad" type="submit" value="." id="downBtn" />
        
        </form>
        </center>';
    } else {
       $thumbsHTML .= 'You have already voted';
    }