Menu
I have a comics website where I'd like to allow users to vote once per comic and once per piece of artwork.
There seems to be two problems with my code:
1) I only want one user voting once per image... so I want to capture their information and store it in a database. I have a ON DUPLICATE KEY UPDATE, but it gives me the following syntax error even though I haven't found ANYTHING wrong with it:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table = VALUES(table), imgid = VALUES(imgid)' at line 7
An example of it allowing multiple entries into the database for the same IP:
2) It's still allowing one user to vote multiple times.
$sql = "SELECT ip FROM votes WHERE ip = \"".$_SERVER['REMOTE_ADDR']."\" AND table_name = $table AND imgid = $imgid";
$result = $mysqli->query($sql);
var_dump($result);
Full code:
<?php
include 'dbconnect.php';
$site = $_GET['_site'];
$imgid = intval($_GET['_id']);
$input = $_GET['_choice'];
if ($site == "artwork") {
$table = "artwork";
}
else {
$table = "comics";
}
$result = $mysqli->query("SELECT like_count, dislike_count FROM $table WHERE id = $imgid");
list($likes, $dislikes) = $result->fetch_array(MYSQLI_NUM);
$sql = "INSERT INTO
votes (ip, table_name, imgid)
VALUES
(\"".$_SERVER['REMOTE_ADDR']."\", \"$table\", $imgid)
ON DUPLICATE KEY UPDATE
ip = VALUES(ip),
table = VALUES(table),
imgid = VALUES(imgid)";
$mysqli->query($sql);
echo $mysqli->error;
echo "<br/>";
$sql = "SELECT ip FROM votes WHERE ip = '".$_SERVER['REMOTE_ADDR']."' AND table_name = '$table' AND imgid = $imgid";
$result = $mysqli->query($sql);
echo $mysqli->error;
if ($result->num_rows == 0) {
if ($input == "like") {
$sql = "UPDATE $table SET like_count = like_count + 1 WHERE id = $imgid";
$mysqli->query($sql);
$likes++;
}
else if ($input == "dislike") {
$sql = "UPDATE $table SET dislike_count = dislike_count + 1 WHERE id = $imgid";
$mysqli->query($sql);
$dislikes++;
}
echo "Likes: " . $likes . ", Dislikes: " . $dislikes;
}
else {
echo "You have already voted";
}
mysqli_close($mysqli);
?>
Echoing out sql:
echo "sql: ". $sql;
Produces:
sql: INSERT INTO votes (ip, table_name, imgid) VALUES ("127.0.0.1", "comics", 34) ON DUPLICATE KEY UPDATE ip = VALUES(ip), table = VALUES(table), imgid = VALUES(imgid)
Any help would be greatly appreciated!
775
What you're seeing is table is one of the MySQL reserved words but you're trying to use it as a column name. Your column is actually called table_name based on your question, though.
A query with placeholders looks like:
INSERT INTO votes (ip, table_name, imgid)
VALUES (?, ?, ?)
ON DUPLICATE KEY UPDATE
ip=VALUES(ip),
table_name= VALUES(table_name),
imgid=VALUES(imgid)
Remember with mysqli you can execute this query by doing this:
$sth = $mysqli->prepare("...");
$sth->bind_param("sss", $_SERVER['REMOTE_ADDR'], $table, $imgid);
$sth->execute();
The documentation describes this process in more detail, but the "sss" thing refers to three strings, and the three values are passed in as parameters.
You should probably be using PDO as it's a lot less fussy to use than mysqli. Even better would be to use a database framework like Doctrine to do a lot of the SQL dirty work for you. Even better still would be to use a framework like CodeIgnighter, CakePHP or FuelPHP to give you a foundation to build on. Constructing applications by hand from the ground up is extremely time-consuming and significantly more error prone.
Another thing to note is you should try and use consistent naming in your code. You refer to $table as a value for table_name, so it should presumably be $table_name to start with.
87
You query fails but you do not check that and try to use $result but it is not an object bug false. And it fails, because you should be like this:
$sql = "SELECT ip FROM votes WHERE ip = '".$_SERVER['REMOTE_ADDR']."' AND table_name = $table AND imgid = $imgid";
(string values are quoted with single quote ')
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
