• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

PHP voting problem

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
JJ White

JJ White

Registered
Joined
Oct 11, 2012
Location
The Netherlands
Hi,
I have a problem, when trying to cast a vote using this vote script some people can vote e.g. naam = Rob and leerlingnummer = 132348 but name = Rhea and leerlingnummer = 132772 can't vote and gets the error on line 54 (Dit leerlingennummer hoort niet bij deze leerling).
How do I fix this?

Page here http://informatica.pvanhorne.nl/~lsd2013/
PHP: 
<?php
$melding = '';
$melding2 = '';
$error = 0;

//if (date('W') != '48') {
//  header('Location: novote.php');
//}

if(isset($_POST['submit']))
{	
	if(empty($_POST['firstname']) OR empty($_POST['username']))
	{
		$error = 1;
		$melding .= 'Wel alles invullen slimbo!';
	}
	else
	{

		$_POST['firstname'] = str_replace('é','e',$_POST['firstname']);
		$_POST['firstname'] = str_replace('á','a',$_POST['firstname']);
		$_POST['firstname'] = str_replace('ë','e',$_POST['firstname']);
		$_POST['firstname'] = str_replace('è','e',$_POST['firstname']);
		$_POST['firstname'] = str_replace('ö','o',$_POST['firstname']);
		$_POST['firstname'] = str_replace(' ','',$_POST['firstname']);
		$_POST['username']  = str_replace(' ','',$_POST['username']);
		$_POST['firstname'] = ucfirst($_POST['firstname']);
	
		$mys=mysql_connect("//u no see my password!//") or die (mysql_error());	
		mysql_select_db("db_lsd2013",$mys) or die (mysql_error());	
		
		$query = mysql_query("SELECT username FROM stemmen WHERE username = ".mysql_real_escape_string($_POST['username']));
		if(mysql_num_rows($query) > 0)
		{
			$error = 1;
			$melding .= 'Je mag maar één keer stemmen.<br/>';
		}
		
		$sql = "SELECT username, firstname FROM students WHERE username = ".mysql_real_escape_string($_POST['username']);
		$query = mysql_query($sql);	
		if(mysql_num_rows($query) > 0)
		{
			$get = mysql_fetch_assoc($query);
	
			if($_POST['keuze1'] == 0) 
			{
				$error = 1;
				$melding .= 'Wel een thema kiezen slimbo...<br/>';
			}
			
			if($get['firstname'] != $_POST['firstname'])
			{
				$error = 1;
				$melding .= 'Dit leerlingennummer hoort niet bij deze leerling.<br/>';	
			}
	
		}
		else
		{
			$error = 1;
			$melding .= 'Alleen leerlingen van HAVO 5 en VWO 6 mogen stemmen.<br/>';
		}

		if($error == 0)
		{
			$melding2 = 'Je hebt gestemd!';
			$ip = $_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'];
			$datijd = date("m-d-y H:i:s");
			$query = mysql_query("INSERT INTO stemmen VALUES ('".mysql_real_escape_string($_POST['username'])."','".mysql_real_escape_string($_POST['firstname'])."','".$_POST['keuze1']."','".$ip."','".$datijd."')");
		}
	}
}

?>
Please help, this needs to be working on monday...
 
Last edited:
It looks like you've missed quotes around the escaped value in this SQL query:

Code: 
$query = mysql_query("SELECT username FROM stemmen WHERE username = ".mysql_real_escape_string($_POST['username']));

MySQL needs those quotes to know that you're using a string literal instead of a column name.

Instead, try this:
Code: 
$query = mysql_query("SELECT username FROM stemmen WHERE username = '".mysql_real_escape_string($_POST['username'])."'");

Also, while debugging only, it's useful to see all of the errors and warnings that PHP generates. Try the following lines at the top of your script:
Code: 
<?php
ini_set('display_errors', true);
error_reporting(E_ALL);

/EDIT: The same applies to the other SELECT query in this script. Both should be wrapping that value in single quotes.
 
Last edited:
I don't know, I haven't checked all 250 persons, but the 20 I tested worked, except that one. I checked the data, nothing unusual...

I edited a few things so here is the update:
PHP: 
<?php
$melding = '';
$melding2 = '';
$error = 0;
$disabled = '';

if (date('W') != '48') {
  $disabled = 'disabled';
  
  if (date('W') > '48') {
	$melding .= 'Je mag nu niet meer stemmen!<br/>';
  }
  else {
	$melding .= 'Je mag nu nog niet stemmen!<br/>';
  }
}

if(isset($_POST['submit']))
{	
	if(empty($_POST['firstname']) OR empty($_POST['username']))
	{
		$error = 1;
		$melding .= 'Alles invullen aub.<br/>';
	}
	else
	{
		$_POST['firstname'] = str_replace('é','e',$_POST['firstname']);
		$_POST['firstname'] = str_replace('á','a',$_POST['firstname']);
		$_POST['firstname'] = str_replace('ë','e',$_POST['firstname']);
		$_POST['firstname'] = str_replace('è','e',$_POST['firstname']);
		$_POST['firstname'] = str_replace('ö','o',$_POST['firstname']);
		$_POST['firstname'] = str_replace(' ','',$_POST['firstname']);
		$_POST['username']  = str_replace(' ','',$_POST['username']);
		$_POST['firstname'] = ucfirst($_POST['firstname']);
	
		$mys=mysql_connect("//login stuffs here//") or die ("Er is een fout opgetreden. Stuur aub het volgende naar [email protected].".mysql_error());	
		mysql_select_db("db_lsd2013",$mys) or die ("Er is een fout opgetreden. Stuur aub het volgende naar [email protected].".mysql_error());	
		
		$query = mysql_query("SELECT username FROM stemmen WHERE username = '".mysql_real_escape_string($_POST['username'])."'");
		if(mysql_num_rows($query) > 0)
		{
			$error = 1;
			$melding .= 'Je mag maar één keer stemmen.<br/>';
		}
		
		$sql = "SELECT username, firstname FROM students WHERE username = '".mysql_real_escape_string($_POST['username'])."'";
		$query = mysql_query($sql);	
		if(mysql_num_rows($query) > 0)
		{
			$get = mysql_fetch_assoc($query);
			if($_POST['keuze1'] == 0) 
			{
				$error = 1;
				$melding .= 'Thema kiezen aub.<br/>';
			}
			if($get['firstname'] != $_POST['firstname'])
			{
				$error = 1;
				$melding .= 'Dit leerlingennummer hoort niet bij deze leerling.<br/>';	
			}
		}
		else
		{
			$error = 1;
			$melding .= 'Alleen leerlingen van HAVO 5 en VWO 6 mogen stemmen.<br/>';
		}
		if($error == 0)
		{
			$melding2 = 'Je hebt gestemd!';
			$ip = $_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'];
			$datijd = date("d-m-y H:i:s");
			$query = mysql_query("INSERT INTO stemmen VALUES ('".mysql_real_escape_string($_POST['username'])."','".mysql_real_escape_string($_POST['firstname'])."','".$_POST['keuze1']."','".$ip."','".$datijd."')");
		}
	}
}

?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>VOTE LSD 2013!</title>
<meta name="robots" content="noindex, nofollow">
<link rel="icon" type="image/png" href="icon.png">
<style>
body {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 15px;
	background: #00A7CB;
	background-image: url("LSD.jpg");
}
input[type=text], select {
	width: 300px;
}
#container {
	margin: 40px auto;
	width: 550px;
	padding: 20px;
	background: #F6F6F6;
	-moz-box-shadow: 0 0 9px #545454;
	-webkit-box-shadow: 0 0 9px #545454;
	box-shadow: 0 0 9px #545454;
	-moz-user-select: none;
	-webkit-user-select: none;
	vertical-align: middle;
	margin-left: auto;
    margin-right: auto;
	text-align: center;
}
table tr {
	height: 35px;
	vertical-align: middle;
	margin-left: auto;
    margin-right: auto;
	text-align: left;
}
</style>
</head>
<body>
<div id="container">
<h1>Stem op een thema voor LSD 2013!</h1>
<p style="color: red;"><strong><?php echo $melding; ?></strong></p>
<p style="color: green;"><strong><?php echo $melding2; ?></strong></p>
<form method="post">
<table>
	<tr>
		<td width="200"><label for="firstname">Voornaam:</label></td>
		<td><input name="firstname" type="text" placeholder="Voornaam" autofocus <?php echo $disabled?>/></td>
	</tr>
	<tr>
		<td><label for="username">Leerlingnummer:</label></td>
		<td><input name="username" type="text" placeholder="Leerlingnummer" <?php echo $disabled?>/></td>
	</tr>
	<tr>
		<td><label for="keuze1">Keuze:</label></td>
		<td>
			<select name="keuze1" <?php echo $disabled?>>
				<option value="0">Kies een thema</option>
				<option value="1">Bootcamp</option>
				<option value="2">Jersey Shore</option>
				<option value="3">Nooit Meer Slapen</option>
				<option value="4">Playboy Mansion</option>
				<option value="5">Sprookjesbos</option>		
			</select>
		</td>
	</tr>
	<tr>
		<td> </td>
		<td><input type="submit" name="submit" value="Vote!" style="margin-top:20px;" <?php echo $disabled?>></td>
	</tr>
</table>
</form>
<p style="font-size: 10px;">Heb je problemen met stemmen stuur dan een mail naar [email protected].</p>
</div>
</body>
</html>
 
I suspect it's a problem with the data too. Try printing the comparison between:
$get['firstname'] != $_POST['firstname']

If there is no visible differences, it's possible that your database character encoding is different than what the user is submitting. (eg: UTF-8)
 
My dbase uses utf8_unicode_ci , isn't that the same as utf-8?

I already checked if there were any visible unsimilarities, but there aren't.
 
Last edited:
If I had to guess, I'd guess that there is more than one entry with the username '132772', or that that username doesn't belong to your user Rhea.
 
No, i checked, but I think I'm going to leave it like this since the voting has already begun and I manually entered that one vote.
 
You must log in or register to reply here.

Similar threads

raident30
mysql database not updating
Replies
8
Views
2K
dropadrop
dropadrop
joshhua5
Registration Problem PHP
Replies
6
Views
2K
joshhua5
joshhua5
joshhua5
PHP problem
Replies
16
Views
2K
joshhua5
joshhua5
G
SQL/PHP. I could do with some advice on adding records.
Replies
3
Views
858
grs
G
ps2cho
This login script sticks at login page
Replies
11
Views
876
ps2cho
ps2cho
Back