Simple PHP Voting System

Question

I have a simple application which allows users to submit 'problems' and then comment on them. I am attempting to make a simple voting system so users can 'vote up' problems which in turn will push them higher up a list. I have some basic knowledge of PHP and everything so far is working, I just can't figure out how to get this to work.

I've followed a tutorial online and so far have this on my problem.php page...

if (isset($_GET['vote'], $_GET['id'])){
        add_problem_vote($_GET['id]'], $_GET['vote']);
    }

<a href="?vote=up&amp;id=<?php echo $problemID; ?>">Vote</a>

And on my functions.php page...

function add_problem_vote($problemID, $vote){

    $problemID = (int)$problemID;

    $vote = ($vote === 'up') ? '+' : '-';

    $sql = "UPDATE `problems` SET `votes` = `votes` {$vote} 1 WHERE `id` = {$problem_id}";

    mysql_query($sql);
}

All my table fields are definitely named correctly. I know there are many things to consider like re-voting after the session has closed but as long as I have shown the idea it doesn't have to be perfect. At the minute when the link is clicked it redirects to a page but the votes don't change in the mysql table.

Answer 1

Use 'And' between both data in is-set function or simply one of the data can be use for is-set function.

 if (isset($_GET['vote'] &&  $_GET['id'])){
                add_problem_vote($_GET['id]'], $_GET['vote']);
            }

        <a href="?vote=up&amp;id=<?php echo $problemID; ?>">Vote</a>



    function add_problem_vote($problem_id,$vote)
{
$query_select="select votes from problems where id='".$problem_id."'";
$query_run=mysql_query($query_select);
if(mysql_num_rows($query_run)>0)
{
$vote_num=mysql_result($query_run,0,votes)
if($vote==up)
$vote_num=+$vote_num;
else
$vote_num=-$vote_num
}
$sql = "UPDATE `problems` SET `votes` = '$vote_num'  WHERE `id` = '".$problem_id.'"";

    mysql_query($sql);

}

Answer 2

Please check the following for the errors

• Include the functions.php in problem.php
• Use mysqli_query($sql) insted of mysql_query($sql).Because it is deprecated.You can use PDO also
• Use die(mysqli_error($connection_varible)) function to track sql errors.

Answer 3

If you want to go on with your first solution the query should be:

$sql = "update `problems` set `votes` = `votes` + 1 where `id` = '$problem_id'";

Answer 4

I am sorry for my bad english. I hope you will understand it :) So for first is better use mysqli or pdo. And if you create new table for vote you will have a more options to do with it in the future (join ranks with users, average concrete user ranks, verify if user has had voted before, ...)

Inspiration to do: User side (for send use jquery - ajax):

<a href="IDOFPROBLEM" title="VoteUp" class="voteUp">VoteUp</a>
    <script>
        $(document).ready(function() {
            $(".voteUp").click(function(e) {
                e.preventDefault();

                var id = $(this).attr("href");

                $.ajax({
                    type: "POST",
                    //This is destination of php script
                    url: "YOURVOTEUPFILE.php?vote=up",
                    data: {id: id}
                })
                        .done(function(msg) {
                    //msg contains data from php script so you can show message to user good or bad :)
                    alert(msg);
                });
            });
        });
    </script>

Server side:

final class manageVote {

    /**
     * Id of problem
     * @var int|string 
     */
    private $voteFor;
    /**
     * Id of user
     * @var int|string 
     */
    private $whoVote;

    /**
     * Mysqli
     * @var \mysqli 
     */
    private $database;

    /**
     * Construct - initialize variable
     * @param int|string $voteFor
     * @param int|string $whoVote
     * @param \mysqli $db
     */
    public function __construct($voteFor, $whoVote, &$db) {

        $this->voteFor = $voteFor;
        $this->whoVote = $whoVote;
        $this->database = $db;
    }

    /**
     * Try to make vote
     * @param string $upOrDown "up" or "down"
     * @return boolean
     */
    public function vote($upOrDown) {
        if (!$this->verifyIfUserCannote() || ($upOrDown != "up" && $upOrDown != "down"))
            return false;
        //Change database name to your name
        //Better solution is sql table for all ranks
        //And you need "whoVote" because I think one problem - one vote for one user
        /*
         * Table could be:
         * idvote PK NN AI
         * vote INT NN
         * idproblems FK NN
         * whoVote FK NN
         */
        $sql = "INSERT INTO `DATABASENAME`.`problems` (`idproblems`, `vote`, `whoVote`) VALUES('" . $this->voteFor . "', '" .
                ($upOrDown == "up" ? 1 : -1) . "', '" . $this->whoVote . "')";
        $query = $this->database->query($sql);
        if (!$query)
            return false;
        return true;
    }


    private function verifyIfUserCannote() {
        $sql = "SELECT COUNT(*) AS 'cnt' FROM `DATABASENAME`.`problems` WHERE `idproblems` = '" . $this->voteFor . "' AND `whoVote` = '" . $this->whoVote . "'";

        $query = $this->database->query($sql);

        if (!$query)
            return false;

        $result = mysqli_fetch_array($query);

        return ($result["cnt"] == 0 ? true : false);
    }

}

if (isset($_GET["vote"])) {
    $voteClass = new manageVote($_POST["id"], $someYourIdentificatorWhoVote, $mysqliDatabaseReference);

    echo ($voteClass->vote($_GET["vote"]) == true ? "TRUE" : "FALSE");
}
 else 
     echo "FALSE";

For final rank of vote use SQL command SELECT SUM(vote) FROM ....... GROUP BY idProblems

Answer 5

First the query it's not correct

$sql = "UPDATE `problems` SET `votes` = `votes` {$vote} 1 WHERE `id` = {$problem_id}";

Correction

$sql = "update `problems` set `votes` = '$vote' where `id` = '$problem_id'";

I'll suggest another way. Make a table votes with these colums: - user (id of the user) - question (id of the thing that needs to be voted) - vote (or a number (example: 0 to 4) or the option (a,b,c...) )

primary key = user, question

now you can easilly insert / update the vote

mysql_query("replace into votes values ( $userid, $question, $vote )");

DONE! and you can easilly get the avg (if you have choosed the vote to be a number) or the number of votes (if you have choosed options)!

Answer 6

$sql = "UPDATE `problems` SET `votes` = `votes` ".$vote." 1 WHERE `id` = ".$problem_id;
mysql_query($sql) or die(mysql_error());

Check what error you are getting ?

Answer 7

Not quite sure on this at all but:

$problemID = (int)$problemID;

should it be:

$problemID = intval($problemID);

Whenever something stops working I always add an

echo $sql;

Prior to calling mysql_query(); that way I can copy and paste the result into an SQL Browser and see if it's correct.

EDIT: Had another look and as some one has previously escaped the SQL statement I thought it might be worth mentioning to try:

$sql = "UPDATE `problems` SET `votes` = `votes` {$vote} 1 WHERE `id` = {$problem_id}";

To:

$sql = "UPDATE `problems` SET `votes` = `votes` {".$vote."} 1 WHERE `id` = {$problem_id}";

but if all the SQL is doing is going up then why not try:

$sql = "UPDATE `problems` SET `votes` = `votes`+1 WHERE `id` = {$problem_id}";

as it's exactly what you are doing then there's no need for the $vote parameter to be passed.

Other easy debugging options are:

print_r($_POST); // to show all the POSTED variables from a form
print_r($_GET);  // to show all the parameters from the URL 

BBloke

Answer 8

That does not work this way because you don't have established a MYSQL connection to your database, I guess.

For my PHP projects I (re)use a class I once wrote everytime, wrapping all these functions, with proper error handling etc.

Maybe you should think about something like this, OR you at least need to add mysql_connect before executing queries.

Hope that helps.

Answer 9

try this :

"UPDATE `problems` SET `votes` = `votes` ".mysql_real_escape_string($vote)." 1 WHERE `id` = ".mysql_real_escape_string($problem_id);