Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $connection = mysqli_connect('localhost', 'root', '', 'test');
- mysqli_set_charset($connection, 'utf8');
- if (!$connection) {
- die("Database connection failed: " . mysqli_error());
- }
- $sql = "SELECT QuestionHeader, QuestionText, QuestionVotes FROM question ORDER BY QuestionVotes DESC LIMIT 3";
- $result = $connection->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- while($row = $result->fetch_assoc()) {
- echo "<div class="col-md-4"><h2>". $row["QuestionHeader"]. "</h2><p>". $row["QuestionText"]. "</p><p><a class="btn btn-success"> " . $row["QuestionVotes"] . "</a></p></div>";
- }
- } else {
- echo "0 results";
- }
- $connection->close();
- ?>
- $dbname = "DB HERE";
- $servername = "HOST HERE";
- $username = "DB USER HERE";
- $password = "DB PASSWORD HERE";
- // Create connection
- $conn = mysqli_connect($servername, $username, $password, $dbname);
- if(isset($_GET['id']))
- {
- ///Check to see if user already voted
- $result = $conn->query("SELECT * FROM User_Votes where user id = $session_id and question_id = $id");
- $row_cnt = $result->num_rows;
- if($row_cnt < 1)
- {
- ///SQL to insert vote into Users Votes table
- }else
- {
- //Vote already exists
- }
- }
- // Loop through questions for voting
- $result = mysqli_query($conn,"select * from questions");
- while($db_questions = mysqli_fetch_object($result))
- {
- echo $db_questions->question_title;
- echo '- <a href="mypage.php?id=$db_questions->question_id">Click to Vote</a>;
- }
- <?php
- // Need to assign the user's ID to a variable ($userID) to pass to the form.
- $userID = '123'; // this needs to be handled on your end.
- // updated sql to include Id and voters
- $sql = "SELECT QuestionID, QuestionHeader, QuestionText, QuestionVotes, QuestionVoters FROM question ORDER BY QuestionVotes DESC LIMIT 3";
- while($row = $result->fetch_assoc()) {
- $voters = json_decode($row['QuestionVoters'], true); // array of userid's that have voted
- IF (in_array($userID, $voters)) {
- // user has voted
- echo "n
- <div class="col-md-4">
- <h2>". $row["QuestionHeader"]. "</h2>
- <p>". $row["QuestionText"]. "</p>
- <p>" . $row["QuestionVotes"] . "</p>
- </div>";
- }ELSE{
- // user has not voted
- echo "n
- <div class="col-md-4">
- <form action="vote_processing.php" name="voting" method="post">
- <input type="hidden" name="qid" value="".$row['QuestionID']."" />
- <input type="hidden" name="userid" value="".$userID."" />
- <h2>". $row["QuestionHeader"]. "</h2>
- <p>". $row["QuestionText"]. "</p>
- <p><button type="submit" value="Submit">" . $row["QuestionVotes"] . "</button></p>
- </form>
- </div>";
- }
- }
- ?>
- <?php
- IF (isset($_POST['qid'])) {
- $qid = htmlspecialchars(strip_tags(trim($_POST['qid']))); // basic sanitization
- $userid = htmlspecialchars(strip_tags(trim($_POST['userid']))); // basic sanitization
- IF ( (is_int($qid)) && (is_int($userid)) ) { // validate that both are integers
- // db connection
- $connection = mysqli_connect('localhost', 'root', '', 'test');
- mysqli_set_charset($connection, 'utf8');
- if (!$connection) {
- die("Database connection failed: " . mysqli_error());
- }
- // Get voters array
- $sql = "SELECT QuestionVoters FROM question WHERE QuestionID = '".$qid."'";
- $result = $connection->query($sql);
- if ($result->num_rows > 0) {
- while($row = $result->fetch_assoc()) {
- IF (!empty($row['QuestionVoters'])) {
- // decode users array
- $voters = json_decode($row['QuestionVoters'], true);
- }ELSE{
- $voters = array(); // create array
- }
- }
- mysqli_free_result($result);
- // re-validate the userID "is not" in array
- IF (!in_array($userid, $voters)) { // note the ! [meaning NOT].
- $voters[] = $userid; // add userid to voters array
- $qvoters = json_encode($voters); // encode voters array
- // update vote
- $sql_upd = "UPDATE question SET QuestionVotes = QuestionVotes + 1, QuestionVoters = $qvoters WHERE QuestionID = '".$qid."'";
- $upd_result = $connection->query($sql_upd);
- }
- }
- mysqli_close($connection);
- }
- }
- // redirct back to previous page
- ?>
Add Comment
Please, Sign In to add comment