• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 376
  • Last Modified:

UPDATE mysql

Hello, I want in the following script

<?php
ob_start();
?>
<?php
// include/require hier evt nog andere zaken
require ("../scripts/connect.php");
// we willen op deze pagina gebruik maken van beveiliging mbv sessies,
// dus includen (requiren) we session.php
require("../scripts/session.php");

   // Fetch the article category
   $rsc = mysql_query("SELECT category FROM articles WHERE id=$_GET[id]") or die(mysql_error());
   $row = mysql_fetch_array($rsc);
      $cat = $row['category'];

  if (($cat == 2) && ((int)$_SESSION['slevel'] < 2)) {
      header("Location:accessdenied.php");
      exit(); //stop the script.
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>KB RBINS</title>
<link rel="stylesheet" type="text/css" href="../main.css" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
</head>
<body>
   <!-- Begin Wrapper -->
   <div id="wrapper">
         <!-- Begin Header -->
         <div id="header">
                  <h1>Knowledgebase System RBINS</h1>       
             </div>
             <!-- End Header -->
         <!-- Begin Faux Columns -->
             <div id="faux">            
                   <!-- Begin Left Column -->
                   <div id="leftcolumn">      
                     <?php
                            include("../scripts/checkuser.php");
                     ?>       
                   </div>
                   <!-- End Left Column -->
                   <!-- Begin Right Column -->
                   <div id="rightcolumn">      
                     <center><h2>Result</h2></center>             
                       <?php
                  $res=mysql_query("SELECT ID, title, article, author FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r = mysql_fetch_array($res);
                  $article = nl2br($r['article']);
                  echo '<div class="result"><h3>KB'.$r['ID'].'&nbsp; - &nbsp;'.$r['title'].'</h3><br />';
                  echo $article;
                  $res2=mysql_query("SELECT score, counter FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r2 = mysql_fetch_array($res2);
                  if ($r2['counter']=="0") {
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>No grade has been given yet</h6></div>' ;}
                        else {
                        $r3=round ($r2['score']/$r2['counter'],2);//2 or less decimals
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>Grade:&nbsp;'.$r3.'&nbsp;('.$r2['counter'].'&nbsp;vote(s))</h6></div>';}
                  ?>      
                  <br />
                  <?php
                        include("../scripts/counting.php");
                  ?>
                  <br />
                  <a href="../index.php">Another search?</a>
                     <div class="clear"></div>                     
                   </div>
                   <!-- End Right Column -->                     
                     <div class="clear"></div>                     
         </div>         
         <!-- End Faux Columns -->
         <!-- Begin Footer -->
         <div id="footer">                  
               <h4>Jo Vanattenhoven&copy;2007</h4>            
         </div>
             <!-- End Footer -->            
   </div>
   <!-- End Wrapper -->
</body>
</html>
<?php
ob_end_flush();
?>

add +1 into the views field of my articles table. It should probably be done through UPDATE. Can I do this in the first lines (so after including connect.php and session.php) or do I need to do that somewhere else
0
jvuz
Asked:
jvuz
  • 6
  • 5
  • 5
  • +1
3 Solutions
 
Aamir SaeedCommented:
not sure what do you want exactly?
0
 
jvuzAuthor Commented:
Everytime a page is viewed, I want to add +1 on the views field. So that way, afterwards I can add somewhere else how many times some article has been viewed.
0
 
elfe69Commented:
You can do it at the beginning, before fetching your article category, add the following line:

mysql_query("UPDATE articles SET views = (views + 1) WHERE id=$_GET[id]") or die(mysql_error());
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
Aamir SaeedCommented:
mysql_query("UPDATE articles SET views = (views + 1) WHERE id='".$_GET[id]."'") or die(mysql_error());
0
 
Cornelia YoderArtistCommented:
You can do it at any point in the code that you wish.

However, do NOT do this, as a couple of people have said:

mysql_query("UPDATE articles SET views = (views + 1) WHERE id='".$_GET[id]."'") or die(mysql_error());

Using a $_GET value directly in a query opens you wide open to SQL Injection hacking!!!  NEVER EVER use a $_GET or $_POST variable directly in a query.  ALWAYS pass it through a safety value like

$id = htmlentities($_GET["id"], ENT_QUOTES);

Then, you can use it without danger, as

mysql_query("UPDATE articles SET views = views+1 WHERE id='$id') or die(mysql_error());



0
 
jvuzAuthor Commented:
I'm having several problems now:

<?php
ob_start();
?>
<?php
// include/require hier evt nog andere zaken
require ("../scripts/connect.php");
// we willen op deze pagina gebruik maken van beveiliging mbv sessies,
// dus includen (requiren) we session.php
require("../scripts/session.php");
mysql_query("UPDATE articles SET views = (views + 1) WHERE id='".$_GET[id]."'") or die(mysql_error());
   // Fetch the article category
   $rsc = mysql_query("SELECT category FROM articles WHERE id=$_GET[id]") or die(mysql_error());
   $row = mysql_fetch_array($rsc);
      $cat = $row['category'];

  if (($cat == 2) && ((int)$_SESSION['slevel'] < 2)) {
      header("Location:accessdenied.php");
      exit(); //stop the script.
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>KB RBINS</title>
<link rel="stylesheet" type="text/css" href="../main.css" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
</head>
<body>
   <!-- Begin Wrapper -->
   <div id="wrapper">
         <!-- Begin Header -->
         <div id="header">
                  <h1>Knowledgebase System RBINS</h1>       
             </div>
             <!-- End Header -->
         <!-- Begin Faux Columns -->
             <div id="faux">            
                   <!-- Begin Left Column -->
                   <div id="leftcolumn">      
                     <?php
                            include("../scripts/checkuser.php");
                     ?>       
                   </div>
                   <!-- End Left Column -->
                   <!-- Begin Right Column -->
                   <div id="rightcolumn">      
                     <center><h2>Result</h2></center>             
                       <?php
                  $res=mysql_query("SELECT ID, title, article, author, FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r = mysql_fetch_array($res);
                  $article = nl2br($r['article']);
                  echo '<div class="result"><h3>KB'.$r['ID'].'&nbsp; - &nbsp;'.$r['title'].'</h3><br />';
                  echo $article;
                  $res2=mysql_query("SELECT score, counter, views FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r2 = mysql_fetch_array($res2);
                  if ($r2['counter']=="0") {
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>No grade has been given yet</h6></div>' ;}
                        else {
                        $r3=round ($r2['score']/$r2['counter'],2);//2 or less decimals
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>Grade:&nbsp;'.$r3.'&nbsp;('.$r2['counter'].'&nbsp;vote(s))</h6><h6>Viewed:&nbsp;'.$r2['views'].'&nbsp;</h6></div>';}
                  ?>      
                  <br />
                  <?php
                        include("../scripts/counting.php");
                  ?>
                  <br />
                  <a href="../index.php">Another search?</a>
                     <div class="clear"></div>                     
                   </div>
                   <!-- End Right Column -->                     
                     <div class="clear"></div>                     
         </div>         
         <!-- End Faux Columns -->
         <!-- Begin Footer -->
         <div id="footer">                  
               <h4>Jo Vanattenhoven&copy;2007</h4>            
         </div>
             <!-- End Footer -->            
   </div>
   <!-- End Wrapper -->
</body>
</html>
<?php
ob_end_flush();
?>

First I get:
Use of undefined constant id - assumed 'id'
Then I get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM articles WHERE id = '34'' at line 1
0
 
Aamir SaeedCommented:
try
<?php
ob_start();
?>
<?php
// include/require hier evt nog andere zaken
require ("../scripts/connect.php");
// we willen op deze pagina gebruik maken van beveiliging mbv sessies,
// dus includen (requiren) we session.php
require("../scripts/session.php");
mysql_query("UPDATE articles SET views = (views + 1) WHERE id=".$_GET['id']."") or die(mysql_error());
   // Fetch the article category
   $rsc = mysql_query("SELECT category FROM articles WHERE id=$_GET[id]") or die(mysql_error());
   $row = mysql_fetch_array($rsc);
      $cat = $row['category'];

  if (($cat == 2) && ((int)$_SESSION['slevel'] < 2)) {
      header("Location:accessdenied.php");
      exit(); //stop the script.
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>KB RBINS</title>
<link rel="stylesheet" type="text/css" href="../main.css" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
</head>
<body>
   <!-- Begin Wrapper -->
   <div id="wrapper">
         <!-- Begin Header -->
         <div id="header">
                  <h1>Knowledgebase System RBINS</h1>      
             </div>
             <!-- End Header -->
         <!-- Begin Faux Columns -->
             <div id="faux">            
                   <!-- Begin Left Column -->
                   <div id="leftcolumn">      
                     <?php
                            include("../scripts/checkuser.php");
                     ?>      
                   </div>
                   <!-- End Left Column -->
                   <!-- Begin Right Column -->
                   <div id="rightcolumn">      
                     <center><h2>Result</h2></center>            
                       <?php
                  $res=mysql_query("SELECT ID, title, article, author, FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r = mysql_fetch_array($res);
                  $article = nl2br($r['article']);
                  echo '<div class="result"><h3>KB'.$r['ID'].'&nbsp; - &nbsp;'.$r['title'].'</h3><br />';
                  echo $article;
                  $res2=mysql_query("SELECT score, counter, views FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r2 = mysql_fetch_array($res2);
                  if ($r2['counter']=="0") {
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>No grade has been given yet</h6></div>' ;}
                        else {
                        $r3=round ($r2['score']/$r2['counter'],2);//2 or less decimals
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>Grade:&nbsp;'.$r3.'&nbsp;('.$r2['counter'].'&nbsp;vote(s))</h6><h6>Viewed:&nbsp;'.$r2['views'].'&nbsp;</h6></div>';}
                  ?>      
                  <br />
                  <?php
                        include("../scripts/counting.php");
                  ?>
                  <br />
                  <a href="../index.php">Another search?</a>
                     <div class="clear"></div>                    
                   </div>
                   <!-- End Right Column -->                    
                     <div class="clear"></div>                    
         </div>        
         <!-- End Faux Columns -->
         <!-- Begin Footer -->
         <div id="footer">                  
               <h4>Jo Vanattenhoven&copy;2007</h4>            
         </div>
             <!-- End Footer -->            
   </div>
   <!-- End Wrapper -->
</body>
</html>
<?php
ob_end_flush();
?>
0
 
Aamir SaeedCommented:
try

<?php
ob_start();
?>
<?php
// include/require hier evt nog andere zaken
require ("../scripts/connect.php");
// we willen op deze pagina gebruik maken van beveiliging mbv sessies,
// dus includen (requiren) we session.php
require("../scripts/session.php");
mysql_query("UPDATE articles SET views = (views + 1) WHERE id=".$_GET['id']."") or die(mysql_error());
   // Fetch the article category
   $rsc = mysql_query("SELECT category FROM articles WHERE id=".$_GET['id']."") or die(mysql_error());
   $row = mysql_fetch_array($rsc);
      $cat = $row['category'];

  if (($cat == 2) && ((int)$_SESSION['slevel'] < 2)) {
      header("Location:accessdenied.php");
      exit(); //stop the script.
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>KB RBINS</title>
<link rel="stylesheet" type="text/css" href="../main.css" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
</head>
<body>
   <!-- Begin Wrapper -->
   <div id="wrapper">
         <!-- Begin Header -->
         <div id="header">
                  <h1>Knowledgebase System RBINS</h1>      
             </div>
             <!-- End Header -->
         <!-- Begin Faux Columns -->
             <div id="faux">            
                   <!-- Begin Left Column -->
                   <div id="leftcolumn">      
                     <?php
                            include("../scripts/checkuser.php");
                     ?>      
                   </div>
                   <!-- End Left Column -->
                   <!-- Begin Right Column -->
                   <div id="rightcolumn">      
                     <center><h2>Result</h2></center>            
                       <?php
                  $res=mysql_query("SELECT ID, title, article, author, FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r = mysql_fetch_array($res);
                  $article = nl2br($r['article']);
                  echo '<div class="result"><h3>KB'.$r['ID'].'&nbsp; - &nbsp;'.$r['title'].'</h3><br />';
                  echo $article;
                  $res2=mysql_query("SELECT score, counter, views FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r2 = mysql_fetch_array($res2);
                  if ($r2['counter']=="0") {
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>No grade has been given yet</h6></div>' ;}
                        else {
                        $r3=round ($r2['score']/$r2['counter'],2);//2 or less decimals
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>Grade:&nbsp;'.$r3.'&nbsp;('.$r2['counter'].'&nbsp;vote(s))</h6><h6>Viewed:&nbsp;'.$r2['views'].'&nbsp;</h6></div>';}
                  ?>      
                  <br />
                  <?php
                        include("../scripts/counting.php");
                  ?>
                  <br />
                  <a href="../index.php">Another search?</a>
                     <div class="clear"></div>                    
                   </div>
                   <!-- End Right Column -->                    
                     <div class="clear"></div>                    
         </div>        
         <!-- End Faux Columns -->
         <!-- Begin Footer -->
         <div id="footer">                  
               <h4>Jo Vanattenhoven&copy;2007</h4>            
         </div>
             <!-- End Footer -->            
   </div>
   <!-- End Wrapper -->
</body>
</html>
<?php
ob_end_flush();
?>
0
 
jvuzAuthor Commented:
Sorry, no changes.
0
 
Aamir SaeedCommented:
try
<?php
ob_start();
?>
<?php
// include/require hier evt nog andere zaken
require ("../scripts/connect.php");
// we willen op deze pagina gebruik maken van beveiliging mbv sessies,
// dus includen (requiren) we session.php
require("../scripts/session.php");
mysql_query("UPDATE articles SET views = (views + 1) WHERE id=".$_GET['id']."") or die(mysql_error());
   // Fetch the article category
   $rsc = mysql_query("SELECT category FROM articles WHERE id=".$_GET['id']."") or die(mysql_error());
   $row = mysql_fetch_array($rsc);
      $cat = $row['category'];

  if (($cat == 2) && ((int)$_SESSION['slevel'] < 2)) {
      header("Location:accessdenied.php");
      exit(); //stop the script.
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>KB RBINS</title>
<link rel="stylesheet" type="text/css" href="../main.css" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
</head>
<body>
   <!-- Begin Wrapper -->
   <div id="wrapper">
         <!-- Begin Header -->
         <div id="header">
                  <h1>Knowledgebase System RBINS</h1>      
             </div>
             <!-- End Header -->
         <!-- Begin Faux Columns -->
             <div id="faux">            
                   <!-- Begin Left Column -->
                   <div id="leftcolumn">      
                     <?php
                            include("../scripts/checkuser.php");
                     ?>      
                   </div>
                   <!-- End Left Column -->
                   <!-- Begin Right Column -->
                   <div id="rightcolumn">      
                     <center><h2>Result</h2></center>            
                       <?php
                  $res=mysql_query("SELECT ID, title, article, author, FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r = mysql_fetch_array($res);
                  $article = nl2br($r['article']);
                  echo '<div class="result"><h3>KB'.$r['ID'].'&nbsp; - &nbsp;'.$r['title'].'</h3><br />';
                  echo $article;
                  $res2=mysql_query("SELECT score, counter, views FROM articles WHERE id = '".$_GET['id']."'") or die(mysql_error()) ;
                  $r2 = mysql_fetch_array($res2);
                  if ($r2['counter']=="0") {
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>No grade has been given yet</h6></div>' ;}
                        else {
                        $r3=round ($r2['score']/$r2['counter'],2);//2 or less decimals
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>Grade:&nbsp;'.$r3.'&nbsp;('.$r2['counter'].'&nbsp;vote(s))</h6><h6>Viewed:&nbsp;'.$r2['views'].'&nbsp;</h6></div>';}
                  ?>      
                  <br />
                  <?php
                        include("../scripts/counting.php");
                  ?>
                  <br />
                  <a href="../index.php">Another search?</a>
                     <div class="clear"></div>                    
                   </div>
                   <!-- End Right Column -->                    
                     <div class="clear"></div>                    
         </div>        
         <!-- End Faux Columns -->
         <!-- Begin Footer -->
         <div id="footer">                  
               <h4>Jo Vanattenhoven&copy;2007</h4>            
         </div>
             <!-- End Footer -->            
   </div>
   <!-- End Wrapper -->
</body>
</html>
<?php
ob_end_flush();
?>
0
 
elfe69Commented:
still the same error ?
0
 
jvuzAuthor Commented:
Now I only get: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM articles WHERE id = '34'' at line 1

I already looked at the places where there is FROM articles, but I don't see anything wrong. Do you?
0
 
elfe69Commented:
You have enclosed the id value with ' in your 2 last SELECT statements and id is a numeric field.

Try this:

<?php
ob_start();
?>
<?php
// include/require hier evt nog andere zaken
require ("../scripts/connect.php");
// we willen op deze pagina gebruik maken van beveiliging mbv sessies,
// dus includen (requiren) we session.php
require("../scripts/session.php");
mysql_query("UPDATE articles SET views = (views + 1) WHERE id=".$_GET['id']) or die(mysql_error());
   // Fetch the article category
   $rsc = mysql_query("SELECT category FROM articles WHERE id=".$_GET['id']) or die(mysql_error());
   $row = mysql_fetch_array($rsc);
      $cat = $row['category'];

  if (($cat == 2) && ((int)$_SESSION['slevel'] < 2)) {
      header("Location:accessdenied.php");
      exit(); //stop the script.
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>KB RBINS</title>
<link rel="stylesheet" type="text/css" href="../main.css" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
</head>
<body>
   <!-- Begin Wrapper -->
   <div id="wrapper">
         <!-- Begin Header -->
         <div id="header">
                  <h1>Knowledgebase System RBINS</h1>      
             </div>
             <!-- End Header -->
         <!-- Begin Faux Columns -->
             <div id="faux">            
                   <!-- Begin Left Column -->
                   <div id="leftcolumn">      
                     <?php
                            include("../scripts/checkuser.php");
                     ?>      
                   </div>
                   <!-- End Left Column -->
                   <!-- Begin Right Column -->
                   <div id="rightcolumn">      
                     <center><h2>Result</h2></center>            
                       <?php
                  $res=mysql_query("SELECT ID, title, article, author, FROM articles WHERE id = ".$_GET['id']) or die(mysql_error()) ;
                  $r = mysql_fetch_array($res);
                  $article = nl2br($r['article']);
                  echo '<div class="result"><h3>KB'.$r['ID'].'&nbsp; - &nbsp;'.$r['title'].'</h3><br />';
                  echo $article;
                  $res2=mysql_query("SELECT score, counter, views FROM articles WHERE id = ".$_GET['id']) or die(mysql_error()) ;
                  $r2 = mysql_fetch_array($res2);
                  if ($r2['counter']=="0") {
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>No grade has been given yet</h6></div>' ;}
                        else {
                        $r3=round ($r2['score']/$r2['counter'],2);//2 or less decimals
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>Grade:&nbsp;'.$r3.'&nbsp;('.$r2['counter'].'&nbsp;vote(s))</h6><h6>Viewed:&nbsp;'.$r2['views'].'&nbsp;</h6></div>';}
                  ?>      
                  <br />
                  <?php
                        include("../scripts/counting.php");
                  ?>
                  <br />
                  <a href="../index.php">Another search?</a>
                     <div class="clear"></div>                    
                   </div>
                   <!-- End Right Column -->                    
                     <div class="clear"></div>                    
         </div>        
         <!-- End Faux Columns -->
         <!-- Begin Footer -->
         <div id="footer">                  
               <h4>Jo Vanattenhoven&copy;2007</h4>            
         </div>
             <!-- End Footer -->            
   </div>
   <!-- End Wrapper -->
</body>
</html>
<?php
ob_end_flush();
?>
0
 
jvuzAuthor Commented:
Now, it's You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM articles WHERE id = 34' at line 1
0
 
elfe69Commented:
Remove the comma after author in your second SELECT statement:

<?php
ob_start();
?>
<?php
// include/require hier evt nog andere zaken
require ("../scripts/connect.php");
// we willen op deze pagina gebruik maken van beveiliging mbv sessies,
// dus includen (requiren) we session.php
require("../scripts/session.php");
mysql_query("UPDATE articles SET views = (views + 1) WHERE id=".$_GET['id']) or die(mysql_error());
   // Fetch the article category
   $rsc = mysql_query("SELECT category FROM articles WHERE id=".$_GET['id']) or die(mysql_error());
   $row = mysql_fetch_array($rsc);
      $cat = $row['category'];

  if (($cat == 2) && ((int)$_SESSION['slevel'] < 2)) {
      header("Location:accessdenied.php");
      exit(); //stop the script.
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>KB RBINS</title>
<link rel="stylesheet" type="text/css" href="../main.css" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
</head>
<body>
   <!-- Begin Wrapper -->
   <div id="wrapper">
         <!-- Begin Header -->
         <div id="header">
                  <h1>Knowledgebase System RBINS</h1>      
             </div>
             <!-- End Header -->
         <!-- Begin Faux Columns -->
             <div id="faux">            
                   <!-- Begin Left Column -->
                   <div id="leftcolumn">      
                     <?php
                            include("../scripts/checkuser.php");
                     ?>      
                   </div>
                   <!-- End Left Column -->
                   <!-- Begin Right Column -->
                   <div id="rightcolumn">      
                     <center><h2>Result</h2></center>            
                       <?php
                  $res=mysql_query("SELECT ID, title, article, author FROM articles WHERE id = ".$_GET['id']) or die(mysql_error()) ;
                  $r = mysql_fetch_array($res);
                  $article = nl2br($r['article']);
                  echo '<div class="result"><h3>KB'.$r['ID'].'&nbsp; - &nbsp;'.$r['title'].'</h3><br />';
                  echo $article;
                  $res2=mysql_query("SELECT score, counter, views FROM articles WHERE id = ".$_GET['id']) or die(mysql_error()) ;
                  $r2 = mysql_fetch_array($res2);
                  if ($r2['counter']=="0") {
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>No grade has been given yet</h6></div>' ;}
                        else {
                        $r3=round ($r2['score']/$r2['counter'],2);//2 or less decimals
                        echo '</div><div class="author"><h5>'.$r['author'].'</h5><h6>Grade:&nbsp;'.$r3.'&nbsp;('.$r2['counter'].'&nbsp;vote(s))</h6><h6>Viewed:&nbsp;'.$r2['views'].'&nbsp;</h6></div>';}
                  ?>      
                  <br />
                  <?php
                        include("../scripts/counting.php");
                  ?>
                  <br />
                  <a href="../index.php">Another search?</a>
                     <div class="clear"></div>                    
                   </div>
                   <!-- End Right Column -->                    
                     <div class="clear"></div>                    
         </div>        
         <!-- End Faux Columns -->
         <!-- Begin Footer -->
         <div id="footer">                  
               <h4>Jo Vanattenhoven&copy;2007</h4>            
         </div>
             <!-- End Footer -->            
   </div>
   <!-- End Wrapper -->
</body>
</html>
<?php
ob_end_flush();
?>
0
 
jvuzAuthor Commented:
Perfect!
0
 
elfe69Commented:
I knew that ;-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 6
  • 5
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now