voting/ rating systom

The second part receives and aggregates the votes, and reports the most popular colors.

<?php // RAY_temp_jvsmooth_vote.php
error_reporting(E_ALL);


// DEMONSTRATE THE VOTING ALGORITHM


// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "localhost"; // PROBABLY THIS IS OK
$db_name = "??";        // GET THESE FROM YOUR HOSTING COMPANY
$db_user = "??";
$db_word = "??";


// OPEN A CONNECTION TO THE DATA BASE SERVER
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-connect.php
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB CONNECTION: ";
    echo "<br/> $errmsg <br/>";
}

// SELECT THE MYSQL DATA BASE
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-select-db.php
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>NO DB SELECTION: ";
    echo "<br/> $errmsg <br/>";
    die('NO DATA BASE');
}
// IF WE GOT THIS FAR WE CAN DO QUERIES


// GET THE ARRAY OF COLORS FROM THE DATA BASE
$colors = array();
$sql = "SELECT color FROM EE_vote_colors";
$res = mysql_query($sql) or die( "$sql<br/>" . mysql_error() );
while ($row = mysql_fetch_assoc($res))
{
    $colors[] = $row["color"];
}
// ACTIVATE THIS TO SEE THE COLORS
// var_dump($colors);


// IF ANYTHING WAS POSTED
if (!empty($_POST["color_selections"]))
{
    $ipa = (!empty($_SERVER["REMOTE_ADDR"])) ? $_SERVER["REMOTE_ADDR"] : 'unknown';
    foreach($_POST["color_selections"] as $color => $nothing)
    {
        // NORMALIZE THE POST DATA
        $rgb = mysql_real_escape_string(ucfirst(strtolower(trim($color))));

        // SKIP FIELDS THAT ARE NOT PART OF OUR COLOR SET (POSSIBLE ATTACK?)
        if (!in_array($rgb, $colors)) continue;

        // RECORD A VOTE FOR THIS COLOR
        $sql = "INSERT INTO EE_vote_votes ( color, ip_address ) VALUES ( '$rgb', '$ipa' )";
        $res = mysql_query($sql) or die( "$sql<br/>" . mysql_error() );
    }

    // SHOW THE STATS FOR THE COLORS
    foreach ($colors as $color)
    {
        $sql = "SELECT ip_address, when_voted FROM EE_vote_votes WHERE color = '$color' ORDER BY when_voted DESC";
        $res = mysql_query($sql) or die( "$sql<br/>" . mysql_error() );
        $num = mysql_num_rows($res);
        $row = mysql_fetch_assoc($res);
        $ipa = $row["ip_address"];
        $whn = $row["when_voted"];
        echo "<br/>";
        echo number_format($num);
        echo " VOTES FOR ";
        echo $color;
        if ($num)
        {
            echo " MOST RECENTLY ";
            echo $whn;
            echo " FROM IP ";
            echo $ipa;
            echo PHP_EOL;
        }
    }
    echo "<br/>" . PHP_EOL;
}


// CREATE THE FORM TO RECEIVE THE VOTES
echo '<form method="post">';
echo "VOTE FOR YOUR FAVORITE COLOR" . PHP_EOL;
foreach ($colors as $color)
{
    echo "<br/>";
    echo '<input type="checkbox" name="color_selections[';
    echo "$color";
    echo ']" />';
    echo $color;
    echo PHP_EOL;
}
echo '<br/><input type="submit" value="VOTE NOW" />' . PHP_EOL;
echo '</form>';

Select allOpen in new window

Why use a vote table instead of a vote counter?  Because it will allow you to do geographical and time-sensitive analysis, sort of like "trending topics" on Twitter.  Older votes can go into a summary table where only the counts matter.

a way of not allowing users to vote more than once on a product
That would usually be done with a persistent browser cookie, however you need to be aware that clients can and do lose their cookies, sometimes deliberately.  You might also record their IP address, but this is problematic because clients can and do vote from different machines.   And some servers aggregate the IP address for (for example) everyone in an office.  And AOL, plus a few other ISP companies may provide unpredictable IP addresses.

If you go the cookie route, you would set the cookie at the time you received the vote.  PHP has the setcookie() function to help you do this.

HTH, and please post back with any specific questions, ~Ray

please can you tell me what is wrong with my update query here:

$sql = "UPDATE members SET (UserName, Password, UserEmail, age, Location, Gender, Language) = ('$UserName', '$Password', '$UserEmail', '$Age', '$Location', '$Gender', '$Language') WHERE 'MemberID' = $MemberID";

sorry that is another problem i have

I think it needs to be:

$sql = "UPDATE members SET UserName = '$UserName', Password = '$Password', etc...

In addition to getting the query syntax right, you might want to avoid the use of MySQL reserved words for column names.  That is one way you can be sure that catastrophe is not left to chance!

this is great thx i have been AFK for a bit and only getting this sorted now but thx for this help

Thanks for the points.  If you decide to use a pair of queries as described at ID:35068902 (SELECT + UPDATE) you will want to learn about LOCK TABLES.  A better way might be to do the UPDATE first, then do the SELECT to get the results after the vote.  Otherwise script racing may cause a loss of data.