checking if email address and picture ID exist in database

Posted on 2012-08-23
Last Modified: 2012-08-25
I am trying to modify the dreamweaver check username function to check if an email address and picture id exist. So, a random user can vote for pictures but can only vote once. If they try vote again, it should check for the email address they are entering and check if they have already voted for that picture or not. I tried this but it doesn't stop me from voting for the same pic over and over again. I don't get any errors...

if (isset($_POST[$MM_flag])) {
  $loginUsername = $_POST['email'];
  $loginpicid = $_POST['picid'];
  $LoginRS__query = sprintf("SELECT email, picid FROM ratings WHERE email=%s & picid=%s", GetSQLValueString($loginUsername, "text"),GetSQLValueString($loginpicid, "int"));
  mysql_select_db($database_test, $test);
  $LoginRS=mysql_query($LoginRS__query, $test) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);

  //if there is a row in the database, the username was found - can not add the requested username
    $MM_qsChar = "?";
    //append the username to the redirect page
    if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";
    $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;
    header ("Location: $MM_dupKeyRedirect");

Open in new window

Question by:jonofat
    LVL 42

    Assisted Solution

    by:Chris Stanyon
    Your query is wrong - you should wrap the email address in quotes and use AND instead of &

    $LoginRS__query = sprintf("SELECT email, picid FROM ratings WHERE email='%s' AND picid=%s", GetSQLValueString($loginUsername, "text"),GetSQLValueString($loginpicid, "int"));

    Open in new window

    You may also need to wrap the picid value in quotes, depending on your datatype - if it's a string, wrap it !
    LVL 107

    Accepted Solution

    Lines 6, 7, and 8 do not make any sense.  If you give MySQL the query prepared on line 6, it should die on line 8.  Are you sure we are looking at the correct code?

    You can use var_dump() to print out the contents of variables.  If I observed behavior like you describe, I would use var_dump() immediately!  Print out everything involved in the process - the external variables and the query string would be a good place to start.

    You might also want to get some foundation in how PHP works.  DreamWeaver is almost the worst possible place to look for PHP advice.  This book will help you get some structured learning.

    Best of luck with the project, ~Ray

    Author Comment

    Ray, took your advice. I ditched the dreamweaver code and did it myself. I have got the email part working but just need to figure out the second part with the ID now. Please let me know if this code is okay?

    if (isset($_POST['submit'])) {
    $usermail = mysql_real_escape_string($_POST['email']);
    $query ="SELECT * FROM ratings WHERE email ='$usermail'";
    $data = mysql_query($query, $evs);
    if (mysql_num_rows($data) == 0) {
    	echo "you can vote"; }
    	else {
    		echo" you have already voted";

    Open in new window


    Author Comment

    Whoohoo, I got it working ! :) Going to give you guys both points for at least replying to my question. Ray, I think dropping dreamweaver would be good for me, especially if I look at the code dreamweaver generated vs. what I manually typed in. Makes much more sense to me.
    LVL 107

    Expert Comment

    by:Ray Paseur
    Congratulations!  Your own code example looks a lot more reasonable than the Dreamweaver code.

    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Suggested Solutions

    Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
    I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now