1. 首頁
  2. 問答
  3. 使用單選按鈕和複選框的投票系統(PHP)

使用單選按鈕和複選框的投票系統(PHP)

2016-05-29 40 views
0

我有三個PHP頁面。登錄,投票和投票流程。在投票頁面中,用戶可以爲候選人投票。有單選按鈕和複選框。以下是該投票頁面代碼:使用單選按鈕和複選框的投票系統(PHP)

<?php 
error_reporting(E_ALL & ~E_NOTICE); 
session_start(); 

if (isset($_SESSION['uname'])) { 
    $username = $_SESSION['uname']; 
} 

else { 
    header('Location: login_user.php'); 
    die(); 
} 
?> 

<html> 
<head> 
    <title>Trinity University of Asia Voting System</title> 
</head> 
<body> 
    <img src="images/tua_logo.jpg"><marquee>Practice your right to vote.</marquee><br> 

    <center> 
     <a href="/">Home</a> | <a href="results.php">Results</a> | <a href="logout.php">Logout</a><br> 
     <h3>Cast Your Vote</h3> 
     <form action="processvoting.php" method="post"> 
     <table cellpadding="4" border="1"> 
      <tr> 
       <th>Position</th> 
       <th>Choice 1</th> 
       <th>Choice 2</th> 
      </tr> 
      <tr> 
       <th>President</th> 
       <td><input type="radio" name="president" value="pres1">&nbsp;JOHN MICHAEL KALEMBE<br>College of Business Administration</td> 
       <td><input type="radio" name="president" value="pres2">&nbsp;SUZAN JOHN<br>College of Education</td> 
      </tr> 
      <tr> 
       <th>Vice President</th> 
       <td><input type="radio" name="vice_president" value="vicepres1">&nbsp;JULIUS SAMWEL<br>College of Medical Technology</td> 
       <td><input type="radio" name="vice_president" value="vicepres2">&nbsp;JEUNICE MARIANO<br>College of Business Administration</td> 
      </tr> 
      <tr> 
       <th>Secretary</th> 
       <td><input type="radio" name="secretary" value="sec1">&nbsp;ANGELO CHRSTIAN DE GUZMAN<br>College of Medical Technology</td> 
       <td><input type="radio" name="secretary" value="sec1">&nbsp;MICHAEL SANGA<br>College of Hospitality and Tourism Management</td> 
      </tr> 
      <tr> 
       <th>Treasurer</th> 
       <td><input type="radio" name="treasurer" value="treas1">&nbsp;MARIE DANIELLE THEREZE VALDEZ<br>College of Hospitality and Tourism Management</td> 
       <td><input type="radio" name="treasurer" value="treas1">&nbsp;JEUNICE MARIANO<br>College of Business Administration</td> 
      </tr> 
      <tr> 
       <th>Auditor</th> 
       <td><input type="radio" name="auditor" value="aud1">&nbsp;KOBI TSARLZ GONZALES<br>College of Computing and Information Sciences</td> 
       <td><input type="radio" name="auditor" value="aud1">&nbsp;MARIAN ENTERO<br>College of Business Administration</td> 
      </tr> 
      <tr> 
       <th>Business Manager</th> 
       <td><input type="checkbox" name="bus_manager" value="bus1">&nbsp;MICAH EDILYN TAN<br>College of Arts and Sciences</td> 
       <td>N/A</td> 
      </tr> 
      <tr> 
       <th>Public Relations Officer (PRO)</th> 
       <td><input type="checkbox" name="pro" value="pro1">&nbsp;MARIBETH LIAMZON<br>College of Education</td> 
       <td>N/A</td> 
      </tr> 
     </table> 
     <input type="submit" name="submit" value="Cast Your Vote">&nbsp;&nbsp;<input type="reset" value="Reset"> 
    </form> 
</center> 
</body> 
</html>

一旦用戶投票,他將被重定向到投票處理頁面,這是代碼:

<?php 
error_reporting(E_ALL & ~E_NOTICE); 
session_start(); 

if (isset($_SESSION['uname'])) { 
    $username = $_SESSION['uname']; 
} 

else { 
    header('Location: login_user.php'); 
    die(); 
} 

include 'connection.php'; 

if(isset($_POST['submit'])) { 
    $president = $_POST['president']; 
    $vicepres = $_POST['vice_president']; 
    $secretary = $_POST['secretary']; 
    $treasurer = $_POST['treasurer']; 
    $auditor = $_POST['auditor']; 
    $businessmanager = $_POST['bus_manager']; 
    $pro = $_POST['pro']; 

    $conn = mysqli_connect('localhost', 'root', '', 'electiondb'); 

    if (!$conn) { 
     die("Connecton failed: " . mysqli_connect_error()); 
    } 

    $votesql = "SELECT voted FROM student_log WHERE username = '$username'"; 
    $query = mysqli_query($conn, $votesql); 

    while($record = mysqli_fetch_array($query)) { 
      $hasvoted = $record['voted']; 
     } 

    if ($hasvoted == 0) { 

     if ($president == '') { 
      echo "You cannot leave $president blank. Please go back and try again.";; 
     } 
     elseif ($vicepres == '') { 
      echo "You cannot leave $vicepres blank. Please go back and try again."; 
     } 
     elseif ($secretary == '') { 
      echo "You cannot leave $secretary blank. Please go back and try again."; 
     } 
     elseif ($treasurer == '') { 
      echo "You cannot leave $treasurer blank. Please go back and try again."; 
     } 
     elseif ($auditor == '') { 
      echo "You cannot leave $auditor blank. Please go back and try again."; 
     } 
     elseif ($businessmanager == ''){ 
      echo "You cannot leave $businessmanager blank. Please go back and try again."; 
     } 
     elseif ($pro == '') { 
      echo "You cannot leave $pro blank. Please go back and try again."; 
     } 

     else { 
      switch ($president) { 
       case 'pres1': 
       $votepres1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'president'"; 
       $runpres1 = mysqli_query($conn, $votepres1); 
       break; 
       case 'pres2': 
       $votepres2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'president'"; 
       $runpres2 = mysqli_query($conn, $votepres2); 
       break; 
      } 

      switch ($vicepres) { 
       case 'vicepres1': 
       $votevicepres1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'vice_president'"; 
       $runvicepres1 = mysqli_query($conn, $votevicepres1); 
       break; 
       case 'vicepres2': 
       $votevicepres2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'vice_president'"; 
       $runvicepres2 = mysqli_query($conn, $votevicepres2); 
       break; 
      } 

      switch ($secretary) { 
       case 'sec1': 
       $votesec1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'secretary'"; 
       $runsec1 = mysqli_query($conn, $votesec1); 
       break; 
       case 'sec2': 
       $votesec2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'secretary'"; 
       $runsec2 = mysqli_query($conn, $votesec1); 
       break; 
      } 

      switch ($treasurer) { 
       case 'treas1': 
       $votetreas1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'treasurer'"; 
       $runtreas1 = mysqli_query($conn, $votetreas1); 
       break; 
       case 'treas2': 
       $votetreas2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'treasurer'"; 
       $runtreas2 = mysqli_query($conn, $votetreas2); 
       break; 
      } 

      switch ($auditor) { 
       case 'aud1': 
       $voteaud1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'auditor'"; 
       $runaud1 = mysqli_query($conn, $voteaud1); 
       break; 
       case 'aud2': 
       $voteaud2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'auditor'"; 
       $runaud2 = mysqli_query($conn, $voteaud2); 
       break; 
      } 

      switch ($businessmanager) { 
       case 'bus1': 
       $votebus1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'business_manager'"; 
       $runbus1 = mysqli_query($conn, $votebus1); 
       break; 
      } 

      switch ($pro) { 
       case 'pro1': 
       $votepro1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'pro'"; 
       $runpro1 = mysqli_query($conn, $votepro1); 
       break; 
      } 

      $sqlforvoted = "UPDATE student_log SET voted = 1 WHERE username = '$username'"; 
      $processsql = mysqli_query($conn, $sqlforvoted) or die (mysqli_error($conn)); 
      echo "Thank you for voting. You may now logout of the system.<br><a href='logout.php'>Logout</a>"; 
     } 
    } 
    else { 
     echo "You cannot vote more than once. <br><a href='logout.php'>Logout</a>"; 
    } 
} 

?> 

<html> 
<head> 
    <title>Voting Process</title> 
</head> 
<body> 
</body> 
</html>

的選票不會增加,但用戶被視爲「投票」,因此用戶在登錄後不能再投票。我唯一擔心的是投票不計算在內。我的代碼有問題嗎?或者我對投票的理解不是很好?謝謝!在SQL語句

// here you take the last char of $president (value 1 or 2) and concatenate it to "choice" 
$choice = "choice".substr($president, -1); 
$votepres = "UPDATE vote_log SET $choice = $choice + 1 WHERE position = 'president'"; 
$runpres = mysqli_query($conn, $votepres);

注意間距:

來源

2016-05-29 Gee Nim

+1

,做自己具體是指?你的意思是你想更新一個存儲在內存中的「計數」,表示有多少人爲祕書投了「這個人」,爲掌櫃投了「這個人」等等? – Webeng

+0

在數據庫中,每個候選人的所有投票計數都設置爲0,並且如果用戶爲候選人投票,我希望它增加。但它不會增加。是的,正是你所說的!我認爲我的sql代碼有問題,但是這是我的第三次嘗試,它仍然不起作用 –

+0

@Webeng代碼中有一些更新! – Jeff

回答

0

你可以取代這個:

switch ($president) { 
    case 'pres1': 
    $votepres1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'president'"; 
    $runpres1 = mysqli_query($conn, $votepres1); 
    break; 
    case 'pres2': 
    $votepres2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'president'"; 
    $runpres2 = mysqli_query($conn, $votepres2); 
    break; 
}

與此有關。

要防止SQL注入,您必須修改調用變量的語句。在這種情況下,您撥打$username(您應該調用用戶標識,而不是用戶名)的語句。 調用用戶ID,你可以簡單地檢查它是否是一個整數值,然後再進行查詢:if (is_int($userID)) { ...do query... } else { ...do not... }

來源

2016-05-29 13:06:20 codable

+0

我實際上沒有用戶標識,我的表格由用戶的全名,用戶名和密碼組成 –

+0

好的,您應該始終將字段ID作爲主字段。 您還可以使用mysqli_real_escape_string避免SQL注入,如下所示: '$ username = mysqli_real_escape_string($ _ SESSION ['uname']);' – codable

+0

您是否試過我的代碼? – codable

0

我認爲你在你的HTML中有一些拼寫錯誤。在這裏,選項pres1pres2

<td><input type="radio" name="president" value="pres1"> ... </td> 
<td><input type="radio" name="president" value="pres2"> ... </td>

但在這裏,這兩個選項都sec1

<td><input type="radio" name="secretary" value="sec1"> ... </td> 
<td><input type="radio" name="secretary" value="sec1"> ... </td>

關於數據庫的交互,這將是更好地使用PDO和準備語句 - 它比更安全大多數字符串連接方案。查看本頁右側的「相關」列 - 最常見的問題是this one,這很好地解釋了這個話題。

無論如何,這裏的submit部分不同,只是刪除所有的重複。它不使用PDO(我沒加任何數據庫的代碼),但至少有一個在最終的查詢沒有未經過濾的用戶輸入 - 只預定義值:當你說「不計」

if(isset($_POST['submit']) && !empty($_POST["submit"])) { 

    if($hasvoted != 0){ 
     echo "You cannot vote more than once. <br><a href='logout.php'>Logout</a>"; 
     exit; 
    } 

    $positions = array(
     "president" => null, 
     "vice_president" => null, 
     "secretary" => null, 
     "treasurer" => null, 
     "auditor" => null, 
     "bus_manager" => null, 
     "pro" => null 
     ); 

    foreach (array_keys($positions) as $position) 
    { 
     if (!isset($_POST[$position]) || empty($_POST[$position])) { 

      echo "All positions must be filled. Please try again.<br>"; 
      exit; 
     } 
     else{ 

      $choice = ""; 

      $choice_num = substr($_POST[$position], -1); 

      if($choice_num == 1 || $choice_num == 2){ 
       $choice = "choice" . $choice_num; 
      } 
      else{ 
       echo "Error - invalid option"; 
       exit; 
      } 

      $positions[$position] = $choice; 
     } 

    } 

    foreach (array_keys($positions) as $position) 
    { 
     $choice = $positions[$position]; 

     $sql_str = "UPDATE vote_log SET " . $choice ." = " . $choice . "+1 WHERE position = '" . $position . "'"; 

     // $sql_insert = mysqli_query($conn, $sql_str); 

     echo $sql_str . "<br>"; 

    } 


    echo "Thank you for voting. You may now logout of the system.<br><a href='logout.php'>Logout</a>"; 

}

來源

2016-05-29 14:51:32 jDo

+0

非常感謝你!我會試試這個 –

+0

它仍然不登錄數據庫:(爲什麼會這樣?我已經放置了所有必要的連接... –

+0

@GeeNim不會登錄,不會增加或兩者嗎?當您執行''SELECT voteed FROM student_log WHERE username ='$ username'「;'?我假設你已經嘗試過打印/回顯一些數據,只是爲了檢查你是否可以查詢數據庫。當你從mySQL shell手動執行'UPDATE's和'SELECT'時會發生什麼?我們需要輸出和更多的信息調試過程引腳放下錯誤。 – jDo

相關問題

 相關問題