1. 首页
  2. 问答
  3. 使用单选按钮和复选框的投票系统(PHP)

使用单选按钮和复选框的投票系统(PHP)

2016-05-29 41 views
0

我有三个PHP页面。登录,投票和投票流程。在投票页面中,用户可以为候选人投票。有单选按钮和复选框。以下是该投票页面代码:使用单选按钮和复选框的投票系统(PHP)

<?php 
error_reporting(E_ALL & ~E_NOTICE); 
session_start(); 

if (isset($_SESSION['uname'])) { 
    $username = $_SESSION['uname']; 
} 

else { 
    header('Location: login_user.php'); 
    die(); 
} 
?> 

<html> 
<head> 
    <title>Trinity University of Asia Voting System</title> 
</head> 
<body> 
    <img src="images/tua_logo.jpg"><marquee>Practice your right to vote.</marquee><br> 

    <center> 
     <a href="/">Home</a> | <a href="results.php">Results</a> | <a href="logout.php">Logout</a><br> 
     <h3>Cast Your Vote</h3> 
     <form action="processvoting.php" method="post"> 
     <table cellpadding="4" border="1"> 
      <tr> 
       <th>Position</th> 
       <th>Choice 1</th> 
       <th>Choice 2</th> 
      </tr> 
      <tr> 
       <th>President</th> 
       <td><input type="radio" name="president" value="pres1">&nbsp;JOHN MICHAEL KALEMBE<br>College of Business Administration</td> 
       <td><input type="radio" name="president" value="pres2">&nbsp;SUZAN JOHN<br>College of Education</td> 
      </tr> 
      <tr> 
       <th>Vice President</th> 
       <td><input type="radio" name="vice_president" value="vicepres1">&nbsp;JULIUS SAMWEL<br>College of Medical Technology</td> 
       <td><input type="radio" name="vice_president" value="vicepres2">&nbsp;JEUNICE MARIANO<br>College of Business Administration</td> 
      </tr> 
      <tr> 
       <th>Secretary</th> 
       <td><input type="radio" name="secretary" value="sec1">&nbsp;ANGELO CHRSTIAN DE GUZMAN<br>College of Medical Technology</td> 
       <td><input type="radio" name="secretary" value="sec1">&nbsp;MICHAEL SANGA<br>College of Hospitality and Tourism Management</td> 
      </tr> 
      <tr> 
       <th>Treasurer</th> 
       <td><input type="radio" name="treasurer" value="treas1">&nbsp;MARIE DANIELLE THEREZE VALDEZ<br>College of Hospitality and Tourism Management</td> 
       <td><input type="radio" name="treasurer" value="treas1">&nbsp;JEUNICE MARIANO<br>College of Business Administration</td> 
      </tr> 
      <tr> 
       <th>Auditor</th> 
       <td><input type="radio" name="auditor" value="aud1">&nbsp;KOBI TSARLZ GONZALES<br>College of Computing and Information Sciences</td> 
       <td><input type="radio" name="auditor" value="aud1">&nbsp;MARIAN ENTERO<br>College of Business Administration</td> 
      </tr> 
      <tr> 
       <th>Business Manager</th> 
       <td><input type="checkbox" name="bus_manager" value="bus1">&nbsp;MICAH EDILYN TAN<br>College of Arts and Sciences</td> 
       <td>N/A</td> 
      </tr> 
      <tr> 
       <th>Public Relations Officer (PRO)</th> 
       <td><input type="checkbox" name="pro" value="pro1">&nbsp;MARIBETH LIAMZON<br>College of Education</td> 
       <td>N/A</td> 
      </tr> 
     </table> 
     <input type="submit" name="submit" value="Cast Your Vote">&nbsp;&nbsp;<input type="reset" value="Reset"> 
    </form> 
</center> 
</body> 
</html>

一旦用户投票,他将被重定向到投票处理页面,这是代码:

<?php 
error_reporting(E_ALL & ~E_NOTICE); 
session_start(); 

if (isset($_SESSION['uname'])) { 
    $username = $_SESSION['uname']; 
} 

else { 
    header('Location: login_user.php'); 
    die(); 
} 

include 'connection.php'; 

if(isset($_POST['submit'])) { 
    $president = $_POST['president']; 
    $vicepres = $_POST['vice_president']; 
    $secretary = $_POST['secretary']; 
    $treasurer = $_POST['treasurer']; 
    $auditor = $_POST['auditor']; 
    $businessmanager = $_POST['bus_manager']; 
    $pro = $_POST['pro']; 

    $conn = mysqli_connect('localhost', 'root', '', 'electiondb'); 

    if (!$conn) { 
     die("Connecton failed: " . mysqli_connect_error()); 
    } 

    $votesql = "SELECT voted FROM student_log WHERE username = '$username'"; 
    $query = mysqli_query($conn, $votesql); 

    while($record = mysqli_fetch_array($query)) { 
      $hasvoted = $record['voted']; 
     } 

    if ($hasvoted == 0) { 

     if ($president == '') { 
      echo "You cannot leave $president blank. Please go back and try again.";; 
     } 
     elseif ($vicepres == '') { 
      echo "You cannot leave $vicepres blank. Please go back and try again."; 
     } 
     elseif ($secretary == '') { 
      echo "You cannot leave $secretary blank. Please go back and try again."; 
     } 
     elseif ($treasurer == '') { 
      echo "You cannot leave $treasurer blank. Please go back and try again."; 
     } 
     elseif ($auditor == '') { 
      echo "You cannot leave $auditor blank. Please go back and try again."; 
     } 
     elseif ($businessmanager == ''){ 
      echo "You cannot leave $businessmanager blank. Please go back and try again."; 
     } 
     elseif ($pro == '') { 
      echo "You cannot leave $pro blank. Please go back and try again."; 
     } 

     else { 
      switch ($president) { 
       case 'pres1': 
       $votepres1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'president'"; 
       $runpres1 = mysqli_query($conn, $votepres1); 
       break; 
       case 'pres2': 
       $votepres2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'president'"; 
       $runpres2 = mysqli_query($conn, $votepres2); 
       break; 
      } 

      switch ($vicepres) { 
       case 'vicepres1': 
       $votevicepres1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'vice_president'"; 
       $runvicepres1 = mysqli_query($conn, $votevicepres1); 
       break; 
       case 'vicepres2': 
       $votevicepres2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'vice_president'"; 
       $runvicepres2 = mysqli_query($conn, $votevicepres2); 
       break; 
      } 

      switch ($secretary) { 
       case 'sec1': 
       $votesec1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'secretary'"; 
       $runsec1 = mysqli_query($conn, $votesec1); 
       break; 
       case 'sec2': 
       $votesec2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'secretary'"; 
       $runsec2 = mysqli_query($conn, $votesec1); 
       break; 
      } 

      switch ($treasurer) { 
       case 'treas1': 
       $votetreas1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'treasurer'"; 
       $runtreas1 = mysqli_query($conn, $votetreas1); 
       break; 
       case 'treas2': 
       $votetreas2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'treasurer'"; 
       $runtreas2 = mysqli_query($conn, $votetreas2); 
       break; 
      } 

      switch ($auditor) { 
       case 'aud1': 
       $voteaud1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'auditor'"; 
       $runaud1 = mysqli_query($conn, $voteaud1); 
       break; 
       case 'aud2': 
       $voteaud2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'auditor'"; 
       $runaud2 = mysqli_query($conn, $voteaud2); 
       break; 
      } 

      switch ($businessmanager) { 
       case 'bus1': 
       $votebus1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'business_manager'"; 
       $runbus1 = mysqli_query($conn, $votebus1); 
       break; 
      } 

      switch ($pro) { 
       case 'pro1': 
       $votepro1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'pro'"; 
       $runpro1 = mysqli_query($conn, $votepro1); 
       break; 
      } 

      $sqlforvoted = "UPDATE student_log SET voted = 1 WHERE username = '$username'"; 
      $processsql = mysqli_query($conn, $sqlforvoted) or die (mysqli_error($conn)); 
      echo "Thank you for voting. You may now logout of the system.<br><a href='logout.php'>Logout</a>"; 
     } 
    } 
    else { 
     echo "You cannot vote more than once. <br><a href='logout.php'>Logout</a>"; 
    } 
} 

?> 

<html> 
<head> 
    <title>Voting Process</title> 
</head> 
<body> 
</body> 
</html>

的选票不会增加,但用户被视为“投票”,因此用户在登录后不能再投票。我唯一担心的是投票不计算在内。我的代码有问题吗?或者我对投票的理解不是很好?谢谢!在SQL语句

// here you take the last char of $president (value 1 or 2) and concatenate it to "choice" 
$choice = "choice".substr($president, -1); 
$votepres = "UPDATE vote_log SET $choice = $choice + 1 WHERE position = 'president'"; 
$runpres = mysqli_query($conn, $votepres);

注意间距:

来源

2016-05-29 Gee Nim

+1

,做自己具体是指?你的意思是你想更新一个存储在内存中的“计数”,表示有多少人为秘书投了“这个人”,为掌柜投了“这个人”等等? – Webeng

+0

在数据库中,每个候选人的所有投票计数都设置为0,并且如果用户为候选人投票,我希望它增加。但它不会增加。是的,正是你所说的!我认为我的sql代码有问题,但是这是我的第三次尝试,它仍然不起作用 –

+0

@Webeng代码中有一些更新! – Jeff

回答

0

你可以取代这个:

switch ($president) { 
    case 'pres1': 
    $votepres1 = "UPDATE vote_log SET choice1 = choice1+1 WHERE position = 'president'"; 
    $runpres1 = mysqli_query($conn, $votepres1); 
    break; 
    case 'pres2': 
    $votepres2 = "UPDATE vote_log SET choice2 = choice2+1 WHERE position = 'president'"; 
    $runpres2 = mysqli_query($conn, $votepres2); 
    break; 
}

与此有关。

要防止SQL注入,您必须修改调用变量的语句。在这种情况下,您拨打$username(您应该调用用户标识,而不是用户名)的语句。 调用用户ID,你可以简单地检查它是否是一个整数值,然后再进行查询:if (is_int($userID)) { ...do query... } else { ...do not... }

来源

2016-05-29 13:06:20 codable

+0

我实际上没有用户标识,我的表格由用户的全名,用户名和密码组成 –

+0

好的,您应该始终将字段ID作为主字段。 您还可以使用mysqli_real_escape_string避免SQL注入,如下所示: '$ username = mysqli_real_escape_string($ _ SESSION ['uname']);' – codable

+0

您是否试过我的代码? – codable

0

我认为你在你的HTML中有一些拼写错误。在这里,选项pres1pres2

<td><input type="radio" name="president" value="pres1"> ... </td> 
<td><input type="radio" name="president" value="pres2"> ... </td>

但在这里,这两个选项都sec1

<td><input type="radio" name="secretary" value="sec1"> ... </td> 
<td><input type="radio" name="secretary" value="sec1"> ... </td>

关于数据库的交互,这将是更好地使用PDO和准备语句 - 它比更安全大多数字符串连接方案。查看本页右侧的“相关”列 - 最常见的问题是this one,这很好地解释了这个话题。

无论如何,这里的submit部分不同,只是删除所有的重复。它不使用PDO(我没加任何数据库的代码),但至少有一个在最终的查询没有未经过滤的用户输入 - 只预定义值:当你说“不计”

if(isset($_POST['submit']) && !empty($_POST["submit"])) { 

    if($hasvoted != 0){ 
     echo "You cannot vote more than once. <br><a href='logout.php'>Logout</a>"; 
     exit; 
    } 

    $positions = array(
     "president" => null, 
     "vice_president" => null, 
     "secretary" => null, 
     "treasurer" => null, 
     "auditor" => null, 
     "bus_manager" => null, 
     "pro" => null 
     ); 

    foreach (array_keys($positions) as $position) 
    { 
     if (!isset($_POST[$position]) || empty($_POST[$position])) { 

      echo "All positions must be filled. Please try again.<br>"; 
      exit; 
     } 
     else{ 

      $choice = ""; 

      $choice_num = substr($_POST[$position], -1); 

      if($choice_num == 1 || $choice_num == 2){ 
       $choice = "choice" . $choice_num; 
      } 
      else{ 
       echo "Error - invalid option"; 
       exit; 
      } 

      $positions[$position] = $choice; 
     } 

    } 

    foreach (array_keys($positions) as $position) 
    { 
     $choice = $positions[$position]; 

     $sql_str = "UPDATE vote_log SET " . $choice ." = " . $choice . "+1 WHERE position = '" . $position . "'"; 

     // $sql_insert = mysqli_query($conn, $sql_str); 

     echo $sql_str . "<br>"; 

    } 


    echo "Thank you for voting. You may now logout of the system.<br><a href='logout.php'>Logout</a>"; 

}

来源

2016-05-29 14:51:32 jDo

+0

非常感谢你!我会试试这个 –

+0

它仍然不登录数据库:(为什么会这样?我已经放置了所有必要的连接... –

+0

@GeeNim不会登录,不会增加或两者吗?当您执行''SELECT voteed FROM student_log WHERE username ='$ username'“;'?我假设你已经尝试过打印/回显一些数据,只是为了检查你是否可以查询数据库。当你从mySQL shell手动执行'UPDATE's和'SELECT'时会发生什么?我们需要输出和更多的信息调试过程引脚放下错误。 – jDo

相关问题

 相关问题