Vote up-down using Mysql , Jquery and Php

Question

I am trying to make vote up-down system using php ,mysql and jquery. It works perfectly on front-end but, at the back-end it does not add data in the database. Any help/suggestions will be appreciated..!! Following is the code..

<span id="links-<?php echo $rec1['que_id']; ?>">
<input type="hidden" id="votes-<?php echo $rec1['que_id']; ?>" value="<?php echo $rec1['votes']; ?>">

<?php

$vote_rank = 0;
$query ="SELECT SUM(vote_rank) as vote_rank FROM cvotes WHERE que_id = '".$rec1['que_id']."' and username = '$logged_user'";
 $result2 = $conn->query($query);
    foreach ($result2 as $roww) {
$up = "";
$down = "";

if(!empty($roww["vote_rank"])) {
    $vote_rank = $roww["vote_rank"];
    if($vote_rank == -1) {
    $up = "enabled";
    $down = "disabled";
    }
    if($vote_rank == 1) {
    $up = "disabled";
    $down = "enabled";
    }
}
?>  

<input type="hidden" id="vote_rank_status-<?php echo $rec1['que_id']; ?>" value="<?php echo $vote_rank; ?>">
<span class="btn-votes">
<input type="button" title="Up" class="up" onClick="addVote(<?php echo $rec1['que_id']; ?>,'1')" <?php echo $up; ?> />
<span class="label-votes"><?php echo $rec1['votes']; ?></span>
<input type="button" title="Down" class="down" onClick="addVote(<?php echo $rec1['que_id']; ?>,'-1')" <?php echo $down; ?> />
<p id='show'></p>
</span>

function addVote(que_id,vote_rank) {

    $.ajax({
    data:'que_id='+que_id+'&vote_rank='+vote_rank,
    url: "add_vote.php",
    type: "POST",
    beforeSend: function(){
        $('#links-'+que_id+' .btn-votes').html("<img src='LoaderIcon.gif' />");
    },
    success: function(vote_rank_status){
    var votes = parseInt($('#votes-'+que_id).val());
    var vote_rank_status;// = parseInt($('#vote_rank_status-'+que_id).val());
    switch(vote_rank) {
        case "1":
        votes = votes+1;
        vote_rank_status = vote_rank_status+1;
        break;
        case "-1":
        votes = votes-1;
        vote_rank_status = vote_rank_status-1;
        break;
    }
    $('#votes-'+que_id).val(votes);
    $('#vote_rank_status-'+que_id).val(vote_rank_status);

    var up,down;

    if(vote_rank_status == 1) {
        up="disabled";
        down="enabled";
    }
    if(vote_rank_status == -1) {
        up="enabled";
        down="disabled";
    }   
    var vote_button_html = '<input type="button" title="Up" class="up" onClick="addVote('+que_id+',\'1\')" '+up+' /><span class="label-votes">'+votes+'</span><input type="button" title="Down" class="down"  onClick="addVote('+que_id+',\'-1\')" '+down+' />';    
    $('#links-'+que_id+' .btn-votes').html(vote_button_html);
    }
    });
}

  <?php
//-----add_vote.php-----
if(!empty($que_id)) {
     if(isset($_SESSION['login_user']))
    {
        $logged_user = $_SESSION['login_user'];
    }

$que_id=$_POST["que_id"];
    $vote_rank = $_POST["vote_rank"];

    require_once("dbcontroller.php");
    $db_handle = new DBController();


    $query = "INSERT INTO cvotes (que_id,username,vote_rank) VALUES ('$que_id','$logged_user','$vote_rank')";

    $result = $db_handle->insertQuery($query);


    if(!empty($result)) {
        $query = "SELECT SUM(vote_rank) as vote_rank FROM cvotes  WHERE que_id = '$que_id' and username = '$logged_user'";

        $row = $db_handle->runQuery($query);

        switch($vote_rank) {
            case "1":
                $update_query ="UPDATE questions SET votes = votes+1 WHERE que_id='" . $que_id . "'";
            break;
            case "-1":
                $update_query ="UPDATE questions SET votes = votes-1 WHERE que_id='" . $que_id . "'";
            break;
        }

        $result = $db_handle->updateQuery($update_query);   
        print $roww["vote_rank"];
    }
}
?>

*"It works perfectly on front-end but, at the back-end it does not add data in the database."* - Something obviously went wrong. Check for errors, you're not doing that via PHP/MySQL and your console. — Funk Forty Niner, Aug 02 '16 at 18:16
Data does not insert..that's the only error..When user clicks on vote up button ,it should add +1 in else -1 in the db. But its not working.. — Dhruvi Mistry, Aug 02 '16 at 18:19
Fred-ii , yes I have added code directly from my working site..in super hurry.. — Dhruvi Mistry, Aug 02 '16 at 18:21
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Aug 02 '16 at 18:23
@JayBlanchard - yes sir, as I have mentioned in my question, everything works perfectly , at least looks like so . Only problem is no data gets inserted..my assuming is there is some mistake in ajax part or php part..my can't figure out..i have taken this code from one of the bloggers and that person does not seem to reply my comments..so had to post here.. — Dhruvi Mistry, Aug 02 '16 at 18:28
It isn't working perfectly if the data isn't getting inserted. Have you watched the AJAX request / response in the browser's developer tools? Have you included the jQuery library in the project? Are there any errors reported? Are you running this on a web-server? — Jay Blanchard, Aug 02 '16 at 18:44
yes..its working currently on my site..and there is no error in error_log — Dhruvi Mistry, Aug 02 '16 at 18:55

score 0 · Answer 1 · answered Aug 02 '16 at 19:12

Seems to that your insert query is wrong "INSERT INTO cvotes (que_id,username,vote_rank) VALUES ('$que_id','$logged_user','$vote_rank')", try to use the quotes according to the data type.. you have gave quotes for all the values, i think except username rest are integer datatypes then change the query as

"INSERT INTO cvotes (que_id,username,vote_rank) VALUES ($que_id,"'"+$logged_user+"'",$vote_rank)";

score 0 · Accepted Answer · answered Aug 07 '16 at 21:44

Okay,so finally issue solved..!! Had just minor errors of variables and linking..below is the code..

Added hidden input : ">

Some changes in add_vote.php :

<?php
include('../connection.php');
 session_start();
if(isset($_SESSION['login_user']))
{
  $logged_u = $_SESSION['login_user'];
} 

if(!empty($_POST["que_id"])) {
require_once("dbcontroller.php");
$db_handle = new DBController();

$query = "INSERT INTO cvotes (username,que_id,vote_rank) VALUES ('".$logged_u."','" . $_POST["que_id"] . "','" . $_POST["vote_rank"] . "')";
$result = $db_handle->insertQuery($query);

if(!empty($result)) {

$query = "SELECT SUM(vote_rank) as vote_rank FROM cvotes  WHERE que_id = '" . $_POST["que_id"] . "' and username = '".$logged_u."' ";
    $row = $db_handle->runQuery($query);

    switch($_POST["vote_rank"]) {
        case "1":
            $update_query ="UPDATE questions SET votes = votes+1 WHERE que_id='" . $_POST["que_id"] . "'";
        break;
        case "-1":
            $update_query ="UPDATE questions SET votes = votes-1 WHERE que_id='" . $_POST["que_id"] . "'";
        break;
    }

    $result = $db_handle->updateQuery($update_query);   
    print $roww["vote_rank"];
   }
}
?>

Vote up-down using Mysql , Jquery and Php

2 Answers2