Need some help yet again.

[iNod]

Hello,

I got two problems.. First is search.. It keeps giving me errors.. I am too tired right now to figure out what is wrong and he needs it tonight.

Here:

$gettuts = mysql_query("SELECT * from tutorials WHERE name LIKE '$search%' ORDER BY id DESC LIMIT " . $page . ",10");
$numrows = mysql_num_rows($gettuts);
if($numrows=="0") {
    $tut->set('search',$english_search_zero);
}else{
while($row = mysql_fetch_assoc($gettuts)) {
  $tuts[] = $row;
}

Should work..

Second one is rating.. It messes up the rating. Here

$ratesql = mysql_query("SELECT rating,num_votes FROM tutorials WHERE id='$tutid'");
$getrate = mysql_fetch_array($ratesql);
if(session_is_registered("rating$tutid")) {
    header("location: view_tutorials.php?tutid=" . $tutid . "&catid=" . $catid . "&rate=1");
    exit;
}else{
$rate = $getrate['rating'];
$rating = $_POST['rating'];
if($rate=="0") {
    $new_rate = "$rating";
}else{
$num_votes = $getrate['num_votes'];
$num_votess = $getrate['num_votes']+1;
$new_rating = $rate * $rating;
$new_rating2 = $new_rating / $num_votes;
$new_rate = $new_rating2;
}
$updaterate = mysql_query("UPDATE tutorials SET rating='$new_rate',num_votes='$num_votess' WHERE id='$tutid'");
session_register("rating$tutid");

It keeps giving me like 40-303 variables which it shouldn't when I only vote 1.

If you can help I will give you some NP$..

iNod

 

[user-7256]

Well, $numrows is an INTEGER, so take out the quotes in: if($numrows=="0")

But what are the errors you are getting for the first one?

And the second one... not sure...

 

[Outer]

$gettuts = mysql_query("SELECT * from tutorials WHERE name LIKE '%".$search."%' ORDER BY id DESC LIMIT " . $page . ",10"); // You need two percent marks, one for each side
$numrows = mysql_num_rows($gettuts);

if($numrows == 0)
{
    $tut->set('search',$english_search_zero);
}
else
{
    while($row = mysql_fetch_assoc($gettuts))
    {
        $tuts[] = $row;
    }
} // Forgot bracket

$ratesql = mysql_query("SELECT rating, num_votes FROM tutorials WHERE id='".$tutid."' LIMIT 0,1"); // make sure it only returns one.
$getrate = mysql_fetch_array($ratesql);

if(session_is_registered("rating".$tutid))
{
    header("location: view_tutorials.php?tutid=" . $tutid . "&catid=" . $catid . "&rate=1");
    exit;
}
else
{
    $rate = $getrate['rating'];
    $rating = mysql_real_escape_string($_POST['rating']); // Security, always make sure your doing this.

    if ($rate == 0)
    {
        $new_rate = $rating;
    }
    else
    {
        $num_votes = $getrate['num_votes'];
        $num_votess = $getrate['num_votes']+1;
        $new_rating = $rate * $rating;
        $new_rating2 = $new_rating / $num_votes;
        $new_rate = $new_rating2;

        // It's better to put it in here due to the fact that this part is
        // Specifically for updating, which the above part (where $rate = 0)
        // Doesn't update anything. So this would be completely useless
        // if that were the case.
        $updaterate = mysql_query("UPDATE tutorials SET rating='".$new_rate."',num_votes='".$num_votess."' WHERE id='".$tutid."'"); // took variables out of quotes. Better practice
    }

    session_register("rating".$tutid); // Again, took the variable out of the quotes 
} // You forgot a second bracket

Also, make sure you mysql_real_escape_string() on everything your checking against the DB. Also make sure that if it's suppossed to be a number, then it is an actual number, or if it's only suppossed to be alphanumeric, make sure it's only alphanumeric.

 

[iNod]

Thanks Outer.. That fixed the Search but not rating.. Now it inputs it as 0.. all the time..

I had the brackets but they where near the end.. Not included in the code.. I tryed the variable out of quotes and in quote.. But neither of them seemed to change anything..

Thanks though.. I will give you some np$ as well as anyone who can fix my rating one.

iNod

 

[Outer]

Alright then, let me give a stab at it again and see if theres anything I missed

Thx for the NP btw

$ratesql = mysql_query("SELECT rating, num_votes FROM tutorials WHERE id='".$tutid."' LIMIT 0,1"); // make sure it only returns one. 
$getrate = mysql_fetch_array($ratesql); 

if( $_SESSION['rating'.$tutid] ) 
{ 
    header('location: view_tutorials.php?tutid=".$tutid."&catid=".$catid."&rate=1"); 
    exit; 
} 
else 
{ 
    $rate = $getrate['rating']; 
    $rating = mysql_real_escape_string($_POST['rating']);
    $num_votes = $getrate['num_votes']+1; // Just need This one variable 

    if ($rate == 0) 
    { 
        $new_rating = $rating; 
    } 
    else 
    { 
        // Wrong way to do the rating. You divide by two. Since you are taking
        // The current value and adding ONE more value to it, so then you
        // divide by two to get the new value.
        $new_rating = ($rate+$rating)/2;
    }
        $updaterate = mysql_query("UPDATE tutorials SET rating='".$new_rating."', num_votes='".$num_votes."' WHERE id='".$tutid."'"); 

    $_SESSION['rating'.$tutid] = TRUE; 
} // You forgot a second bracket

Try this

 

[iNod]

That worked..

I had to edit a few things but it got me thinking..

Thanks.. and again some NP for you.