Help with php-mysql hit counter

dreglo

I found a script that I'm trying to use as a work-around for what I REALLY want. It's a "simple" (not for me) hit counter based on mysql. The creator of the script did give instructions on how to install it but I know I'm doing something wrong ( seeing as I know NOTHING about PHP or mysql), Here is the script:

<?php

///////////////////// DSCRIPTS PRESENTS /////////////////////////////////////
//                                                                         //    

//   This script has been downloaded from [url]http://dscripts.awardspace.com[/url]   //
//  ---------------------------------------------------------------------  //
//                                                                         //
//  Script Name: MySQL Hit Counter                                         //
//  Written on: 5 January 2007                                             //        

//  Written by: Burhan Uddin                                               //        

//                                                                         //      

//  Browse: [url]http://dscripts.awardspace.com[/url] for more free scripts.          //
//                                                                         //
/////////////////////////////////////////////////////////////////////////////

$page   = $_GET['page'];


// Exits script if page id isn't supplied
if(!$page)
    {
        echo 'document.write(\'Invalid Page ID\')';
        exit();
    }

// MySQL Informations. Change it to yours
$host   = 'localhost';  // Host Name
$user   = 'root';       // User Name
$pass   = 'admin';      // Password
$db     = 'test';       // Database Name



//---------------------------------------------
// Don't edit below


/*
This query is required to be executed using phpMyAdmin to create a table for storing data

CREATE TABLE `mysql_couter_logs` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`name` TEXT NOT NULL ,
`hits` INT NOT NULL DEFAULT '0'
)
*/

// Connection to database
$db = mysql_connect($host, $user, $pass) or die ( 'Failed to connect with database!' );
mysql_select_db($db) or die ("Can't select database!");

$query= "SELECT id, hits FROM `mysql_couter_logs` WHERE page = '$page'";
$result = mysql_query($query) or die ("document.write('Error in getting hit counts!')");


while ($data = mysql_fetch_array($result)) 
    {
        $id     = $data[id];    

        $count  = $data[hits];
    }



$count = $count+1;
echo 'document.write(\''.$count.'\');';

$query = "UPDATE mysql_couter_logs SET hits = '$count'  WHERE page = '$page'";
$result = mysql_query($query) or die ("document.write('Error in storing hit counts!')");

?>

Here is the Javascript to show the number on the selected page:

<SCRIPT LANGUAGE="Javascript" SRC="counter.php?page=pagename"><!--//--></SCRIPT>

I also set up the database table as instructed in phpmyadmin.

All this and no results so I know it's me.

Here is the URL of the page where I want the number to appear (in the box that has "For restaurant use only" in it, under the header "Certificate #"

Any help or guidance would be greatly appreciated.

djjjozsi

in the source code why did you insert the script like this?

public_html/metrodetroitrestaurantguide/counter.php

public_html can't access from the internet, that is a folder where you can place your files. I'm not sure in this , but out of the metrodetroitrestaurantguide folder is unaccessable.

So just use counter.php and add the page variable too.

In this code you should make changes to make it safer from SQL injection.

this is unsecure:

$query= "SELECT id, hits FROM `mysql_couter_logs` WHERE page = '$page'";

use it like this:

$query= sprintf("SELECT id, hits FROM `mysql_couter_logs` WHERE page = '%s'"  , mysql_real_escape_string($page)  );

And the Update should changed:

from:

$query = "UPDATE mysql_couter_logs SET hits = '$count' WHERE page = '$page'";

change into:

$query = sprintf("UPDATE mysql_couter_logs SET hits = hits+1 WHERE page = '%s'"    ,  mysql_real_escape_string($page)  );

dreglo

Thank you so much for replying to my post. I really appreciate it. As I am a noob to PHP coding i'm not quite sure of what you're instructing me to do. Can you please be a bit more specific as to what I am supposed to do?

djjjozsi

first, embed the javascript code to pass the page's value

now, in your code:

<SCRIPT LANGUAGE="Javascript" SRC="<span style="color: #ff0000;">public_html/metrodetroitrestaurantguide/counter.php?page=<strong>certificate template</strong></span>"><!--//--></SCRIPT>

public_html is not an accessible folder out from the internet
metrodetroitrestaurantguide is not an accessible folder out from the internet
<strong>certificate template</strong> this is not a valid value to pass in url.

<SCRIPT LANGUAGE="Javascript" SRC="counter.php?page=certificate_template"></SCRIPT>

use underscore and not a whitespace! Try to use a better website editor program, becouse youR's still cofusing the html source codes with the style codes:

like:

SRC="<span style="color: #ff0000;">