Click Name +1 to Points

Clarkie

Hey again,

I've found great help here before and even with this script in particular. Basically it started being a script where when someone enters a name in a form it either adds the name or if it already exists adds a point to it. I then went on to code a page that outputted all the names and points in a table.

However, to make it easier I now want to add a version of the table where if the name is clicked it adds a point.

Here are the current files.

New Entry

<html>
<body bgcolor="#CCCCCC">
<table align="center" width="500px" border="0">
<tr><td>Enter a new user then press submit.</td></tr>
<tr><td><form action="insert.php" method="post">
Username: <input type="text" name="username" />
<input type="submit" />
</form></td></tr>
<tr><td><a href="index.php">Click here to see the rank point table!</a></td></tr>
</table>
</body>
</html>

Insert.php

<?php
$con = mysql_connect("","","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("b4_5131359_ranks", $con);

$sql="INSERT INTO Clan (Username)
VALUES
('$_POST[username]') ON DUPLICATE KEY UPDATE points=points+1";


if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 Rank Point Added!";

mysql_close($con)
?>

Table (Index.php)

<?php
$con = mysql_connect("","","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("b4_5131359_ranks", $con);

$result = mysql_query("SELECT * FROM Clan");

echo "<table border='1' align='center' width='80%'>
<tr>
<th>Username</th>
<th>Rank Points</th>
</tr>";

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['username'] . "</td>";
  echo "<td>" . $row['points'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>

What should I enter into the last file to make it add a point to the specified username when clicked?

Thanks very much,
Clarkie

Res

Before anyone else yells at you, and they will, you should never use your request (post/get) globals directly in the query.

You should be doing something like:

$name = '';

if($_POST['username']){
   $username = mysql_real_escape_string($_POST['username']);
}

Ok, now that we have that out of the way, to perform the request you are asking you want to make a hyper link that passes the user name as a get variable back to your processing page.

So in the second file where you spit out the name, something like:

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td><a href=\"insert.php?username=".$row['username']."\">" . $row['username'] . "<a/></td>";
  echo "<td>" . $row['points'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

What we are doing here is creating a hyper link on the username display that includes a get variable called 'username' and is passing hte user name value for that row.

When we click it, it should take us back to your processing page. We will need to update that logic to work with the $GET var instead of just $POST.

If we use the first example for escaping, it isn't that hard, just replace the $_POST['username'] with $user_name.

$name = '';

if($_POST['username']){
   $username = mysql_real_escape_string($_POST['username']);
}elseif($_GET['username']){
   $username = mysql_real_escape_string($_GET['username']);
}