Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Feb 2010
    Posts
    130
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Review Script help

    Trying to put in a review system where a guest can review a game and the review will display on the game page.

    Each game page is generated by a single template file (so if I make a change in the template file, it affects all the game pages).

    This is the code I have now that displays the form:

    Code:
            <tr>
                <td align=left><strong>Submit Your Review Here:</strong>
    <br><br>
                
                  Name:<input type=text width=40px /><br /><br />
                  <textarea cols=70 rows=15>Enter Text Here...</textarea><br /><br />
                  Answer this simple math question:" . $numberOne . " + " . $numberTwo . " = <input type=text /><br /><br />
                  <input type=submit text='Submit Review' />
                </td>
            </tr>
    The only sql I have right now is this:

    $numberOne = rand(1,20);
    $numberTwo = rand(1,20);


    The anti-spam filter...I'm not sure if it has been completed yet (my friend is the one who did the coding) but it's supposed to ask a math question.

    But basically, the review is supposed to take the review that the guest submits, and insert the review and the game name into the reviews database. Problem is figuring out what sql to use. I want the sql code to be able to grab the name of the game page that the review is based on and insert the game name as well as the review into the database. The reviews database has columns in the following format:

    reviewId - int(11)
    gameId - int(11)
    reviewerName - text
    reviewContent - longtext
    ipAddress - text
    date - date
    confirmed - text

    The URL structure of the game page goes like this: http://www.mmocraze.com/game-directo...ile/?gameId=XX

    On the game page, I have php coding that displays the various sql variables. For instance, I have a table tag that encloses the sql variable for the game name that corresponds to the gameId. So the sql code for the reviews system should pull the game name as it is displayed on the specific game page and insert the game name into the database.


    I have a ratings system that works similar to this. It allows users to rate the game and displays the average rating. It inserts the rating based on the gameId that the user is on.

    The code looks like this:

    Code:
    if ($_GET[rating] > 0 & $_GET[rating] < 11) {
      mysql_query("INSERT INTO gameRating (gameId, rating) VALUES ($gameId, $_GET[rating])");
      
      $ratings = mysql_query("SELECT rating FROM gameRating WHERE gameId=$gameId");
      while($ratingsRow = mysql_fetch_array($ratings))
      {
        $totalRating = $totalRating + $ratingsRow['rating'];
        $ratingCount = $ratingCount + 1;
      }
      
      $averageRating = $totalRating / $ratingCount;
      
      mysql_query("UPDATE wp_MMOCraze_games SET gameCrazeLevel=$averageRating WHERE gameId=$gameId");
      $rated = true;
    }
    with the sql variables:

    $gameId = $_GET['gameId'];
    $rated = false;


    Any help is appreciated

  • #2
    Regular Coder
    Join Date
    May 2008
    Location
    Ohio
    Posts
    231
    Thanks
    3
    Thanked 21 Times in 21 Posts
    I'm not exactly sure what you're asking. I will offer this suggestion:

    Never ever ever ever do this:

    Code:
      mysql_query("INSERT INTO gameRating (gameId, rating) VALUES ($gameId, $_GET[rating])");
    You MUST clean the variables $gameId, and especially $_GET[rating]. Always clean ANYTHING that comes in through $_GET, $_POST, or $_COOKIE. Use mysql_real_escape_string or the PDO library. Failure to do this can cause major website vulnerabilities - someone could easily delete everything in your database or steal information out of it.
    zok@zoklet:~$ whereis zok
    zok: http://zoklet.net | http://zoklet.net/otg | /derzok/at/gmail/dot/com

  • #3
    Regular Coder
    Join Date
    Feb 2010
    Posts
    130
    Thanks
    4
    Thanked 0 Times in 0 Posts
    This is my new updated code for the ratings system:

    Code:
    $rating = $_GET["rating"];
    // shouldn't you check to be sure $rating is an INTEGER number??????
    if ($rating > 0 & $rating < 11) 
    {
      mysql_query("INSERT INTO gameRating (gameId, rating) VALUES ($gameId, $rating)");
      $sql = "UPDATE wp_MMOCraze_games SET gameCrazeLevel = ( "
            .   "SELECT AVG(rating) FROM gameRating WHERE gameId=$gameId ) "
            .   " WHERE gameId=$gameId";
      mysql_query( $sql );
      $rated = true;
    }
    Where would I put the mysql_real_escape_string at?

    And any ideas on the review system code?
    Basically all I want to do is almost the same thing as the ratings system code.

    The game profiles are generated using a template file, however each individual game profile has its own separate database.
    The game profile has php coding that outputs various sql variables on to the page. One of these variables is the $gameName variable.
    I want to have a code that gets the gameName for the specific game profile that the user is on and submits the gameName along with the review into the reviews database.

    So basically, if a user is on the game Profile, Aion, the code will pull the gameName "Aion" from the page and insert the name into the database along with the review that the user submitted using the review form that's on the profile itself. And then the code will also output and display every review in order by recent entry that corresponds to that specific gameName for that profile.

  • #4
    New Coder
    Join Date
    Nov 2010
    Posts
    12
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Hey crazykid,

    Have you thought about pulling the page name from the $_SERVER vars? This page lists the ones available: http://php.net/manual/en/reserved.variables.server.php

    If there is not one that is exactly what you need, you can strip it down using substr functions.

    Hope this helps!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •