Using php to generate an image

[Sur_real]

To prevent SQL injections, for every query use mysql_real_escape_string().

As for the problem with line 41, look at your curly brackets

[2goto1]

Another option to handle SQL injection attacks is to parameterize all of your queries. This approach works with all popular database platforms. To do so with PHP, see http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php

[ProgrammingFun]

Thanks for all the help! I am now in the final stages of the development. This poll is going to be used as a school-wide election.
Please check it out at http://test.victoriaparkci.com/poll4/ (you are free to vote) and tell me what you think!
My leader has some oppositions, please tell me if you agree with her or with my response.

She says that results and voting should be on completely separate pages and that the user should go between them...but I point out that that is not user-friendly and tedious, and no professional poll does that.

She says that the list should be ordered from most to least polls...I say that this will destroy a common order and will make it more confusing and biased.

Please tell me what you think!

[Sur_real]

First of all, I think the song choices should be in alphabetical order. Also, you're right, the result should not be in descending order but in the order on the voting page.

Secondly, I don't know how professional (read: accurate) you want it to be but it seems like anyone can vote any number of times. This also brings up the issue of botting...while this isn't a website like google or etc so the chances of botting are low, you still might want to look into how you are getting votes (from the .php you posted eariler, it uses GET, maybe you want to change that to POST) just in case.

[Tony]

ProgrammingFun @ Thu Feb 24, 2011 6:50 pm wrote:

tell me what you think

I'm never gonna give you up.

[Tony]

Sur_real @ Thu Feb 24, 2011 7:31 pm wrote:

it uses GET, maybe you want to change that to POST) just in case.

So then I'll just change my Rick.rb script to make a POST request instead of GET

[ProgrammingFun]

My leader wanted it to be bot-able...in other words, she wanted users to be able to vote multiple times...I was thinking of limiting how many votes can be submitted per IP address for a time period but then gave it up...

@Tony: What do you mean? Is there another security bug?

[Sur_real]

sigh, so you're the one voting for rick LOL

[ProgrammingFun]

Is there any way to limit an IP address to vote for a certain song only once?

@Tony: Would you mind sending me the script? I could use it myself

[Sur_real]

You could try getting the IP of people who voted and put it in a SQL table.

[ProgrammingFun]

But then how would I re-allow that IP after the time limit has passed?
Actually, this may not be a good idea because that might just block my school's IP for some time and that is where most people will access it from...What should I do?

[Tony]

code:

while(true) {    send_request // so simple GET request of a page    sleep(some_time) // self-throttling is generally a good idea }

[Sur_real]

Hmmm...I guess you can also have a timestamp at the time they voted. So next time they vote, you check with the timestamp to allow/disallow and if allow, change timestamp to current again.

[ProgrammingFun]

Do you think that I should just remove the voting option from the results page? That way, you script will have to return to the other page to vote each time...

[Tony]

Nope, I never hit the results page. Or the form page. Sending requests directly to http://test.victoriaparkci.com/poll4/process.php?song[]=26&vote=Vote