Why isn’t my PHP Script working as expected? [duplicate]

0

This question already has an answer here:

So recently I made a post about how to know if my script was SQL Injection proof and I finished the script but after using it on my website it’s not working properly as expected.

I use a textbox to load to input $account but after inputing it, it doesn’t seem to be loading from it and instead shouts ‘Enter a account name!’ which means it’s not loading at all. So i’m wondering where did I go wrong in this script that made it stop working?

Thank you in advance.

<?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "aspire";

   
$mysqli = new mysqli($servername, $username, $password, $dbname);

if ($mysqli->connect_error) {
    die("Connection failed: " . $mysqli->connect_error);
}
 
$earnedpoints = false;
$account = $_POST['name'];
$account = mysql_real_escape_string($account);
 
if ($account == "") {
    echo 'Enter an account name!';
    exit();
}
 
$ip = $_SERVER['REMOTE_ADDR'];
$time = time();
 
$stmt = $mysqli->prepare("SELECT *, SUM(`times`) as amount FROM votingrecords WHERE account='$account' OR ip='$ip'");
$stmt->bind_param("ss", $account, $ip);
$stmt->execute();


$lasttime = mysql_fetch_array($stmt);
$amount = $lasttime['amount'];
$insertnew = false;    
if ($amount == "") {
    $insertnew = true;
}
$timecalc = $time - $lasttime['date'];
if (!$insertnew) {
    if ($timecalc < 21600) {  
        echo ' Hello '. $account .' you have already voted with this account ('. $account .') or IP ('. $ip .') in the last 6 hours!';
        echo ' Last voted on: '. date('M d, h:i:s A', $lasttime['date']) .'';
        echo '<html>';
        echo '<head>';
        echo '<meta HTTP-EQUIV="REFRESH" content="3; url=http://www.">';
        echo '</head>';
        echo '<body>';
        echo '<br><br>You will be redirected to the main website in 3 seconds.';
        echo '</body>';
        echo '</html>';
        exit();
    } else {                
        $update = $mysqli->prepare("UPDATE votingrecords SET account='$account', date='$time', times=times+1 WHERE ip='$ip'");
		$stmt->bind_param("sss", $account, $time, $ip);
		$stmt->execute();
            if (!$update) {
                $message  = 'Invalid query: ' . mysql_error() . "n";
                $message .= 'Whole query: ' . $update;
                die($message);
            } else {
                $earnedpoints = true;
            }
        }
} else {
    $success = $mysqli->prepare("INSERT INTO votingrecords (`account`, `ip`, `date`, `times`) VALUES ('$account', '$ip', '$time', 1)");
		$stmt->bind_param("sss", $account, $ip, $time);
		$stmt->execute();
    if (!$success) {
            $message  = 'Invalid query: ' . mysql_error() . "n";
            $message .= 'Whole query: ' . $success;
            die($message);
    } else {
        $earnedpoints = true;
    }
}
 
 
 
 
if ($earnedpoints) {
    $points = $mysqli->prepare("UPDATE accounts SET votepoints = votepoints + 2 WHERE name='$account'"); 
    $stmt->bind_param("s", $account);
    $stmt->execute();
    if (!$points) {
 
            $message  = 'Invalid query: ' . mysql_error() . "n";
            $message .= 'Whole query: ' . $stmt;
            die($message);
    }
    $stmt->close();
    echo '<html>';
    echo '<head>';
    echo '<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.gtop100.com">';
    echo '</head>';
    echo '</html>';
} else {
    echo 'There was an error processing your request.';
    exit();
}
?>

Link: Why isn’t my PHP Script working as expected? [duplicate]
Source: Stack Sql

Share.

About Author

Leave A Reply