-
Notifications
You must be signed in to change notification settings - Fork 4
/
createpoll.php
65 lines (61 loc) · 1.82 KB
/
createpoll.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?php
if(!isset($_SESSION))
{
session_start();
}
include("dbconnect.php");
include("session_check.php");
$userid=$_SESSION["userid"];
$desc = mysqli_real_escape_string($conn,$_POST["desc"]);//escapes characters like ','',` etc...
$desc = htmlspecialchars($desc);//used to escape html characters like <,> etc...
$poll_query = "INSERT into poll (pollhostid, description, heldon) VALUES ($userid, '$desc', curdate())";
if(mysqli_query($conn, $poll_query))
{
echo "Poll inserted successfully";
}
else
{
echo "Error: Could not execute the query: " . mysqli_error($conn);
}
// query to fetch the pollid
$query = "SELECT max(pollid) AS max FROM poll";
$result = mysqli_query($conn,$query);
$row = mysqli_fetch_array($result);
$pollid = $row['max'];
$poll_count = 1;
$polloption = "";
if(isset($_POST['option'.$poll_count.'']))
{
$polloption = mysqli_real_escape_string($conn,$_POST['option'.$poll_count.'']);
}
$polloption_insert = "INSERT INTO polloption(pollid, pollhostid, choiceid, choice) VALUES (?,?,?,?)";
if($stmt = mysqli_prepare($conn, $polloption_insert))
{
while($polloption !== '')
{
mysqli_stmt_bind_param($stmt,"iiis", $pollid, $userid, $poll_count, $polloption);
if(mysqli_stmt_execute($stmt))
{
echo "Poll option $poll_count Inserted successfully";
$poll_count++;
$polloption = "";
if(isset($_POST['option'.$poll_count.'']))
{
$polloption = mysqli_real_escape_string($conn,$_POST['option'.$poll_count.'']);
}
if($polloption === '')
{
$poll_count--;
}
}
else
{
echo "Error: Could not execute the query: " . mysqli_error($conn);
}
}
}
else
{
echo "Error: Could not prepare the query: " . mysqli_error($conn);
}
?>