PHP & MySQL vote count problem?

Question

I found this script on about.com which I'm trying to learn from on how to create a rating system but the script for some reason wont count a vote when the link is clicked and just reloads the page.

I was wondering how can I fix this problem? And what part of the code do I need to change and where?

Here is the full script below.

<?php
// Connects to your Database
mysql_connect("localhost", "root", "", "sitename") or die(mysql_error());
mysql_select_db("sitename") or die(mysql_error());

//We only run this code if the user has just clicked a voting link
if ( $mode=="vote") {

  //If the user has already voted on the particular thing, we do not allow them to vote again $cookie = "Mysite$id";
  if(isset($_COOKIE[$cookie])) {
     echo "Sorry You have already ranked that site <p>";
  } else {
        //Otherwise, we set a cooking telling us they have now voted
    $month = 2592000 + time();
    setcookie(Mysite.$id, Voted, $month);

    //Then we update the voting information by adding 1 to the total votes and adding their vote (1,2,3,etc) to the total rating
    mysql_query ("UPDATE vote SET total = total+$voted, votes = votes+1 WHERE id = $id");
    echo "Your vote has been cast <p>";
  }
} 

//Puts SQL Data into an array
$data = mysql_query("SELECT * FROM vote") or die(mysql_error());

//Now we loop through all the data
while($ratings = mysql_fetch_array( $data )) {

  //This outputs the sites name
  echo "Name: " .$ratings['name']."<br>";

  //This calculates the sites ranking and then outputs it - rounded to 1 decimal
  if($ratings['total'] > 0 && $ratings['votes'] > 0) {
    $current = $ratings['total'] / $ratings['votes'];
  } else {
    $current = 0;
  }

  echo "Current Rating: " . round($current, 1) . "<br>";

  //This creates 5 links to vote a 1, 2, 3, 4, or 5 rating for each particular item
  echo "Rank Me: ";
  echo "<a href=?mode=vote&voted=1&id=".$ratings['id'].">Vote 1</a> | ";
  echo "<a href=?mode=vote&voted=2&id=".$ratings['id'].">Vote 2</a> | ";
  echo "<a href=?mode=vote&voted=3&id=".$ratings['id'].">Vote 3</a> | ";
  echo "<a href=?mode=vote&voted=4&id=".$ratings['id'].">Vote 4</a> | ";
  echo "<a href=?mode=vote&voted=5&id=".$ratings['id'].">Vote 5</a><p>";
}
?>

Answer 1

$mode is never set? While it may have worked if register globals was on, it is not on by default any more (and is removed in later versions of PHP)

//We only run this code if the user has just clicked a voting link
if ( $mode=="vote") {

Maybe you mean

if ( $_GET['mode']=="vote") {

The same goes for $id and $voted, which are also never set.

EDIT
I also would like to add, that if I went and changed id to 1';DROP TABLE vote; You would have a whole lot of data lost. Look at SQL Injection

EDIT
If the row in the table doesn't exist, you will need to INSERT it before you can UPDATE it.

Answer 2

I can also see $cookie is never set, looking at the code it should be 'Mysite' . $id. I added quotes for the string, though PHP will treat any unquoted text as string but avoid misunderstanding and errors later, its always a good idea.

Also this script assumes PHP option register_globals is on, you need to make that register_globals = ON in your php.ini