-3
<?php
include("databaseconnect.php");

if(isset($_POST['submitvotes'])) {
    
    $vote = $_REQUEST['submitvotes']; 

    $sql = "UPDATE `candidates` SET votescasted = votescasted + 1 WHERE  `id` = '$vote'";
    $qry = mysqli_query($connect, $sql);
    if ($qry){
        header("location: onlinevotingsystem.php?ViewResults");
    }
}
mysqli_close($connect);
    ?>

Am making online voting system using the code above but the problem is that it's only incrementing the votes by one. Is there any way I can stop voting several times (vote only once).

Am looking for solid ideas to also be able to save voters details and who they casted votes to.

GSerg
  • 76,472
  • 17
  • 159
  • 346
maurice
  • 5
  • 5

1 Answers1

0

The solution is not at all small. You need to be able to uniquely identify your users, track them, and make sure they only vote once. Your options include things like:

  1. Make them register to vote, verify their email, and allow only one vote per email (however they can always just register with more emails)
  2. Track IP address details, which also isn't great because many people can share one IP address
  3. Do both, which combines the benefits and drawbacks of 1 & 2
  4. Accept the fact that people can vote more than once.

Also, you are wide-open to SQL injection

Conor Mancone
  • 1,940
  • 16
  • 22
  • its for students so i think the registration number and admissions number will be unique. thanks – maurice Jul 03 '17 at 12:27
  • Requiring some personal information that has to be unique can make it a lot easier, but you also have to be aware of the possibility of someone using someone else's admissions/registration number. What stops me from voting before my roommate if I find his admissions number on a piece of mail he left out? That issue may or may not matter to you, but it is a possibility to be aware of. – Conor Mancone Jul 03 '17 at 12:55
  • you cant guess the login password though . To vote your must login to student portal with registration number and password . Then save the registration number as a session – maurice Jul 03 '17 at 13:13
  • Those are very relevant details to the original question. If you still need help, I suggest you edit your post and include lots more details. Now you're probably looking at some sort of SSO system. – Conor Mancone Jul 03 '17 at 13:28