Gucci Mane Posted October 16, 2009 Share Posted October 16, 2009 When I try to rate someone up/down I get this error: Fatal error: Call to a member function query() on a non-object in /home/jewelz/public_html/rating.php on line 45 heres my rating.php <?php /* Simple user rating system (Free Mod) For mccodes v2 Property of [url]www.ganjasworld.com[/url] */ include "globals.php"; $ID = (int) ($_GET['ID']); $action = $_GET['action']; switch($action) { case 'goodrating': good_rating(); break; case 'badrating': good_rating(); break; } if(!$ID) { echo "Error - invaild player id."; $h->endpage(); exit; } if(!$action) { echo "Error - invaild action."; $h->endpage(); exit; } function good_rating() { global $ir,$userid; if($ir['rates'] > 0){ $ID = $_GET['ID']; if($ID == $userid) { echo "You cannot rate yourself."; } else { $result = $db->query("SELECT * FROM users WHERE userid='{$ID}'"); while($row = $db->fetch_row($result)) { $gratings = $row['goodratings']; } $db->query("UPDATE users SET goodratings = {$gratings}+1 WHERE userid='{$ID}'"); $db->query("UPDATE users SET rates = '0' WHERE userid='{$userid}'"); echo "You gave the user a good rating"; } } else { echo "You can only rate once a day."; } } function bad_rating() { if($ir['rates'] > 0){ $ID = $_GET['ID']; if($ID == $userid) { echo "You cannot rate yourself."; } else { $result = $db->query("SELECT * FROM users WHERE userid='{$ID}'"); while($row = $db->fetch_row($result)) { $bratings = $row['badratings']; } $db->query("UPDATE users SET badratings = {$bratings}+1 WHERE userid='{$ID}'"); $db->query("UPDATE users SET rates = '0' WHERE userid='{$userid}'"); echo "You gave the user a bad rating"; } } else { echo "You can only rate once a day."; } } $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
seanybob Posted October 16, 2009 Share Posted October 16, 2009 Could be a dozen different things. I would guess though that you should change: function good_rating() { global $ir,$userid; to function good_rating() { global $db,$ir,$userid; Quote Link to comment Share on other sites More sharing options...
Gucci Mane Posted October 16, 2009 Author Share Posted October 16, 2009 Works man ty. Do you know anything about the security?? Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted October 17, 2009 Share Posted October 17, 2009 I can tell you that things like: $ID = $_GET['ID']; Need to be banished! We talked enough about such issues to nearly make a book :D The first thing to think is that ANY input coming from the web (cookies, GET and POST) need to be checked, filtered before doing anything with them specially putting them into a query. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.