An Article Rating System With ASP - Rate.asp (Page 3 of 5 )
When a visitor clicks on a rating radio button and then clicks on the "Rate It!" button, a hidden form variable passes the ID of the CD which is being rated as well as the actual rating that the visitor has cast.
We don't want any visitor rating one CD more than once because this would introduce bias into the situation, which isn't a good thing. We will grab the visitors IP address and also do some work with cookies to make sure that they can't rate the same CD again.
It is practically impossible to stop any dial up user rating a CD more than once. We will be setting a cookie and storing the users IP address in the database, however if they clear their browser's cookies and then reconnect to the Internet with a different IP address then our actions are void.
First off, we need to setup rate.asp to grab a couple of variables:
dim conn dim rs dim cdId dim visitorIP dim rating dim cookie dim cookieRated
Both cdId and rating are taken from the form. We are blocking visitors from multiple ratings by recording their IP address and also by setting a cookie. We get their IP address from the Request.ServerVariables collection as REMOTE_ADDR. When a user successfully rates an article, a cookie called rate_xxx is set to true (where xxx is the ID of the CD). We set the value of a variable called cookie to the rate_xxx cookie variable. Note that if the cookie hasn't been set, then an empty string will be returned.
Next up we have our database connection and recordset:
set conn = Server.CreateObject("ADODB.Connection") set rs = Server.CreateObject("ADODB.Recordset")
conn.Open "DSN=cds" rs.ActiveConnection = conn
If the cookie variable contains a value then the user has already rated this article. We use a variable called cookieRated to determine whether or not this user has already rated the selected article:
if cookie = "" then cookieRated = false else cookieRated = true end if
If the user doesn't actually click a radio button on the form then the rating variable will be empty. We do a quick check of this with an if...else construct, and if it's empty then we show an error message:
if rating = "" then
'Invalid rating %>
'Valid rating, make sure visitor hasn't already voted 'by checking the ratings table
We now want to check the ratings table to make sure that this user hasn't already rated the selected CD, so we use a select query, like this:
rs.Open "SELECT COUNT(*) FROM ratings WHERE ip='" & visitorIP & "' AND cdId=" & cdId
As you can see, we ask for the number of rows where the ip field matches the IP address of the visitor and where the cdId field matches the ID of the CD that is being rated.
If no records are returned then we check whether or not this user has voted via a cookie. If they havenít then we add their vote, like this:
if rs.Fields(0).Value = 0 then if cookieRated = false then 'Visitor hasn't rated yet, let's add it conn.Execute "INSERT INTO ratings(rating, ip, cdId) VALUES(" & rating & ", '" & visitorIP & "', " & cdId & ")"
Response.Cookies("rate_" & cdId) = true Response.Cookies("rate_" & cdId).expires = Date() + 30 %> <font face="Verdana" size="2" color="black"> <h2>Thank You For Rating!</h2> Your CD rating has been added to our database.<br><br> <a href="showcds.asp">Continue</a> </font> <% else ...
Firstly, we add a record to the rating table containing the visitors IP address, rating and ID of the CD that they are rating:
After this query we setup a cookie called rate_[ID of the CD] and set its value to true. We also set it to expire in 30 days with the Date() + 30 value.
Here's the output to the browser once the rating has been added to the database successfully:
If cookieRated is true or there was already a rating from this visitor in the database then we output a message telling the user that they have already voted:
Here's how the ratings table looks in Access after rating each article:
Now that we can accept ratings and stop visitors rating any CD more than once, we need to go back to showcd.asp and add some code to display the rating for each CD. Let's do that on the next page.