I'm trying to build a form for a TCG i run where it allow people to vote for decks they want to see released. It would show in the database by adding 1 for yes and nothing for no. I have it coded but I can't get it to update the database does anyone see where I went wrong?
<?php session_start();
if (isset($_SESSION['USR_LOGIN'])=="") {
header("Location:http://leisure.day-is-gone.net/login.php");
}
include("mytcg/settings.php");
include("$header");
if(!$_SERVER['QUERY_STRING']) {
$select = mysql_query("SELECT * FROM `$table_members` WHERE name='$_SESSION[USR_LOGIN]'");
while($row=mysql_fetch_assoc($select)) {
?>
<h1>Release Me Form</h1>
Chose an option for all.<Br>
<?php
$select2 = mysql_query("SELECT * FROM `$table_cards` WHERE released='N' AND `voted` NOT LIKE '$_SESSION[USR_LOGIN]' ORDER BY set2, category, deckname");
$count = mysql_num_rows($select2);
if($count==0) {
echo "There are currently no requested decks.\n";
echo "<br /><br />\n\n";
}
else {
echo "<table width=\"100%\">\n";
echo "<form method=\"post\" action=\"forms_reme2.php?thanks\">
<input type=\"hidden\" name=\"name\" value=\"$row[name]\" />
<input type=\"hidden\" name=\"email\" value=\"$row[email]\" />";
echo "<tr><td width=\"50%\"><b>Deckname</b></td><td width=\"25%\"><b>Category</b></td><td width=\"10%\"><b>Yes</b></td><td width=\"10%\"><b>No</b></td></tr>\n";
while($row2=mysql_fetch_assoc($select2)) {
$cat=$row2[category];
if
($row2[groupmember]=="No") {
echo " <input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>\n";
}
else { echo "<input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[set2]: $row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>";
}}
echo "</table>\n";
echo "<br /><br />\n";
}
?>
<tr><td> </td><td><input type="submit" name="submit" value="Release It! " /></td></tr>
</table>
</form>
<?php
}
}
elseif($_SERVER['QUERY_STRING']=="thanks") {
if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {
exit("<p>You did not press the submit button; this page should not be accessed directly.</p>");
}
else {
$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
$profanity = "/(beastial|bestial|blowjob|clit|cum|cunilingus|cunillingus|cunnilingus|cunt|ejaculate|fag|felatio|fellatio|fuck|fuk|fuks|gangbang|gangbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus|orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
$spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";
if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
exit("<h1>Error</h1>\nKnown spam bots are not allowed.<br /><br />");
}
foreach ($_POST as $key => $value) {
$value = trim($value);
if (empty($value)) {
exit("<h1>Error</h1>\nEmpty fields are not allowed. Please go back and fill in the form properly.<br /><br />");
}
elseif (preg_match($exploits, $value)) {
exit("<h1>Error</h1>\nExploits/malicious scripting attributes aren't allowed.<br /><br />");
}
elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
exit("<h1>Error</h1>\nThat kind of language is not allowed through our form.<br /><br />");
}
$_POST[$key] = stripslashes(strip_tags($value));
}
$name = escape_sql(CleanUp($_POST['name']));
$email = escape_sql(CleanUp($_POST['email']));
$reme = escape_sql(CleanUp($_POST['reme']));
if (is_array($reme)) {
if($_POST['submit']){
foreach($_POST["id"] AS $key => $val) {
$id = $val;
$area = $_POST['reme'.$id.''];
$update = "UPDATE cards SET reme='$area' AND voted='$name' WHERE id='$id'";
}
}}
if(mysql_query($update, $connect)) {
?>
<h1>Thank You!</h1>
Thank you for sending in the release it form this helps me decide what upcoming decks to release. Please take what you see below
<br /><br />
<center>
<?php
}
else {
?>
<h1>Error</h1>
It looks like there was an error in processing your level up form. Send the information to <?php echo $tcgemail; ?> and we will send you your rewards ASAP. Thank you and sorry for the inconvenience.
<?php
}
}
}
include("$footer"); ?>