Allow users to vote once in PHP

Question

I'm working on a school project where I need to allow users to vote on pictures. Users can a picture up or down. It's the idea that they can change their vote anytime, but they can't undo their vote, so once they voted it's either up or down.

I've been trying some things but I can't seem to get it to work. It works when an user pressed an upvote for the first time, then the user is able to change his vote to a downvote. But when he tries to upvote again, nothing is happening this has been bugging me for a while now, I would appreciated any help.

Here is my code so far:

 if (isset($_SESSION['loggedin'])) {
    $result = mysql_query("SELECT * FROM user2pics WHERE picid = $id AND userid = $user");
    if (mysql_num_rows($result) == 0) {
        $votes_up = $cur_votes[0] + 1;
        $resultaat = mysql_query("UPDATE pics SET likes = $votes_up WHERE picid = $id");
        if ($resultaat) {
            $query = mysql_query("INSERT INTO user2pics (picid, userid, vote) VALUES ($id, $user, 1)");
            if ($query) {
                $effectiveVote = getEffectiveVotes($id);
                echo $effectiveVote . " votes";
            } elseif (!$query) {
                echo "Failed!";
            }
        } elseif (!$resultaat) {
            echo "Failed insert in pics!";
        }
    } else {
        $row = mysql_fetch_array($result);
        if ($row['vote'] == 0) {
            $votes_down = $cur_votes[0] + 1;
            $result = mysql_query("UPDATE pics SET likes = $votes_up WHERE picid = $id");
            if ($result) {
                $resultaat = $mysqli -> prepare("UPDATE user2pics SET vote = 1 WHERE picid = $id AND userid = $user");
                $resultaat -> execute();
                $effectiveVote = getEffectiveVotes($id);
                if ($resultaat -> affected_rows == 1) {
                    echo $effectiveVote . " votes";
                }
            }
        } else {
            $effectiveVote = getEffectiveVotes($id);
            echo $effectiveVote . " votes";
        }
    }
} else {
    echo "Please login first!";
}
} elseif ($action == 'vote_down'){
if (isset($_SESSION['loggedin'])) {
    $result = mysql_query("SELECT * FROM user2pics WHERE picid = $id AND userid = $user");
    if (mysql_num_rows($result) == 0) {
        $votes_down = $cur_votes[1] + 1;
        $resultaat = mysql_query("UPDATE pics SET dislikes = $votes_down WHERE picid = $id");
        if ($resultaat) {
            $query = mysql_query("INSERT INTO user2pics (picid, userid, vote) VALUES ($id, $user, 0)");
            if ($query) {
                $effectiveVote = getEffectiveVotes($id);
                echo $effectiveVote . " votes";
            } elseif (!$query) {
                echo "Failed to dislike!";
            }
        } elseif (!$resultaat) {
            echo "Failed insert in pics!";
        }
    } else {
        $row = mysql_fetch_array($result);
        if ($row['vote'] == 1) {
            $votes_down = $cur_votes[1] + 1;
            $result = mysql_query("UPDATE pics SET dislikes = $votes_down WHERE picid = $id");
            if ($result) {
                $resultaat = $mysqli -> prepare("UPDATE user2pics SET vote = 0 WHERE picid = $id AND userid = $user");
                $resultaat -> execute();
                $effectiveVote = getEffectiveVotes($id);
                if ($resultaat -> affected_rows == 1) {
                    echo $effectiveVote . " votes";
                }
            }
        } else {
            $effectiveVote = getEffectiveVotes($id);
            echo $effectiveVote . " votes";
        }
    }
} else {
    echo "Please login first!";
}
}

$cur_votes is defined as: $cur_votes = getAllVotes($id);

function getAllVotes($id) {
$votes = array();
$q = "SELECT * FROM pics WHERE picid = $id";
$r = mysql_query($q);
if (mysql_num_rows($r) == 1)//id found in the table
{
    $row = mysql_fetch_assoc($r);
    $votes[0] = $row['likes'];
    $votes[1] = $row['dislikes'];
}
return $votes;
}

function getEffectiveVotes($id) {
/**
 Returns an integer
 **/
$votes = getAllVotes($id);
$effectiveVote = $votes[0] - $votes[1];
return $effectiveVote;
}

Answer 1

You're duplicating functionality by storing 'likes' in two places.

I didn't look at your weak entity (table for users and votes) so let's assume it will have three fields: user_id, item_id and vote TINYINT. Primary key on user_id and item_id so the same user can only have one vote per item.

Set vote to 1 or -1 depending on up or down, instead of storing likes in the item table, calculate total vote for an item dynamically like this:

SELECT SUM(vote) FROM user_votes WHERE item_id = ?;

If you only want positive votes, do this:

SELECT SUM(vote) FROM user_votes WHERE item_id = ? AND vote = 1;

When the user wants to record or change his vote, you can use REPLACE INTO syntax (thanks to Anigel for the suggestion -- I totally missed it) in order to store the user's new vote:

REPLACE INTO user_votes (user_id, item_id, vote) VALUES (?, ?, ?);