投票系统--自己写很失败，遭大多数人鄙视。

这个投票系统  看上去很严密 实际用了 我才知道它是不堪一击的  投票也加了验证码但是还是很失败 

public string toupiao(int id)
    ...{

        DateTime d = (DateTime)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select max(datatime) from per_ip_temp");
        DateTime dd = d.AddDays(1);
        if (dd.Day == DateTime.Now.Day)
        ...{
            DataSet ds12 = LiTianPing.DBUtility.DbHelperSQL.Query("select * from per_ip_temp");
            string path = System.Web.HttpContext.Current.Server.MapPath("ip/") + System.DateTime.Now.ToString("yyyyMMddHHmmss") + ".xml";
            ds12.WriteXml(path);
            LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("delete from per_ip_temp");

        }
        int count = 1;
        try
        ...{
            string ip = System.Web.HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"].ToString(); ;
            if (LiTianPing.DBUtility.DbHelperSQL.Exists("select count(*) from per_ip_temp where ip='" + ip + "'"))
            ...{
                count = (int)LiTianPing.DBUtility.DbHelperSQL.GetSingle("select ipcount from per_ip_temp where ip='" + ip + "'");
            }
            else
            ...{
                LiTianPing.DBUtility.DbHelperSQL.ExecuteSql("insert into per_ip_temp (ip,per_id) values('" + ip + "','" + System.Web.HttpContext.Current.Request.QueryString.Get("id") + "')");
            }
            if (count <= 5)
            ...{


                if (Convert.ToInt32(panduan_cook()) >= 5)
                ...{

                    return "失败：每个人24小时内只能投五次";
                }
                else
                ...{

                    write_cook(Convert.ToInt32(panduan_cook()) + 1);
                    toupioa(ip, count);
                    return "投票成功：你今天第" + count + "次票";
                }


            }
            else
            ...{
                return " 失败：每个人24小时内能投五次";
            }
        }
        catch
        ...{
            return "你没有请选择";
        }
    }
    protected void toupioa(string ip, int count)
    ...{
        string sql = "update per_info set per_nuber=per_nuber+1 where id=" + System.Web.HttpContext.Current.Request.QueryString.Get("id");
        string sql1 = "update per_ip_temp set ipcount=ipcount+1 where ip='" + ip + "'";
        LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql);
        LiTianPing.DBUtility.DbHelperSQL.ExecuteSql(sql1);

    }
    private void write_cook(int i)
    ...{
        HttpCookie hc = new HttpCookie("user");
        hc.Value = i.ToString();
        hc.Expires = System.DateTime.Now.AddDays(1);

        System.Web.HttpContext.Current.Response.Cookies.Add(hc);
    }
    private string panduan_cook()
    ...{
        HttpCookie hc = System.Web.HttpContext.Current.Request.Cookies["user"];
        if (!Object.Equals(hc, null))
        ...{
            return hc.Value;
        }
        else
        ...{
            return "";
        }
    }