DarrenH Posted July 24, 2009 Share Posted July 24, 2009 Please help. I am very very very new to php, but I know a very little, and can do HTML and CSS. I have asked a php programmer to develop a survey site for a client. There are two things which are not working on the site, and I can not get hold of the programmer to rectify, so I was trying to have a go myself. I have a survey facility that has two things: First a client adds the survey questions in a CMS. Then, for someone to participate in the survey the participant must enter a password and user name to access the survey. First question - all users of the survey have the same user name and password (that's the way I want it!). However the php programmer has developed the site so that only one person can access the site with a user name and password (which is wrong). Second, I have entered one question in the survey to test, with three multiple choice answers. I have logged into the survey myself, and answered the question - with one of the multiple choice answers. However the resulting solution gives me a result which says 33.3% of the people selected answer 3 - which is wrong as only one person (myself) participated, and I only selected answer three - so the result should be 100% for answer 3. I need some help correcting this please. I am a novice, and don't know where to start. Any help please :'( This is the code of the resulting survey result file - can anyone see where it is wrong: <?php include('apptop.php'); include('session.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <? include('meta.php');?> <link rel="stylesheet" href="css/style.css" type="text/css" /> <title><?=SITE_TITLE?> - Survey Results</title> </head> <body> <div id="wrap"> <?php include('header.php');?> <div id="content-wrap"> <img src="images/headerphoto.jpg" width="820" height="120" alt="headerphoto" class="no-border" /> <?php include('leftnav.php');?> <div id="main"> <a name="TemplateInfo"></a> <h1>Survey Results </h1> <p> <table width='100%' align='center' border='0' cellspacing='1' cellpadding='3'> <form method=post action=surveyresults.php> <input name="memberid" type="hidden" value="<?=$memberid?>"> <tr> <td height='16' class='header' colspan='3'> </td> </tr> <? if(!empty($del)) { $delAns = "delete from ans where quest_id = \"$questid\""; $resAns = mysql_query($delAns); $q1 = "delete from quest where quest_id = \"$questid\""; $r1 = mysql_query($q1) or die(mysql_error()); echo " <tr> <td height='16' colspan='3' class='header'>The Question was successfully deleted</td> </tr> "; ?> <META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>"> <? } ?> <? if(!empty($delans)) { $q1 = "delete from ans where ans_id = \"$ansid\""; $r1 = mysql_query($q1) or die(mysql_error()); echo " <tr> <td height='16' colspan='3' class='header'>The answer was successfully deleted</td> </tr> "; ?> <META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>"> <? } ?> <!--<tr> <td class=text valign=top width=15%>Select Section:</td> <td class=text valign=top width=10%> <select name="section"> <option value="">Select One</option> <option value="Front End">Front End</option> <option value="Jobseekers">Jobseekers</option> <option value="Employers">Employers</option> </select> </td> <td class=text valign=top><input type=submit name=submit value="Search"></td> </tr>--> <tr> <td colspan=3 class="text"> <? $memberid = $_SESSION['memberID']; $display = $a18[results]; $pg = (isset($_REQUEST['pg']) && ctype_digit($_REQUEST['pg'])) ? $_REQUEST['pg'] : 1; $start = $display * $pg - $display; $result = mysql_query("SELECT count(*) from quest where member_id= $memberid ");// $total = mysql_result($result, 0); $query = mysql_query("SELECT * from quest where member_id= $memberid order by quest_id desc limit $start, $display"); //where member_id= $memberid if($total == '0') { echo " <table width='100%' border='0' cellpadding='5' cellspacing='0' class='box'> <tr> <td valign='top' class='text'>There are currently no Questions in the database</td> </tr> </table>"; exit; } $arrColor[0]="800000"; $arrColor[1]="0000FF"; $arrColor[2]="008800"; $arrColor[3]="FF0000"; $arrColor[4]="006600"; $arrColor[5]="CC0033"; $arrColor[6]="0000CC"; $arrColor[7]="A4A01E"; $arrColor[8]="CA6500"; $arrColor[9]="E407CE"; $arrColor[10]="FF0000"; while($a2 = mysql_fetch_array($query)) { $selAns = "select * from ans where quest_id='$a2[quest_id]'"; $resAns = mysql_query($selAns); $numRowAns = mysql_num_rows($resAns); ?> <table width='100%' border='0' cellpadding='5' cellspacing='5'> <tr> <td width="6%" class='text'>Question:</td> <td width="94%" valign='top' class='text'><?=$a2['quest_question']?></td> </tr> <?php if($numRowAns>0) {$i=0; while($a2Ans = mysql_fetch_array($resAns)) { $selSurRes = "SELECT count(*) FROM surveyresults where quest_id='".$a2[quest_id]."' and ans_id='".$a2Ans['ans_id']."'"; // list($ansDV) = arrayQuery($selSurRes); $percn=($ansDV/$numRowAns)*100; if($ansDV>0){$ansATT='(Member Answer)';$percentageYes = 100;}else{$ansATT='';$percentageYes = '';} $per = (int)(100 * $ansDV/$numRowAns); $rowGetResults=mysql_num_rows($resAns); $percentageYes=($ansDV * 100)/$numRowAns; $percentageNo=100-$percentageYes; ?> <tr> <td class='text'>Answer:</td> <td class='text' valign='top' title="Answered Number: <?=$ansDV?> - Total Answer Number: <?=$numRowAns?>"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%" align="left" class="text"> <?=$a2Ans['ans_answer']?> <? /*if(!$percn==0){?> <table border="0" height="10" width="<?=$percn?>%" bgcolor="#<?=$arrColor[$i]?>"><tr><td></td></tr></table> <? }else{?> <table height="10" border="0"><tr><td><td><?=number_format($percn,2, '.', '');?></tr></table> <? }*/?> </td> <td> <table width="300" border="0" cellspacing="0" cellpadding="0" style="border:#999999 1px solid;"> <?php if($percentageYes == '0') {?> <tr><td width="100%" bgcolor="#FFFFFF" class="text"><b>0%</b></td></tr> <?php } elseif($percentageYes == '100') {?> <tr><td width="100%" bgcolor="#2884C8" class="text"><b>100%</b></td></tr> <?php } else { ?> <tr><td width="<?=$percentageYes?>%" bgcolor="#2884C8" class="text"><b><?=round($percentageYes,2)?>%</b></td> <td width="<?=100-$percentageYes?>%" bgcolor="#FFFFFF"> </td></tr> <?php } ?> </table> </td> </tr> </table> </td> </tr> <?php $i++; } } ?> <tr> <td colspan=2><hr style='background-color: rgb(204, 204, 204);' width='100%' size='1' noshade='noshade' color='#cccccc'><br /></td> </tr> </table> <? } ?> <table width='100%' border='0' cellpadding='5' cellspacing='0'> <tr> <td height='15' align='center' class='text'> <? function paginate($display, $pg, $total) { /* make sure pagination doesn't interfere with other query string variables */ if(isset($_SERVER['QUERY_STRING']) && trim( $_SERVER['QUERY_STRING']) != '') { if(stristr($_SERVER['QUERY_STRING'], 'pg=')) $query_str = '?'.preg_replace('/pg=\d+/', 'pg=', $_SERVER['QUERY_STRING']); else $query_str = '?'.$_SERVER['QUERY_STRING'].'&pg='; } else $query_str = '?pg='; /* find out how many pages we have */ $pages = ($total <= $display) ? 1 : ceil($total / $display); /* create the links */ $first = '<a href="'.$_SERVER['PHP_SELF'].$query_str.'1">First </a>'; $prev = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg - 1).'"> Previous</a>'; $next = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg + 1).'"> Next</a>'; $last = '<a href="'.$_SERVER['PHP_SELF'].$query_str.$pages.'">Last</a>'; /* display opening navigation */ echo '<div><p align="center">'; echo ($pg > 1) ? "$first : $prev :" : '« : ‹ :'; /* limit the number of page links displayed */ $begin = $pg - 4; while($begin < 1) $begin++; $end = $pg + 4; while($end > $pages) $end--; for($i=$begin; $i<=$end; $i++) echo ($i == $pg) ? ' ['.$i.'] ' : ' <a href="'. $_SERVER['PHP_SELF'].$query_str.$i.'">'.$i.'</a> '; /* display ending navigation */ echo ($pg < $pages) ? ": $next : $last" : ': › : »'; echo '</p></div>'; } paginate($display, $pg, $total); ?> </td> </tr> </table> </td> </tr> </form> </table> </p> </div> <?php include('rightnav.php');?> </div> <?php include('footer.php')?> </div> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/167266-php-help-with-survey-site-please/ Share on other sites More sharing options...
jonsjava Posted July 26, 2009 Share Posted July 26, 2009 The person who coded your site was a novice as well. They used <?= which is short code. That's ok, I guess, if you are certain that the server allows that. They also used $_REQUEST. This is something all script kiddies love to see when attempting to hack a site. Lets say that you have a form, and it posts to another script to parse, then you are expecting to use $_POST to be what the data is, but if someone knows your variables, they can inject via the $_GET method. Also, he opens and closes PHP for no reason (take note of lines 54-58). In short: this script is so messed up it would be easier to scrap it and start over. Quote Link to comment https://forums.phpfreaks.com/topic/167266-php-help-with-survey-site-please/#findComment-882959 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.