DarrenH Posted July 24, 2009 Share Posted July 24, 2009 Please help. I am very very very new to php, but I know a very little, and can do HTML and CSS. I have asked a php programmer to develop a survey site for a client. There are two things which are not working on the site, and I can not get hold of the programmer to rectify, so I was trying to have a go myself. I have a survey facility that has two things: First a client adds the survey questions in a CMS. Then, for someone to participate in the survey the participant must enter a password and user name to access the survey. First question - all users of the survey have the same user name and password (that's the way I want it!). However the php programmer has developed the site so that only one person can access the site with a user name and password (which is wrong). Second, I have entered one question in the survey to test, with three multiple choice answers. I have logged into the survey myself, and answered the question - with one of the multiple choice answers. However the resulting solution gives me a result which says 33.3% of the people selected answer 3 - which is wrong as only one person (myself) participated, and I only selected answer three - so the result should be 100% for answer 3. I need some help correcting this please. I am a novice, and don't know where to start. Any help please :'( This is the code of the resulting survey result file - can anyone see where it is wrong: <?php include('apptop.php'); include('session.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <? include('meta.php');?> <link rel="stylesheet" href="css/style.css" type="text/css" /> <title><?=SITE_TITLE?> - Survey Results</title> </head> <body> <div id="wrap"> <?php include('header.php');?> <div id="content-wrap"> <img src="images/headerphoto.jpg" width="820" height="120" alt="headerphoto" class="no-border" /> <?php include('leftnav.php');?> <div id="main"> <a name="TemplateInfo"></a> <h1>Survey Results </h1> <p> <table width='100%' align='center' border='0' cellspacing='1' cellpadding='3'> <form method=post action=surveyresults.php> <input name="memberid" type="hidden" value="<?=$memberid?>"> <tr> <td height='16' class='header' colspan='3'> </td> </tr> <? if(!empty($del)) { $delAns = "delete from ans where quest_id = \"$questid\""; $resAns = mysql_query($delAns); $q1 = "delete from quest where quest_id = \"$questid\""; $r1 = mysql_query($q1) or die(mysql_error()); echo " <tr> <td height='16' colspan='3' class='header'>The Question was successfully deleted</td> </tr> "; ?> <META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>"> <? } ?> <? if(!empty($delans)) { $q1 = "delete from ans where ans_id = \"$ansid\""; $r1 = mysql_query($q1) or die(mysql_error()); echo " <tr> <td height='16' colspan='3' class='header'>The answer was successfully deleted</td> </tr> "; ?> <META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>"> <? } ?> <!--<tr> <td class=text valign=top width=15%>Select Section:</td> <td class=text valign=top width=10%> <select name="section"> <option value="">Select One</option> <option value="Front End">Front End</option> <option value="Jobseekers">Jobseekers</option> <option value="Employers">Employers</option> </select> </td> <td class=text valign=top><input type=submit name=submit value="Search"></td> </tr>--> <tr> <td colspan=3 class="text"> <? $memberid = $_SESSION['memberID']; $display = $a18[results]; $pg = (isset($_REQUEST['pg']) && ctype_digit($_REQUEST['pg'])) ? $_REQUEST['pg'] : 1; $start = $display * $pg - $display; $result = mysql_query("SELECT count(*) from quest where member_id= $memberid ");// $total = mysql_result($result, 0); $query = mysql_query("SELECT * from quest where member_id= $memberid order by quest_id desc limit $start, $display"); //where member_id= $memberid if($total == '0') { echo " <table width='100%' border='0' cellpadding='5' cellspacing='0' class='box'> <tr> <td valign='top' class='text'>There are currently no Questions in the database</td> </tr> </table>"; exit; } $arrColor[0]="800000"; $arrColor[1]="0000FF"; $arrColor[2]="008800"; $arrColor[3]="FF0000"; $arrColor[4]="006600"; $arrColor[5]="CC0033"; $arrColor[6]="0000CC"; $arrColor[7]="A4A01E"; $arrColor[8]="CA6500"; $arrColor[9]="E407CE"; $arrColor[10]="FF0000"; while($a2 = mysql_fetch_array($query)) { $selAns = "select * from ans where quest_id='$a2[quest_id]'"; $resAns = mysql_query($selAns); $numRowAns = mysql_num_rows($resAns); ?> <table width='100%' border='0' cellpadding='5' cellspacing='5'> <tr> <td width="6%" class='text'>Question:</td> <td width="94%" valign='top' class='text'><?=$a2['quest_question']?></td> </tr> <?php if($numRowAns>0) {$i=0; while($a2Ans = mysql_fetch_array($resAns)) { $selSurRes = "SELECT count(*) FROM surveyresults where quest_id='".$a2[quest_id]."' and ans_id='".$a2Ans['ans_id']."'"; // list($ansDV) = arrayQuery($selSurRes); $percn=($ansDV/$numRowAns)*100; if($ansDV>0){$ansATT='(Member Answer)';$percentageYes = 100;}else{$ansATT='';$percentageYes = '';} $per = (int)(100 * $ansDV/$numRowAns); $rowGetResults=mysql_num_rows($resAns); $percentageYes=($ansDV * 100)/$numRowAns; $percentageNo=100-$percentageYes; ?> <tr> <td class='text'>Answer:</td> <td class='text' valign='top' title="Answered Number: <?=$ansDV?> - Total Answer Number: <?=$numRowAns?>"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="100%" align="left" class="text"> <?=$a2Ans['ans_answer']?> <? /*if(!$percn==0){?> <table border="0" height="10" width="<?=$percn?>%" bgcolor="#<?=$arrColor[$i]?>"><tr><td></td></tr></table> <? }else{?> <table height="10" border="0"><tr><td><td><?=number_format($percn,2, '.', '');?></tr></table> <? }*/?> </td> <td> <table width="300" border="0" cellspacing="0" cellpadding="0" style="border:#999999 1px solid;"> <?php if($percentageYes == '0') {?> <tr><td width="100%" bgcolor="#FFFFFF" class="text"><b>0%</b></td></tr> <?php } elseif($percentageYes == '100') {?> <tr><td width="100%" bgcolor="#2884C8" class="text"><b>100%</b></td></tr> <?php } else { ?> <tr><td width="<?=$percentageYes?>%" bgcolor="#2884C8" class="text"><b><?=round($percentageYes,2)?>%</b></td> <td width="<?=100-$percentageYes?>%" bgcolor="#FFFFFF"> </td></tr> <?php } ?> </table> </td> </tr> </table> </td> </tr> <?php $i++; } } ?> <tr> <td colspan=2><hr style='background-color: rgb(204, 204, 204);' width='100%' size='1' noshade='noshade' color='#cccccc'><br /></td> </tr> </table> <? } ?> <table width='100%' border='0' cellpadding='5' cellspacing='0'> <tr> <td height='15' align='center' class='text'> <? function paginate($display, $pg, $total) { /* make sure pagination doesn't interfere with other query string variables */ if(isset($_SERVER['QUERY_STRING']) && trim( $_SERVER['QUERY_STRING']) != '') { if(stristr($_SERVER['QUERY_STRING'], 'pg=')) $query_str = '?'.preg_replace('/pg=\d+/', 'pg=', $_SERVER['QUERY_STRING']); else $query_str = '?'.$_SERVER['QUERY_STRING'].'&pg='; } else $query_str = '?pg='; /* find out how many pages we have */ $pages = ($total <= $display) ? 1 : ceil($total / $display); /* create the links */ $first = '<a href="'.$_SERVER['PHP_SELF'].$query_str.'1">First </a>'; $prev = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg - 1).'"> Previous</a>'; $next = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg + 1).'"> Next</a>'; $last = '<a href="'.$_SERVER['PHP_SELF'].$query_str.$pages.'">Last</a>'; /* display opening navigation */ echo '<div><p align="center">'; echo ($pg > 1) ? "$first : $prev :" : '« : ‹ :'; /* limit the number of page links displayed */ $begin = $pg - 4; while($begin < 1) $begin++; $end = $pg + 4; while($end > $pages) $end--; for($i=$begin; $i<=$end; $i++) echo ($i == $pg) ? ' ['.$i.'] ' : ' <a href="'. $_SERVER['PHP_SELF'].$query_str.$i.'">'.$i.'</a> '; /* display ending navigation */ echo ($pg < $pages) ? ": $next : $last" : ': › : »'; echo '</p></div>'; } paginate($display, $pg, $total); ?> </td> </tr> </table> </td> </tr> </form> </table> </p> </div> <?php include('rightnav.php');?> </div> <?php include('footer.php')?> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/167266-php-help-with-survey-site-please/ Share on other sites More sharing options...
jonsjava Posted July 26, 2009 Share Posted July 26, 2009 The person who coded your site was a novice as well. They used <?= which is short code. That's ok, I guess, if you are certain that the server allows that. They also used $_REQUEST. This is something all script kiddies love to see when attempting to hack a site. Lets say that you have a form, and it posts to another script to parse, then you are expecting to use $_POST to be what the data is, but if someone knows your variables, they can inject via the $_GET method. Also, he opens and closes PHP for no reason (take note of lines 54-58). In short: this script is so messed up it would be easier to scrap it and start over. Link to comment https://forums.phpfreaks.com/topic/167266-php-help-with-survey-site-please/#findComment-882959 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.