Jump to content

PHP Help with survey site please

DarrenH

By DarrenH
in Third Party Scripts

Recommended Posts

DarrenH Newbie

DarrenH

Posted
Posted

 

 

Please help. I am very very very new to php, but I know a very little, and can do HTML and CSS.

 

I have asked a php programmer to develop a survey site for a client. There are two things which are not working on the site, and I can not get hold of the programmer to rectify, so I was trying to have a go myself.

 

I have a survey facility that has two things:

 

First a client adds the survey questions in a CMS. Then, for someone to participate in the survey the participant must enter a password and user name to access the survey.

 

First question - all users of the survey have the same user name and password (that's the way I want it!). However the php programmer has developed the site so that only one person can access the site with a user name and password (which is wrong).

 

Second, I have entered one question in the survey to test, with three multiple choice answers. I have logged into the survey myself, and answered the question - with one of the multiple choice answers. However the resulting solution gives me  a result which says 33.3% of the people selected answer 3 - which is wrong as only one person (myself) participated, and I only selected answer three - so the result should be 100% for answer 3.

 

I need some help correcting this please. I am a novice, and don't know where to start.

 

Any help please :'(

 

This is the code of the resulting survey result file - can anyone see where it is wrong:

 

<?php

include('apptop.php');

include('session.php');

?>

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<? include('meta.php');?>

<link rel="stylesheet" href="css/style.css" type="text/css" />

<title><?=SITE_TITLE?> - Survey Results</title>

</head>

<body>

<div id="wrap">

 

<?php include('header.php');?>

 

 

<div id="content-wrap">

 

<img src="images/headerphoto.jpg" width="820" height="120" alt="headerphoto" class="no-border" />

 

<?php include('leftnav.php');?>

 

  <div id="main">

 

<a name="TemplateInfo"></a>

<h1>Survey Results </h1>

<p>

 

<table width='100%' align='center' border='0' cellspacing='1' cellpadding='3'>

<form method=post action=surveyresults.php>

<input name="memberid" type="hidden" value="<?=$memberid?>">

<tr>

<td height='16' class='header' colspan='3'> </td>

</tr>

<?

if(!empty($del))

{

 

$delAns = "delete from ans where quest_id = \"$questid\"";

$resAns = mysql_query($delAns);

 

$q1 = "delete from quest where quest_id = \"$questid\"";

$r1 = mysql_query($q1) or die(mysql_error());

 

echo "

<tr>

<td height='16' colspan='3' class='header'>The Question was successfully deleted</td>

</tr>

";

?>

<META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>">

<?

}

?>

 

<?

if(!empty($delans))

{

$q1 = "delete from ans where ans_id = \"$ansid\"";

$r1 = mysql_query($q1) or die(mysql_error());

 

echo "

<tr>

<td height='16' colspan='3' class='header'>The answer was successfully deleted</td>

</tr>

";

?>

<META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>">

<?

}

?>

 

<!--<tr>

<td class=text valign=top width=15%>Select Section:</td>

<td class=text valign=top width=10%>

<select name="section">

<option value="">Select One</option>

<option value="Front End">Front End</option>

<option value="Jobseekers">Jobseekers</option>

<option value="Employers">Employers</option>

</select>

</td>

<td class=text valign=top><input type=submit name=submit value="Search"></td>

</tr>-->

<tr>

<td colspan=3 class="text">

<?

$memberid = $_SESSION['memberID'];

$display = $a18[results];

$pg = (isset($_REQUEST['pg']) && ctype_digit($_REQUEST['pg'])) ?

$_REQUEST['pg'] : 1;

$start = $display * $pg - $display;

 

$result = mysql_query("SELECT count(*) from quest where member_id= $memberid ");//

$total = mysql_result($result, 0);

$query = mysql_query("SELECT * from quest  where member_id= $memberid order by quest_id desc limit $start, $display"); //where member_id= $memberid

 

if($total == '0')

{

echo "

<table width='100%' border='0' cellpadding='5' cellspacing='0' class='box'>

 

  <tr>

    <td valign='top' class='text'>There are currently no Questions in the database</td>

  </tr>

</table>";

exit;

}

$arrColor[0]="800000";

$arrColor[1]="0000FF";

$arrColor[2]="008800";

$arrColor[3]="FF0000";

$arrColor[4]="006600";

$arrColor[5]="CC0033";

$arrColor[6]="0000CC";

$arrColor[7]="A4A01E";

$arrColor[8]="CA6500";

$arrColor[9]="E407CE";

$arrColor[10]="FF0000";

 

while($a2 = mysql_fetch_array($query))

{

$selAns = "select * from ans where quest_id='$a2[quest_id]'";

$resAns = mysql_query($selAns);

$numRowAns = mysql_num_rows($resAns);

?>

<table width='100%' border='0' cellpadding='5' cellspacing='5'>

 

  <tr>

    <td width="6%" class='text'>Question:</td>

    <td width="94%" valign='top' class='text'><?=$a2['quest_question']?></td>

  </tr>

<?php

 

if($numRowAns>0)

{$i=0;

while($a2Ans = mysql_fetch_array($resAns))

{

 

 

$selSurRes = "SELECT count(*) FROM surveyresults where  quest_id='".$a2[quest_id]."' and ans_id='".$a2Ans['ans_id']."'"; //

list($ansDV) = arrayQuery($selSurRes);

  $percn=($ansDV/$numRowAns)*100;

if($ansDV>0){$ansATT='(Member Answer)';$percentageYes = 100;}else{$ansATT='';$percentageYes = '';}

 

$per = (int)(100 * $ansDV/$numRowAns);

$rowGetResults=mysql_num_rows($resAns);

$percentageYes=($ansDV * 100)/$numRowAns;

$percentageNo=100-$percentageYes;

 

 

 

?>

  <tr>

    <td class='text'>Answer:</td>

    <td class='text' valign='top' title="Answered Number: <?=$ansDV?> - Total Answer Number: <?=$numRowAns?>">

 

 

 

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td width="100%"  align="left" class="text">

<?=$a2Ans['ans_answer']?>

 

<? /*if(!$percn==0){?>

                    <table  border="0" height="10" width="<?=$percn?>%" bgcolor="#<?=$arrColor[$i]?>"><tr><td></td></tr></table>

                    <? }else{?>

                    <table height="10" border="0"><tr><td><td><?=number_format($percn,2, '.', '');?></tr></table>

                    <? }*/?> 

</td>

<td>

<table width="300" border="0" cellspacing="0" cellpadding="0" style="border:#999999 1px solid;">

<?php 

if($percentageYes == '0')

{?>

<tr><td width="100%" bgcolor="#FFFFFF"  class="text"><b>0%</b></td></tr>

<?php

}

elseif($percentageYes == '100')

{?>

<tr><td width="100%" bgcolor="#2884C8"  class="text"><b>100%</b></td></tr>

<?php

}

else

{

?>

<tr><td width="<?=$percentageYes?>%" bgcolor="#2884C8"  class="text"><b><?=round($percentageYes,2)?>%</b></td>

<td width="<?=100-$percentageYes?>%" bgcolor="#FFFFFF"> </td></tr>

<?php

}

?>

 

</table>

</td>

</tr>

</table>

</td>

  </tr>

  <?php

  $i++;

  }

  }

  ?>

  <tr>

    <td colspan=2><hr style='background-color: rgb(204, 204, 204);' width='100%' size='1' noshade='noshade' color='#cccccc'><br /></td>

  </tr>

 

</table>

<?

}

?>

<table width='100%' border='0' cellpadding='5' cellspacing='0'>

<tr>

<td height='15' align='center' class='text'>

<?

function paginate($display, $pg, $total) {

  /* make sure pagination doesn't interfere with other query

string variables */

 

  if(isset($_SERVER['QUERY_STRING']) && trim(

    $_SERVER['QUERY_STRING']) != '') {

    if(stristr($_SERVER['QUERY_STRING'], 'pg='))

      $query_str = '?'.preg_replace('/pg=\d+/', 'pg=',

        $_SERVER['QUERY_STRING']);

    else

      $query_str = '?'.$_SERVER['QUERY_STRING'].'&pg=';

  } else

    $query_str = '?pg=';

   

  /* find out how many pages we have */

  $pages = ($total <= $display) ? 1 : ceil($total / $display);

   

  /* create the links */

  $first = '<a href="'.$_SERVER['PHP_SELF'].$query_str.'1">First

</a>';

  $prev = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg - 1).'">

Previous</a>';

  $next = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg + 1).'">

Next</a>';

  $last = '<a href="'.$_SERVER['PHP_SELF'].$query_str.$pages.'">Last</a>';

 

  /* display opening navigation */

  echo '<div><p align="center">';

  echo ($pg > 1) ? "$first : $prev :" : '&#171; : &#139; :';

 

  /* limit the number of page links displayed */

  $begin = $pg - 4;

  while($begin < 1)

    $begin++;

  $end = $pg + 4;

  while($end > $pages)

    $end--;

  for($i=$begin; $i<=$end; $i++)

    echo ($i == $pg) ? ' ['.$i.'] ' : ' <a href="'.

      $_SERVER['PHP_SELF'].$query_str.$i.'">'.$i.'</a> ';

   

  /* display ending navigation */

  echo ($pg < $pages) ? ": $next : $last" : ': &#155; : &#187;';

  echo '</p></div>';

}

paginate($display, $pg, $total);

?>

</td>

</tr>

</table>

</td>

</tr>

</form>

</table>

</p>

  </div>

 

<?php include('rightnav.php');?>

 

 

</div>

 

 

<?php include('footer.php')?>

 

 

 

</div>

 

</body>

</html>

 

Link to comment
https://forums.phpfreaks.com/topic/167266-php-help-with-survey-site-please/
Share on other sites
jonsjava Member

jonsjava

Posted
Posted

The person who coded your site was a novice as well.  They used <?= which is short code. That's ok, I guess, if you are certain that the server allows that.  They also used $_REQUEST.  This is something all script kiddies love to see when attempting to hack a site.  Lets say that you have a form, and it posts to another script to parse, then you are expecting to use $_POST to be what the data is, but if someone knows your variables, they can inject via the $_GET method.

Also, he opens and closes PHP for no reason (take note of lines 54-58). 

 

In short: this script is so messed up it would be easier to scrap it and start over.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.