Jump to content

Recommended Posts

 

 

Please help. I am very very very new to php, but I know a very little, and can do HTML and CSS.

 

I have asked a php programmer to develop a survey site for a client. There are two things which are not working on the site, and I can not get hold of the programmer to rectify, so I was trying to have a go myself.

 

I have a survey facility that has two things:

 

First a client adds the survey questions in a CMS. Then, for someone to participate in the survey the participant must enter a password and user name to access the survey.

 

First question - all users of the survey have the same user name and password (that's the way I want it!). However the php programmer has developed the site so that only one person can access the site with a user name and password (which is wrong).

 

Second, I have entered one question in the survey to test, with three multiple choice answers. I have logged into the survey myself, and answered the question - with one of the multiple choice answers. However the resulting solution gives me  a result which says 33.3% of the people selected answer 3 - which is wrong as only one person (myself) participated, and I only selected answer three - so the result should be 100% for answer 3.

 

I need some help correcting this please. I am a novice, and don't know where to start.

 

Any help please :'(

 

This is the code of the resulting survey result file - can anyone see where it is wrong:

 

<?php

include('apptop.php');

include('session.php');

?>

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<? include('meta.php');?>

<link rel="stylesheet" href="css/style.css" type="text/css" />

<title><?=SITE_TITLE?> - Survey Results</title>

</head>

<body>

<div id="wrap">

 

<?php include('header.php');?>

 

 

<div id="content-wrap">

 

<img src="images/headerphoto.jpg" width="820" height="120" alt="headerphoto" class="no-border" />

 

<?php include('leftnav.php');?>

 

  <div id="main">

 

<a name="TemplateInfo"></a>

<h1>Survey Results </h1>

<p>

 

<table width='100%' align='center' border='0' cellspacing='1' cellpadding='3'>

<form method=post action=surveyresults.php>

<input name="memberid" type="hidden" value="<?=$memberid?>">

<tr>

<td height='16' class='header' colspan='3'> </td>

</tr>

<?

if(!empty($del))

{

 

$delAns = "delete from ans where quest_id = \"$questid\"";

$resAns = mysql_query($delAns);

 

$q1 = "delete from quest where quest_id = \"$questid\"";

$r1 = mysql_query($q1) or die(mysql_error());

 

echo "

<tr>

<td height='16' colspan='3' class='header'>The Question was successfully deleted</td>

</tr>

";

?>

<META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>">

<?

}

?>

 

<?

if(!empty($delans))

{

$q1 = "delete from ans where ans_id = \"$ansid\"";

$r1 = mysql_query($q1) or die(mysql_error());

 

echo "

<tr>

<td height='16' colspan='3' class='header'>The answer was successfully deleted</td>

</tr>

";

?>

<META HTTP-EQUIV="refresh" content="1;URL=questions.php?pg=<?=$pg?>&memberid=<?=$memberid?>">

<?

}

?>

 

<!--<tr>

<td class=text valign=top width=15%>Select Section:</td>

<td class=text valign=top width=10%>

<select name="section">

<option value="">Select One</option>

<option value="Front End">Front End</option>

<option value="Jobseekers">Jobseekers</option>

<option value="Employers">Employers</option>

</select>

</td>

<td class=text valign=top><input type=submit name=submit value="Search"></td>

</tr>-->

<tr>

<td colspan=3 class="text">

<?

$memberid = $_SESSION['memberID'];

$display = $a18[results];

$pg = (isset($_REQUEST['pg']) && ctype_digit($_REQUEST['pg'])) ?

$_REQUEST['pg'] : 1;

$start = $display * $pg - $display;

 

$result = mysql_query("SELECT count(*) from quest where member_id= $memberid ");//

$total = mysql_result($result, 0);

$query = mysql_query("SELECT * from quest  where member_id= $memberid order by quest_id desc limit $start, $display"); //where member_id= $memberid

 

if($total == '0')

{

echo "

<table width='100%' border='0' cellpadding='5' cellspacing='0' class='box'>

 

  <tr>

    <td valign='top' class='text'>There are currently no Questions in the database</td>

  </tr>

</table>";

exit;

}

$arrColor[0]="800000";

$arrColor[1]="0000FF";

$arrColor[2]="008800";

$arrColor[3]="FF0000";

$arrColor[4]="006600";

$arrColor[5]="CC0033";

$arrColor[6]="0000CC";

$arrColor[7]="A4A01E";

$arrColor[8]="CA6500";

$arrColor[9]="E407CE";

$arrColor[10]="FF0000";

 

while($a2 = mysql_fetch_array($query))

{

$selAns = "select * from ans where quest_id='$a2[quest_id]'";

$resAns = mysql_query($selAns);

$numRowAns = mysql_num_rows($resAns);

?>

<table width='100%' border='0' cellpadding='5' cellspacing='5'>

 

  <tr>

    <td width="6%" class='text'>Question:</td>

    <td width="94%" valign='top' class='text'><?=$a2['quest_question']?></td>

  </tr>

<?php

 

if($numRowAns>0)

{$i=0;

while($a2Ans = mysql_fetch_array($resAns))

{

 

 

$selSurRes = "SELECT count(*) FROM surveyresults where  quest_id='".$a2[quest_id]."' and ans_id='".$a2Ans['ans_id']."'"; //

list($ansDV) = arrayQuery($selSurRes);

  $percn=($ansDV/$numRowAns)*100;

if($ansDV>0){$ansATT='(Member Answer)';$percentageYes = 100;}else{$ansATT='';$percentageYes = '';}

 

$per = (int)(100 * $ansDV/$numRowAns);

$rowGetResults=mysql_num_rows($resAns);

$percentageYes=($ansDV * 100)/$numRowAns;

$percentageNo=100-$percentageYes;

 

 

 

?>

  <tr>

    <td class='text'>Answer:</td>

    <td class='text' valign='top' title="Answered Number: <?=$ansDV?> - Total Answer Number: <?=$numRowAns?>">

 

 

 

<table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td width="100%"  align="left" class="text">

<?=$a2Ans['ans_answer']?>

 

<? /*if(!$percn==0){?>

                    <table  border="0" height="10" width="<?=$percn?>%" bgcolor="#<?=$arrColor[$i]?>"><tr><td></td></tr></table>

                    <? }else{?>

                    <table height="10" border="0"><tr><td><td><?=number_format($percn,2, '.', '');?></tr></table>

                    <? }*/?> 

</td>

<td>

<table width="300" border="0" cellspacing="0" cellpadding="0" style="border:#999999 1px solid;">

<?php 

if($percentageYes == '0')

{?>

<tr><td width="100%" bgcolor="#FFFFFF"  class="text"><b>0%</b></td></tr>

<?php

}

elseif($percentageYes == '100')

{?>

<tr><td width="100%" bgcolor="#2884C8"  class="text"><b>100%</b></td></tr>

<?php

}

else

{

?>

<tr><td width="<?=$percentageYes?>%" bgcolor="#2884C8"  class="text"><b><?=round($percentageYes,2)?>%</b></td>

<td width="<?=100-$percentageYes?>%" bgcolor="#FFFFFF"> </td></tr>

<?php

}

?>

 

</table>

</td>

</tr>

</table>

</td>

  </tr>

  <?php

  $i++;

  }

  }

  ?>

  <tr>

    <td colspan=2><hr style='background-color: rgb(204, 204, 204);' width='100%' size='1' noshade='noshade' color='#cccccc'><br /></td>

  </tr>

 

</table>

<?

}

?>

<table width='100%' border='0' cellpadding='5' cellspacing='0'>

<tr>

<td height='15' align='center' class='text'>

<?

function paginate($display, $pg, $total) {

  /* make sure pagination doesn't interfere with other query

string variables */

 

  if(isset($_SERVER['QUERY_STRING']) && trim(

    $_SERVER['QUERY_STRING']) != '') {

    if(stristr($_SERVER['QUERY_STRING'], 'pg='))

      $query_str = '?'.preg_replace('/pg=\d+/', 'pg=',

        $_SERVER['QUERY_STRING']);

    else

      $query_str = '?'.$_SERVER['QUERY_STRING'].'&pg=';

  } else

    $query_str = '?pg=';

   

  /* find out how many pages we have */

  $pages = ($total <= $display) ? 1 : ceil($total / $display);

   

  /* create the links */

  $first = '<a href="'.$_SERVER['PHP_SELF'].$query_str.'1">First

</a>';

  $prev = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg - 1).'">

Previous</a>';

  $next = '<a href="'.$_SERVER['PHP_SELF'].$query_str.($pg + 1).'">

Next</a>';

  $last = '<a href="'.$_SERVER['PHP_SELF'].$query_str.$pages.'">Last</a>';

 

  /* display opening navigation */

  echo '<div><p align="center">';

  echo ($pg > 1) ? "$first : $prev :" : '&#171; : &#139; :';

 

  /* limit the number of page links displayed */

  $begin = $pg - 4;

  while($begin < 1)

    $begin++;

  $end = $pg + 4;

  while($end > $pages)

    $end--;

  for($i=$begin; $i<=$end; $i++)

    echo ($i == $pg) ? ' ['.$i.'] ' : ' <a href="'.

      $_SERVER['PHP_SELF'].$query_str.$i.'">'.$i.'</a> ';

   

  /* display ending navigation */

  echo ($pg < $pages) ? ": $next : $last" : ': &#155; : &#187;';

  echo '</p></div>';

}

paginate($display, $pg, $total);

?>

</td>

</tr>

</table>

</td>

</tr>

</form>

</table>

</p>

  </div>

 

<?php include('rightnav.php');?>

 

 

</div>

 

 

<?php include('footer.php')?>

 

 

 

</div>

 

</body>

</html>

 

Link to comment
https://forums.phpfreaks.com/topic/167266-php-help-with-survey-site-please/
Share on other sites

The person who coded your site was a novice as well.  They used <?= which is short code. That's ok, I guess, if you are certain that the server allows that.  They also used $_REQUEST.  This is something all script kiddies love to see when attempting to hack a site.  Lets say that you have a form, and it posts to another script to parse, then you are expecting to use $_POST to be what the data is, but if someone knows your variables, they can inject via the $_GET method.

Also, he opens and closes PHP for no reason (take note of lines 54-58). 

 

In short: this script is so messed up it would be easier to scrap it and start over.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.