Jump to content

Quiz script. It works. HOWTO improve it.

quizzical

By quizzical
in PHP Coding Help

Recommended Posts

quizzical Newbie

quizzical

Posted
Posted

Hello! I've made completely by myself this script for a quiz which uses mysql.

I'm looking now for help in order to:

1) make it more secure,

2) achieve the same result with less code

3) find a way of quering less the mysql database

I know in this forum there is people more experienced than me.

Even a quick glance would mean a lot.

 

ELABORATE PAGE

<?php

session_start();

  require("config.php");

  $homepage = new Page();

  $homepage->DisplayHead();

  $whichquiz=$_POST['whichquiz'];
  $howmany=$_POST['howmany'];

  if (!$whichquiz || !$howmany) {
     echo 'Devi selezionare un quiz e il numero di domande.';
     exit;
  }

  if (!get_magic_quotes_gpc()){
    $whichquiz = addslashes($whichquiz);
    $howmany = addslashes($howmany);
  }

  @ $db = new mysqli('localhost', 'root', 'password', 'database');

  if (mysqli_connect_errno()) {
     echo 'Errore: Impossibile connettersi al database.';
     exit;
  }

  $query = "select * from $whichquiz order by rand() limit $howmany";
  $picked_questions = $db->query($query);

  echo "<div id=\"q_and_r_container\">";
  echo "<div id=\"left_q_and_r\"></div>";
  echo "<div id=\"right_q_and_r\">";
  echo "<p class=\"left_quiz\">".htmlentities(stripslashes($howmany))." domande su ".htmlentities(stripslashes($whichquiz))."</p>";

  echo "<form action=\"results.php\" method=\"post\" name=\"questions\">";
  $a = 0;
  $quante_caselle = 0;
  for ($i=0; $i <$howmany; $i++) {
     $row = $picked_questions->fetch_assoc();
     echo "<p class=\"left_quiz\">";
     echo "<strong>".($i+1).") ";
     echo $row['q'];
     echo "</strong>";
     $correct = $row['correct'];
     $correct2 = $row['correct2'];
$x1 = $row['a1'];
$x2 = $row['a2'];
$x3 = $row['a3'];
$x4 = $row['a4'];
if ($x1 != "") {
  if ($correct == "a" || $correct2 == "a") {
     $a1 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a1'];
$quante_caselle++;
     }
  else {
     $a1 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a1'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }
if ($x2 != "") {
  if ($correct == "b" || $correct2 == "b") {
     $a2 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a2'];
$quante_caselle++;
     }
  else {
     $a2 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a2'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }
if ($x3 != "") {
  if ($correct == "c" || $correct2 == "c") {
     $a3 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a3'];
$quante_caselle++;
     }
  else {
     $a3 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a3'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }
if ($x4 != "") {
  if ($correct == "d" || $correct2 == "d") {
     $a4 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a4'];
$quante_caselle++;
     }
  else {
     $a4 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a4'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }

if ($x4 != "") {
     $shuffle_answers_array = array($a1,$a2,$a3,$a4);
     shuffle($shuffle_answers_array);
     $Sa1 = $shuffle_answers_array['0'];
     $Sa2 = $shuffle_answers_array['1'];
     $Sa3 = $shuffle_answers_array['2'];
     $Sa4 = $shuffle_answers_array['3'];
     echo "<br />";
     echo $Sa1;
     echo "<br />";
     echo $Sa2;
     echo "<br />";
     echo $Sa3;
     echo "<br />";
     echo $Sa4;
     }
elseif ($x4 == "" && $x3 != "") {
     $shuffle_answers_array = array($a1,$a2,$a3);
     shuffle($shuffle_answers_array);
     $Sa1 = $shuffle_answers_array['0'];
     $Sa2 = $shuffle_answers_array['1'];
     $Sa3 = $shuffle_answers_array['2'];
     echo "<br />";
     echo $Sa1;
     echo "<br />";
     echo $Sa2;
     echo "<br />";
     echo $Sa3;
     }
elseif ($x3 == "" && $x2 != "") {
     $shuffle_answers_array = array($a1,$a2);
     shuffle($shuffle_answers_array);
     $Sa1 = $shuffle_answers_array['0'];
     $Sa2 = $shuffle_answers_array['1'];
     echo "<br />";
     echo $Sa1;
     echo "<br />";
     echo $Sa2;
     }

     echo "</p>";

    $id[$i] = $row['id'];

  }

  $_SESSION['whichquiz'] = $whichquiz;
  $_SESSION['howmany'] = $howmany;

  $_SESSION['id1'] = $id[0];
  $_SESSION['id2'] = $id[1];
  $_SESSION['id3'] = $id[2];
  $_SESSION['id4'] = $id[3];
  $_SESSION['id5'] = $id[4];
  $_SESSION['id6'] = $id[5];
  $_SESSION['id7'] = $id[6];
  $_SESSION['id8'] = $id[7];
  $_SESSION['id9'] = $id[8];
  $_SESSION['id10'] = $id[9];
  $_SESSION['id11'] = $id[10];
  $_SESSION['id12'] = $id[11];
  $_SESSION['id13'] = $id[12];
  $_SESSION['id14'] = $id[13];
  $_SESSION['id15'] = $id[14];
  $_SESSION['id16'] = $id[15];
  $_SESSION['id17'] = $id[16];
  $_SESSION['id18'] = $id[17];
  $_SESSION['id19'] = $id[18];
  $_SESSION['id20'] = $id[19];

  $_SESSION['quantecaselle'] = $quante_caselle;

  echo "<input type=\"submit\" name=\"submit\" value=\"Risultati\" />";
  echo "<input type=\"button\" name=\"button1\" value=\"Torna su\" onClick=\"location.href='#top';\" />";
  echo "<input type=\"button\" name=\"button2\" value=\"Reset\" onClick=\"document.questions.reset()\" />";
  echo "<input type=\"button\" name=\"button3\" value=\"Nuovo\" onClick=\"location.href='quiz.php';\" />";
  echo "</p>";
  echo "</form>";
  echo "</div>";
  echo "<div id=\"stopcolonne\"></div>";
  echo "</div>";

  $picked_questions->free();
  $db->close();

  $homepage->DisplayFoot();

?>

 

RESULT PAGE

<?php

session_start();

  require("config.php");

  $homepage = new Page();

  $homepage->DisplayHead();

$whichquiz = $_SESSION['whichquiz'];
$howmany = $_SESSION['howmany'];
$id1 = $_SESSION['id1'];
$id2 = $_SESSION['id2'];
$id3 = $_SESSION['id3'];
$id4 = $_SESSION['id4'];
$id5 = $_SESSION['id5'];
$id6 = $_SESSION['id6'];
$id7 = $_SESSION['id7'];
$id8 = $_SESSION['id8'];
$id9 = $_SESSION['id9'];
$id10 = $_SESSION['id10'];
$id11 = $_SESSION['id11'];
$id12 = $_SESSION['id12'];
$id13 = $_SESSION['id13'];
$id14 = $_SESSION['id14'];
$id15 = $_SESSION['id15'];
$id16 = $_SESSION['id16'];
$id17 = $_SESSION['id17'];
$id18 = $_SESSION['id18'];
$id19 = $_SESSION['id19'];
$id20 = $_SESSION['id20'];
$quante_caselle = $_SESSION['quantecaselle'];

if ($howmany == "5")
{
$array_id = array($id1,$id2,$id3,$id4,$id5);
}
if ($howmany == "10")
{
$array_id = array($id1,$id2,$id3,$id4,$id5,$id6,$id7,$id8,$id9,$id10);
}
if ($howmany == "20")
{
$array_id = array($id1,$id2,$id3,$id4,$id5,$id6,$id7,$id8,$id9,$id10,$id11,$id12,$id13,$id14,$id15,$id16,$id17,$id18,$id19,$id20);
}

  if (!get_magic_quotes_gpc()){
  for ($i=0; $i < $quante_caselle; $i++) {
  $array_id2[$i] = addslashes($_POST[$i]);
  }
  }
else
  {
  for ($i=0; $i < $quante_caselle; $i++) {
  $array_id2[$i] = $_POST[$i];
  }
  }

  echo "<div id=\"q_and_r_container\">";
  echo "<div id=\"left_q_and_r\"></div>";
  echo "<div id=\"right_q_and_r\">";
  echo "<p class=\"left_quiz\">".htmlentities(stripslashes($howmany))." domande su ".htmlentities(stripslashes($whichquiz))."</p>";

@ $db = mysqli_connect('localhost', 'root', 'password', 'database');

  if (mysqli_connect_errno()) {
     echo 'Errore: Impossibile connettersi al database.';
     exit;
  }

$question=1;
$f=0;
$score=0;

foreach ($array_id as $key => $value) {
  $query = "select * from $whichquiz where id = $value";
  $corrispondent_question = mysqli_query($db, $query);
  $row = mysqli_fetch_assoc($corrispondent_question);
     echo "<p class=\"left_quiz\">";
     echo "<strong>".($question++).") ";
     echo $row['q'];
     echo "</strong>";
     echo "<br />";

if (($array_id2[$f] != "") && ($row[correct] == "a"))
{
  echo "<font color=\"green\"><b>".$row[a1]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "a"))
{
  echo "<font color=\"green\">".$row[a1]."</font>"; $f++; echo "<br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "a"))
{
  echo "<font color=\"red\"><b>".$row[a1]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />";
}
else
{
  echo $row[a1]; $f++; echo "<br />";
}



if (($array_id2[$f] != "") && ($row[correct] == "b"))
{
  echo "<font color=\"green\"><b>".$row[a2]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "b"))
{
  echo "<font color=\"green\">".$row[a2]."</font>"; $f++; echo "<br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "b"))
{
  echo "<font color=\"red\"><b>".$row[a2]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />";
}
else
{
  echo $row[a2]; $f++; echo "<br />";
}



if ($row[a3] != "")
{
if (($array_id2[$f] != "") && ($row[correct] == "c"))
{
  echo "<font color=\"green\"><b>".$row[a3]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "c"))
{
  echo "<font color=\"green\">".$row[a3]."</font>"; $f++; echo "<br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "c"))
{
  echo "<font color=\"red\"><b>".$row[a3]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />";
}
else
{
  echo $row[a3]; $f++; echo "<br />";
}
}
else
{
  $f++;
}


if ($row[a4] != "")
{
if (($array_id2[$f] != "") && ($row[correct] == "d"))
{
  echo "<font color=\"green\"><b>".$row[a4]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br /><br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "d"))
{
  echo "<font color=\"green\">".$row[a4]."</font>"; $f++; echo "<br /><br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "d"))
{
  echo "<font color=\"red\"><b>".$row[a4]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br /><br />";
}
else
{
  echo $row[a4]; $f++; echo "<br /><br />";
}
}
else
{
  $f++;
}

  echo "</p>";

}

  echo "<p class=\"left_quiz\">Il tuo punteggio è stato $score/$howmany</p><br /><br />";
  echo "</div>";
  echo "<div id=\"stopcolonne\"></div>";
  echo "</div>";

  $corrispondent_question->free();
  $db->close();

  $homepage->DisplayFoot();

?>

Link to comment
https://forums.phpfreaks.com/topic/206759-quiz-script-it-works-howto-improve-it/
Share on other sites
nblackwood Member

nblackwood

Posted
Posted

Hi. It would probably be a bit more secure if you took out the following line:

 

  @ $db = new mysqli('localhost', 'root', 'password', 'database');

 

 

from each page and put it in a single file, then use that file as an include. One step in simplifying might be to make a form in html rather than using php to echo it. That would cut down the php code a bit.

 

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.