quizzical Posted July 5, 2010 Share Posted July 5, 2010 Hello! I've made completely by myself this script for a quiz which uses mysql. I'm looking now for help in order to: 1) make it more secure, 2) achieve the same result with less code 3) find a way of quering less the mysql database I know in this forum there is people more experienced than me. Even a quick glance would mean a lot. ELABORATE PAGE <?php session_start(); require("config.php"); $homepage = new Page(); $homepage->DisplayHead(); $whichquiz=$_POST['whichquiz']; $howmany=$_POST['howmany']; if (!$whichquiz || !$howmany) { echo 'Devi selezionare un quiz e il numero di domande.'; exit; } if (!get_magic_quotes_gpc()){ $whichquiz = addslashes($whichquiz); $howmany = addslashes($howmany); } @ $db = new mysqli('localhost', 'root', 'password', 'database'); if (mysqli_connect_errno()) { echo 'Errore: Impossibile connettersi al database.'; exit; } $query = "select * from $whichquiz order by rand() limit $howmany"; $picked_questions = $db->query($query); echo "<div id=\"q_and_r_container\">"; echo "<div id=\"left_q_and_r\"></div>"; echo "<div id=\"right_q_and_r\">"; echo "<p class=\"left_quiz\">".htmlentities(stripslashes($howmany))." domande su ".htmlentities(stripslashes($whichquiz))."</p>"; echo "<form action=\"results.php\" method=\"post\" name=\"questions\">"; $a = 0; $quante_caselle = 0; for ($i=0; $i <$howmany; $i++) { $row = $picked_questions->fetch_assoc(); echo "<p class=\"left_quiz\">"; echo "<strong>".($i+1).") "; echo $row['q']; echo "</strong>"; $correct = $row['correct']; $correct2 = $row['correct2']; $x1 = $row['a1']; $x2 = $row['a2']; $x3 = $row['a3']; $x4 = $row['a4']; if ($x1 != "") { if ($correct == "a" || $correct2 == "a") { $a1 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a1']; $quante_caselle++; } else { $a1 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a1']; $quante_caselle++; } } else { $a++; $quante_caselle++; } if ($x2 != "") { if ($correct == "b" || $correct2 == "b") { $a2 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a2']; $quante_caselle++; } else { $a2 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a2']; $quante_caselle++; } } else { $a++; $quante_caselle++; } if ($x3 != "") { if ($correct == "c" || $correct2 == "c") { $a3 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a3']; $quante_caselle++; } else { $a3 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a3']; $quante_caselle++; } } else { $a++; $quante_caselle++; } if ($x4 != "") { if ($correct == "d" || $correct2 == "d") { $a4 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a4']; $quante_caselle++; } else { $a4 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a4']; $quante_caselle++; } } else { $a++; $quante_caselle++; } if ($x4 != "") { $shuffle_answers_array = array($a1,$a2,$a3,$a4); shuffle($shuffle_answers_array); $Sa1 = $shuffle_answers_array['0']; $Sa2 = $shuffle_answers_array['1']; $Sa3 = $shuffle_answers_array['2']; $Sa4 = $shuffle_answers_array['3']; echo "<br />"; echo $Sa1; echo "<br />"; echo $Sa2; echo "<br />"; echo $Sa3; echo "<br />"; echo $Sa4; } elseif ($x4 == "" && $x3 != "") { $shuffle_answers_array = array($a1,$a2,$a3); shuffle($shuffle_answers_array); $Sa1 = $shuffle_answers_array['0']; $Sa2 = $shuffle_answers_array['1']; $Sa3 = $shuffle_answers_array['2']; echo "<br />"; echo $Sa1; echo "<br />"; echo $Sa2; echo "<br />"; echo $Sa3; } elseif ($x3 == "" && $x2 != "") { $shuffle_answers_array = array($a1,$a2); shuffle($shuffle_answers_array); $Sa1 = $shuffle_answers_array['0']; $Sa2 = $shuffle_answers_array['1']; echo "<br />"; echo $Sa1; echo "<br />"; echo $Sa2; } echo "</p>"; $id[$i] = $row['id']; } $_SESSION['whichquiz'] = $whichquiz; $_SESSION['howmany'] = $howmany; $_SESSION['id1'] = $id[0]; $_SESSION['id2'] = $id[1]; $_SESSION['id3'] = $id[2]; $_SESSION['id4'] = $id[3]; $_SESSION['id5'] = $id[4]; $_SESSION['id6'] = $id[5]; $_SESSION['id7'] = $id[6]; $_SESSION['id8'] = $id[7]; $_SESSION['id9'] = $id[8]; $_SESSION['id10'] = $id[9]; $_SESSION['id11'] = $id[10]; $_SESSION['id12'] = $id[11]; $_SESSION['id13'] = $id[12]; $_SESSION['id14'] = $id[13]; $_SESSION['id15'] = $id[14]; $_SESSION['id16'] = $id[15]; $_SESSION['id17'] = $id[16]; $_SESSION['id18'] = $id[17]; $_SESSION['id19'] = $id[18]; $_SESSION['id20'] = $id[19]; $_SESSION['quantecaselle'] = $quante_caselle; echo "<input type=\"submit\" name=\"submit\" value=\"Risultati\" />"; echo "<input type=\"button\" name=\"button1\" value=\"Torna su\" onClick=\"location.href='#top';\" />"; echo "<input type=\"button\" name=\"button2\" value=\"Reset\" onClick=\"document.questions.reset()\" />"; echo "<input type=\"button\" name=\"button3\" value=\"Nuovo\" onClick=\"location.href='quiz.php';\" />"; echo "</p>"; echo "</form>"; echo "</div>"; echo "<div id=\"stopcolonne\"></div>"; echo "</div>"; $picked_questions->free(); $db->close(); $homepage->DisplayFoot(); ?> RESULT PAGE <?php session_start(); require("config.php"); $homepage = new Page(); $homepage->DisplayHead(); $whichquiz = $_SESSION['whichquiz']; $howmany = $_SESSION['howmany']; $id1 = $_SESSION['id1']; $id2 = $_SESSION['id2']; $id3 = $_SESSION['id3']; $id4 = $_SESSION['id4']; $id5 = $_SESSION['id5']; $id6 = $_SESSION['id6']; $id7 = $_SESSION['id7']; $id8 = $_SESSION['id8']; $id9 = $_SESSION['id9']; $id10 = $_SESSION['id10']; $id11 = $_SESSION['id11']; $id12 = $_SESSION['id12']; $id13 = $_SESSION['id13']; $id14 = $_SESSION['id14']; $id15 = $_SESSION['id15']; $id16 = $_SESSION['id16']; $id17 = $_SESSION['id17']; $id18 = $_SESSION['id18']; $id19 = $_SESSION['id19']; $id20 = $_SESSION['id20']; $quante_caselle = $_SESSION['quantecaselle']; if ($howmany == "5") { $array_id = array($id1,$id2,$id3,$id4,$id5); } if ($howmany == "10") { $array_id = array($id1,$id2,$id3,$id4,$id5,$id6,$id7,$id8,$id9,$id10); } if ($howmany == "20") { $array_id = array($id1,$id2,$id3,$id4,$id5,$id6,$id7,$id8,$id9,$id10,$id11,$id12,$id13,$id14,$id15,$id16,$id17,$id18,$id19,$id20); } if (!get_magic_quotes_gpc()){ for ($i=0; $i < $quante_caselle; $i++) { $array_id2[$i] = addslashes($_POST[$i]); } } else { for ($i=0; $i < $quante_caselle; $i++) { $array_id2[$i] = $_POST[$i]; } } echo "<div id=\"q_and_r_container\">"; echo "<div id=\"left_q_and_r\"></div>"; echo "<div id=\"right_q_and_r\">"; echo "<p class=\"left_quiz\">".htmlentities(stripslashes($howmany))." domande su ".htmlentities(stripslashes($whichquiz))."</p>"; @ $db = mysqli_connect('localhost', 'root', 'password', 'database'); if (mysqli_connect_errno()) { echo 'Errore: Impossibile connettersi al database.'; exit; } $question=1; $f=0; $score=0; foreach ($array_id as $key => $value) { $query = "select * from $whichquiz where id = $value"; $corrispondent_question = mysqli_query($db, $query); $row = mysqli_fetch_assoc($corrispondent_question); echo "<p class=\"left_quiz\">"; echo "<strong>".($question++).") "; echo $row['q']; echo "</strong>"; echo "<br />"; if (($array_id2[$f] != "") && ($row[correct] == "a")) { echo "<font color=\"green\"><b>".$row[a1]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />"; } elseif (($array_id2[$f] == "") && ($row[correct] == "a")) { echo "<font color=\"green\">".$row[a1]."</font>"; $f++; echo "<br />"; } elseif (($array_id2[$f] != "") && ($row[correct] != "a")) { echo "<font color=\"red\"><b>".$row[a1]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />"; } else { echo $row[a1]; $f++; echo "<br />"; } if (($array_id2[$f] != "") && ($row[correct] == "b")) { echo "<font color=\"green\"><b>".$row[a2]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />"; } elseif (($array_id2[$f] == "") && ($row[correct] == "b")) { echo "<font color=\"green\">".$row[a2]."</font>"; $f++; echo "<br />"; } elseif (($array_id2[$f] != "") && ($row[correct] != "b")) { echo "<font color=\"red\"><b>".$row[a2]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />"; } else { echo $row[a2]; $f++; echo "<br />"; } if ($row[a3] != "") { if (($array_id2[$f] != "") && ($row[correct] == "c")) { echo "<font color=\"green\"><b>".$row[a3]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />"; } elseif (($array_id2[$f] == "") && ($row[correct] == "c")) { echo "<font color=\"green\">".$row[a3]."</font>"; $f++; echo "<br />"; } elseif (($array_id2[$f] != "") && ($row[correct] != "c")) { echo "<font color=\"red\"><b>".$row[a3]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />"; } else { echo $row[a3]; $f++; echo "<br />"; } } else { $f++; } if ($row[a4] != "") { if (($array_id2[$f] != "") && ($row[correct] == "d")) { echo "<font color=\"green\"><b>".$row[a4]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br /><br />"; } elseif (($array_id2[$f] == "") && ($row[correct] == "d")) { echo "<font color=\"green\">".$row[a4]."</font>"; $f++; echo "<br /><br />"; } elseif (($array_id2[$f] != "") && ($row[correct] != "d")) { echo "<font color=\"red\"><b>".$row[a4]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br /><br />"; } else { echo $row[a4]; $f++; echo "<br /><br />"; } } else { $f++; } echo "</p>"; } echo "<p class=\"left_quiz\">Il tuo punteggio è stato $score/$howmany</p><br /><br />"; echo "</div>"; echo "<div id=\"stopcolonne\"></div>"; echo "</div>"; $corrispondent_question->free(); $db->close(); $homepage->DisplayFoot(); ?> Link to comment https://forums.phpfreaks.com/topic/206759-quiz-script-it-works-howto-improve-it/ Share on other sites More sharing options...
nblackwood Posted July 5, 2010 Share Posted July 5, 2010 Hi. It would probably be a bit more secure if you took out the following line: @ $db = new mysqli('localhost', 'root', 'password', 'database'); from each page and put it in a single file, then use that file as an include. One step in simplifying might be to make a form in html rather than using php to echo it. That would cut down the php code a bit. Link to comment https://forums.phpfreaks.com/topic/206759-quiz-script-it-works-howto-improve-it/#findComment-1081286 Share on other sites More sharing options...
quizzical Posted July 5, 2010 Author Share Posted July 5, 2010 Thank you nblackwood, I'll follow your advice. Other suggestions are welcome Link to comment https://forums.phpfreaks.com/topic/206759-quiz-script-it-works-howto-improve-it/#findComment-1081294 Share on other sites More sharing options...
quizzical Posted July 9, 2010 Author Share Posted July 9, 2010 Any new hints on how I can improve it? Thank you. Link to comment https://forums.phpfreaks.com/topic/206759-quiz-script-it-works-howto-improve-it/#findComment-1083583 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.