Jump to content

Quiz script. It works. HOWTO improve it.


quizzical

Recommended Posts

Hello! I've made completely by myself this script for a quiz which uses mysql.

I'm looking now for help in order to:

1) make it more secure,

2) achieve the same result with less code

3) find a way of quering less the mysql database

I know in this forum there is people more experienced than me.

Even a quick glance would mean a lot.

 

ELABORATE PAGE

<?php

session_start();

  require("config.php");

  $homepage = new Page();

  $homepage->DisplayHead();

  $whichquiz=$_POST['whichquiz'];
  $howmany=$_POST['howmany'];

  if (!$whichquiz || !$howmany) {
     echo 'Devi selezionare un quiz e il numero di domande.';
     exit;
  }

  if (!get_magic_quotes_gpc()){
    $whichquiz = addslashes($whichquiz);
    $howmany = addslashes($howmany);
  }

  @ $db = new mysqli('localhost', 'root', 'password', 'database');

  if (mysqli_connect_errno()) {
     echo 'Errore: Impossibile connettersi al database.';
     exit;
  }

  $query = "select * from $whichquiz order by rand() limit $howmany";
  $picked_questions = $db->query($query);

  echo "<div id=\"q_and_r_container\">";
  echo "<div id=\"left_q_and_r\"></div>";
  echo "<div id=\"right_q_and_r\">";
  echo "<p class=\"left_quiz\">".htmlentities(stripslashes($howmany))." domande su ".htmlentities(stripslashes($whichquiz))."</p>";

  echo "<form action=\"results.php\" method=\"post\" name=\"questions\">";
  $a = 0;
  $quante_caselle = 0;
  for ($i=0; $i <$howmany; $i++) {
     $row = $picked_questions->fetch_assoc();
     echo "<p class=\"left_quiz\">";
     echo "<strong>".($i+1).") ";
     echo $row['q'];
     echo "</strong>";
     $correct = $row['correct'];
     $correct2 = $row['correct2'];
$x1 = $row['a1'];
$x2 = $row['a2'];
$x3 = $row['a3'];
$x4 = $row['a4'];
if ($x1 != "") {
  if ($correct == "a" || $correct2 == "a") {
     $a1 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a1'];
$quante_caselle++;
     }
  else {
     $a1 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a1'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }
if ($x2 != "") {
  if ($correct == "b" || $correct2 == "b") {
     $a2 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a2'];
$quante_caselle++;
     }
  else {
     $a2 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a2'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }
if ($x3 != "") {
  if ($correct == "c" || $correct2 == "c") {
     $a3 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a3'];
$quante_caselle++;
     }
  else {
     $a3 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a3'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }
if ($x4 != "") {
  if ($correct == "d" || $correct2 == "d") {
     $a4 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a4'];
$quante_caselle++;
     }
  else {
     $a4 = "<input type=\"checkbox\" name=\"".$a."\" value=\"".($a++)."\" /> ".$row['a4'];
$quante_caselle++;
     }
     }
  else {
$a++;
$quante_caselle++;
     }

if ($x4 != "") {
     $shuffle_answers_array = array($a1,$a2,$a3,$a4);
     shuffle($shuffle_answers_array);
     $Sa1 = $shuffle_answers_array['0'];
     $Sa2 = $shuffle_answers_array['1'];
     $Sa3 = $shuffle_answers_array['2'];
     $Sa4 = $shuffle_answers_array['3'];
     echo "<br />";
     echo $Sa1;
     echo "<br />";
     echo $Sa2;
     echo "<br />";
     echo $Sa3;
     echo "<br />";
     echo $Sa4;
     }
elseif ($x4 == "" && $x3 != "") {
     $shuffle_answers_array = array($a1,$a2,$a3);
     shuffle($shuffle_answers_array);
     $Sa1 = $shuffle_answers_array['0'];
     $Sa2 = $shuffle_answers_array['1'];
     $Sa3 = $shuffle_answers_array['2'];
     echo "<br />";
     echo $Sa1;
     echo "<br />";
     echo $Sa2;
     echo "<br />";
     echo $Sa3;
     }
elseif ($x3 == "" && $x2 != "") {
     $shuffle_answers_array = array($a1,$a2);
     shuffle($shuffle_answers_array);
     $Sa1 = $shuffle_answers_array['0'];
     $Sa2 = $shuffle_answers_array['1'];
     echo "<br />";
     echo $Sa1;
     echo "<br />";
     echo $Sa2;
     }

     echo "</p>";

    $id[$i] = $row['id'];

  }

  $_SESSION['whichquiz'] = $whichquiz;
  $_SESSION['howmany'] = $howmany;

  $_SESSION['id1'] = $id[0];
  $_SESSION['id2'] = $id[1];
  $_SESSION['id3'] = $id[2];
  $_SESSION['id4'] = $id[3];
  $_SESSION['id5'] = $id[4];
  $_SESSION['id6'] = $id[5];
  $_SESSION['id7'] = $id[6];
  $_SESSION['id8'] = $id[7];
  $_SESSION['id9'] = $id[8];
  $_SESSION['id10'] = $id[9];
  $_SESSION['id11'] = $id[10];
  $_SESSION['id12'] = $id[11];
  $_SESSION['id13'] = $id[12];
  $_SESSION['id14'] = $id[13];
  $_SESSION['id15'] = $id[14];
  $_SESSION['id16'] = $id[15];
  $_SESSION['id17'] = $id[16];
  $_SESSION['id18'] = $id[17];
  $_SESSION['id19'] = $id[18];
  $_SESSION['id20'] = $id[19];

  $_SESSION['quantecaselle'] = $quante_caselle;

  echo "<input type=\"submit\" name=\"submit\" value=\"Risultati\" />";
  echo "<input type=\"button\" name=\"button1\" value=\"Torna su\" onClick=\"location.href='#top';\" />";
  echo "<input type=\"button\" name=\"button2\" value=\"Reset\" onClick=\"document.questions.reset()\" />";
  echo "<input type=\"button\" name=\"button3\" value=\"Nuovo\" onClick=\"location.href='quiz.php';\" />";
  echo "</p>";
  echo "</form>";
  echo "</div>";
  echo "<div id=\"stopcolonne\"></div>";
  echo "</div>";

  $picked_questions->free();
  $db->close();

  $homepage->DisplayFoot();

?>

 

RESULT PAGE

<?php

session_start();

  require("config.php");

  $homepage = new Page();

  $homepage->DisplayHead();

$whichquiz = $_SESSION['whichquiz'];
$howmany = $_SESSION['howmany'];
$id1 = $_SESSION['id1'];
$id2 = $_SESSION['id2'];
$id3 = $_SESSION['id3'];
$id4 = $_SESSION['id4'];
$id5 = $_SESSION['id5'];
$id6 = $_SESSION['id6'];
$id7 = $_SESSION['id7'];
$id8 = $_SESSION['id8'];
$id9 = $_SESSION['id9'];
$id10 = $_SESSION['id10'];
$id11 = $_SESSION['id11'];
$id12 = $_SESSION['id12'];
$id13 = $_SESSION['id13'];
$id14 = $_SESSION['id14'];
$id15 = $_SESSION['id15'];
$id16 = $_SESSION['id16'];
$id17 = $_SESSION['id17'];
$id18 = $_SESSION['id18'];
$id19 = $_SESSION['id19'];
$id20 = $_SESSION['id20'];
$quante_caselle = $_SESSION['quantecaselle'];

if ($howmany == "5")
{
$array_id = array($id1,$id2,$id3,$id4,$id5);
}
if ($howmany == "10")
{
$array_id = array($id1,$id2,$id3,$id4,$id5,$id6,$id7,$id8,$id9,$id10);
}
if ($howmany == "20")
{
$array_id = array($id1,$id2,$id3,$id4,$id5,$id6,$id7,$id8,$id9,$id10,$id11,$id12,$id13,$id14,$id15,$id16,$id17,$id18,$id19,$id20);
}

  if (!get_magic_quotes_gpc()){
  for ($i=0; $i < $quante_caselle; $i++) {
  $array_id2[$i] = addslashes($_POST[$i]);
  }
  }
else
  {
  for ($i=0; $i < $quante_caselle; $i++) {
  $array_id2[$i] = $_POST[$i];
  }
  }

  echo "<div id=\"q_and_r_container\">";
  echo "<div id=\"left_q_and_r\"></div>";
  echo "<div id=\"right_q_and_r\">";
  echo "<p class=\"left_quiz\">".htmlentities(stripslashes($howmany))." domande su ".htmlentities(stripslashes($whichquiz))."</p>";

@ $db = mysqli_connect('localhost', 'root', 'password', 'database');

  if (mysqli_connect_errno()) {
     echo 'Errore: Impossibile connettersi al database.';
     exit;
  }

$question=1;
$f=0;
$score=0;

foreach ($array_id as $key => $value) {
  $query = "select * from $whichquiz where id = $value";
  $corrispondent_question = mysqli_query($db, $query);
  $row = mysqli_fetch_assoc($corrispondent_question);
     echo "<p class=\"left_quiz\">";
     echo "<strong>".($question++).") ";
     echo $row['q'];
     echo "</strong>";
     echo "<br />";

if (($array_id2[$f] != "") && ($row[correct] == "a"))
{
  echo "<font color=\"green\"><b>".$row[a1]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "a"))
{
  echo "<font color=\"green\">".$row[a1]."</font>"; $f++; echo "<br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "a"))
{
  echo "<font color=\"red\"><b>".$row[a1]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />";
}
else
{
  echo $row[a1]; $f++; echo "<br />";
}



if (($array_id2[$f] != "") && ($row[correct] == "b"))
{
  echo "<font color=\"green\"><b>".$row[a2]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "b"))
{
  echo "<font color=\"green\">".$row[a2]."</font>"; $f++; echo "<br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "b"))
{
  echo "<font color=\"red\"><b>".$row[a2]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />";
}
else
{
  echo $row[a2]; $f++; echo "<br />";
}



if ($row[a3] != "")
{
if (($array_id2[$f] != "") && ($row[correct] == "c"))
{
  echo "<font color=\"green\"><b>".$row[a3]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "c"))
{
  echo "<font color=\"green\">".$row[a3]."</font>"; $f++; echo "<br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "c"))
{
  echo "<font color=\"red\"><b>".$row[a3]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br />";
}
else
{
  echo $row[a3]; $f++; echo "<br />";
}
}
else
{
  $f++;
}


if ($row[a4] != "")
{
if (($array_id2[$f] != "") && ($row[correct] == "d"))
{
  echo "<font color=\"green\"><b>".$row[a4]."</b></font> RISPOSTA ESATTA!"; $f++; $score++; echo "<br /><br />";
}
elseif (($array_id2[$f] == "") && ($row[correct] == "d"))
{
  echo "<font color=\"green\">".$row[a4]."</font>"; $f++; echo "<br /><br />";
}
elseif (($array_id2[$f] != "") && ($row[correct] != "d"))
{
  echo "<font color=\"red\"><b>".$row[a4]."</b></font> RISPOSTA SBAGLIATA!"; $f++; $score--; echo "<br /><br />";
}
else
{
  echo $row[a4]; $f++; echo "<br /><br />";
}
}
else
{
  $f++;
}

  echo "</p>";

}

  echo "<p class=\"left_quiz\">Il tuo punteggio è stato $score/$howmany</p><br /><br />";
  echo "</div>";
  echo "<div id=\"stopcolonne\"></div>";
  echo "</div>";

  $corrispondent_question->free();
  $db->close();

  $homepage->DisplayFoot();

?>

Link to comment
https://forums.phpfreaks.com/topic/206759-quiz-script-it-works-howto-improve-it/
Share on other sites

Hi. It would probably be a bit more secure if you took out the following line:

 

  @ $db = new mysqli('localhost', 'root', 'password', 'database');

 

 

from each page and put it in a single file, then use that file as an include. One step in simplifying might be to make a form in html rather than using php to echo it. That would cut down the php code a bit.

 

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.