jushiro Posted September 9, 2011 Share Posted September 9, 2011 Im having a problem coding for our project . here's the code <?php $value = $_POST['p']; $host="localhost"; $username="root"; $password=""; $db_name="dbquiz"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $value = stripslashes($value); $value = mysql_real_escape_string($value); $sql='SELECT * FROM `'. $value .'` ORDER BY RAND() LIMIT 100'; $result=mysql_query($sql) or die(mysql_error()); if(result){ while($row = mysql_fetch_assoc($result)) { $q = $row['question']; $c1= "" .$row['choice1']; $c2 ="" .$row['choice2']; $c3 ="" .$row['choice3']; $c4 ="" .$row['choice4']; $a ="".$row['answer']; $questions[] = array($q,$c1,$c2,$c3,$c4,$a); } } include_once("makequiz.php"); ?> AND FOR THE makequiz <?php if (isset($_POST['sent'])) { for ($i=0;$i<count($questions);$i++) { echo($questions[$i][0]." - "); if ($_POST['q'.$i]=="c") { echo("<b>Correct!</b><br>\n"); $score++; } else { echo("<b>Wrong!</b><br>\n"); } } $percent = number_format(($score/count($questions))*100,2,".",","); echo("<br>".$score." out of ".count($questions)." (".$percent."% right)<br>\n"); } else { echo("<form action=\"#\" method=\"post\">\n"); echo("<input type=\"hidden\" name=\"sent\">\n"); for ($i=0;$i<count($questions);$i++) { echo("<b>".$questions[$i][0]."</b><br><br>\n"); if ($questions[$i][5]==1) { echo("<input type=\"radio\" name=\"q".$i."\" value=\"c\"> ".$questions[$i][1]."<br>\n"); } else { echo("<input type=\"radio\" name=\"q".$i."\" value=\"w\"> ".$questions[$i][1]."<br>\n"); } if ($questions[$i][5]==2) { echo("<input type=\"radio\" name=\"q".$i."\" value=\"c\"> ".$questions[$i][2]."<br>\n"); } else { echo("<input type=\"radio\" name=\"q".$i."\" value=\"w\"> ".$questions[$i][2]."<br>\n"); } if ($questions[$i][5]==3) { echo("<input type=\"radio\" name=\"q".$i."\" value=\"c\"> ".$questions[$i][3]."<br>\n"); } else { echo("<input type=\"radio\" name=\"q".$i."\" value=\"w\"> ".$questions[$i][3]."<br>\n"); } if ($questions[$i][5]==4) { echo("<input type=\"radio\" name=\"q".$i."\" value=\"c\"> ".$questions[$i][4]."<br><br>\n"); } else { echo("<input type=\"radio\" name=\"q".$i."\" value=\"w\"> ".$questions[$i][4]."<br><br>\n"); } } echo("<input type=\"submit\" value=\"Am I Right?!\">"); } ?> When you run the first code.. it's working but when i clicked the submit button this error keeps on showing and i dont know why.. "Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in " can someone help me fix this problem pls? thx in advance. Quote Link to comment Share on other sites More sharing options...
php_begins Posted September 9, 2011 Share Posted September 9, 2011 i dont see anything missing than a dollar sign missing in if(result) condition Quote Link to comment Share on other sites More sharing options...
jushiro Posted September 9, 2011 Author Share Posted September 9, 2011 My bad.. btw, thx for replying.. i edited it' but still has an error. "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY RAND() LIMIT 100' " .. I dont get it.. this error shows on makequiz.php.. can you help me fix it pls.. Quote Link to comment Share on other sites More sharing options...
Maq Posted September 9, 2011 Share Posted September 9, 2011 Can you echo $sql so we can see the actual query? Quote Link to comment Share on other sites More sharing options...
jushiro Posted September 9, 2011 Author Share Posted September 9, 2011 SELECT * FROM chapter1 ORDER BY RAND() LIMIT 100 .. that's the output' im still fixin this. but im having trouble with the codes. help me pls.. thx! :'( Quote Link to comment Share on other sites More sharing options...
Adam Posted September 9, 2011 Share Posted September 9, 2011 $value is taken from the post data and used within the query as the table name, but you're not posting it as a hidden input when you submit the form so you will have a blank table name. By the way, blindly using a variable as your table name is a very bad idea. I could put any table in there, or worse, a malicious SQL injection. I know you run it through mysql_real_escape_string(), but I wouldn't need quotes in that situation. Check the value is within an array of allowed table names. Quote Link to comment Share on other sites More sharing options...
jushiro Posted September 9, 2011 Author Share Posted September 9, 2011 Yes i've made a code for values for allowed table names. it works well. So the $value is not being hidden?.. how can i fix it? should i make a hidden? and how? (.. help pls. Quote Link to comment Share on other sites More sharing options...
Adam Posted September 9, 2011 Share Posted September 9, 2011 Well I don't really get why you're passing it in the first place? Quote Link to comment Share on other sites More sharing options...
jushiro Posted September 9, 2011 Author Share Posted September 9, 2011 cause there's not only one table in my database.. Basically this is how it works, There's a page that contains a list of value for tables' Then the value of the table w/c contains the questions and answers for the file makequiz.php will be output to be like a quiz .. but my sql wont work. someone help me with this pls. Quote Link to comment Share on other sites More sharing options...
jcbones Posted September 9, 2011 Share Posted September 9, 2011 You are NOT sending the table name in your POST data. IF you echo'd the query like suggested, you would find it reads: SELECT * FROM `` ORDER BY RAND() LIMIT 100 Then MySQL rejects it, you get a mysql_fetch_assoc() error (Which always means that your query failed), and a mysql error. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 9, 2011 Share Posted September 9, 2011 If you need to send the table name in a form, it more than likely indicates poor database design. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.