Jump to content

Is There Anything Wrong With This Fulltext Search Query?


ximenao

Recommended Posts

Hello

First of all I hope I have my question in the correct forum.

I really need help with this problem! I'm sorry if the the solution is rather simple but I'm still kinda new to all this.

 

I'm coding an online quiz for a client. The person must enter the correct answers into the input textboxes coded below:

 

 

<li><input type="text" name="uno" size="25" maxlength="25" align="baseline" /><br /><br /></li>
                           <li><input type="text" name="dos" size="25" maxlength="25" align="baseline" /><br /><br /></li>
                           <li><input type="text" name="tres" size="25" maxlength="25" align="baseline" /><br /><br /></li>

 

 

Once they submit the answers they are sent to the processing script shown below:

 

 

<?php
 $uno = $_POST['uno'];
 $dos = $_POST['dos'];
 $tres = $_POST['tres'];

$query="SELECT 
MATCH (q1) AGAINST ('$uno' IN BOOLEAN MODE) as ans1,
MATCH (q2) AGAINST ('$dos' IN BOOLEAN MODE) as ans2,
MATCH (q3) AGAINST ('$tres' IN BOOLEAN MODE) as ans3,
FROM db_4_test";
$data=@mysql_query($query) or die(mysql_error()); 

echo "<p align=\"justify\">2. In the passage you have just read there are seven Spanish Speaking countries. List them in the spaces provided.</p>";
if($data["ans1"]!='0' && $data["ans1"]!='') {
       $a = 1;
echo "<p><font color=\"#7E4B01\" size=\"+1\">\"<b>$uno</b> is correct!\"</font></p>";
} else {
       $a = 0;
echo "<p><font color=\"#F00\" size=\"+1\">\"<b>$uno</b> is NOT a Spanish Speaking country found in the passage you have just read!</font></p>";
}

if($data["ans2"]!='0' && $data["ans2"]!='') {
       $b = 1;
echo "<p><font color=\"#7E4B01\" size=\"+1\">\"<b>$dos</b> is correct!\"</font></p>";
} else {
       $b = 0;
echo "<p><font color=\"#F00\" size=\"+1\">\"<b>$dos</b> is NOT a Spanish Speaking country found in the passage you have just read!</font></p>";
}

if($data["ans3"]!='0' && $data["ans3"]!='') {
       $c = 1;
echo "<p><font color=\"#7E4B01\" size=\"+1\">\"<b>$tres</b> is correct!\"</font></p>";
} else {
       $c = 0;
echo "<p><font color=\"#F00\" size=\"+1\">\"<b>$tres</b> is NOT a Spanish Speaking country found in the passage you have just read!</font></p>";
}


$ex1sum = $a + $b + $c;
$ex1percent = ($ex1sum/3)*100;

echo "<p>You scored <b>$ex1sum</b> out of 13 total marks in Exercise IV.</p>";

if ($ex1percent >= 0 && $ex1percent <= 50)
 echo "<p><img src=\"images/exam_sorry_01.jpg\" width=\"287\" height=\"25\" alt=\"\" border=\"0\"><a href=\"quiz.php\"><img src=\"images/exam_sorry_02.jpg\" width=\"63\" height=\"25\" alt=\"\" border=\"0\"></a></p>";  


if ($ex1percent >= 51 && $ex1percent <= 84)
 echo "<p><img src=\"images/exam_tryagain_01.jpg\" width=\"210\" height=\"25\" alt=\"\" border=\"0\"><a href=\"quiz.php\"><img src=\"images/exam_tryagain_02.jpg\" width=\"68\" height=\"25\" alt=\"\" border=\"0\"></a></p>";

if ($ex1percent >= 85 && $ex1percent <= 100)
 echo "<p><img src=\"images/exam_muybueno.jpg\" width=\"80\" height=\"25\" alt=\"\" border=\"0\"></p>";


?>

 

 

The script is a fulltext search which searches a series of columns in a database table and is supposed to find the correct answer. For example if the student enters "Cuba" it is supposed to return the answer as correct in other words display "Cuba is correct!". If the person enters say England it is supposed print "England is NOT a Spanish Speaking country found in the passage you have just read!"

However no matter what the answer is it always gives the answer wrong even if it is present in the database. If I use just one argument (e.g.: if($data["ans1"]!='0' ) ) it gives every answer correct even it is not in database.

Can someone please help me? Is there anything wrong with this script that I am missing?

 

Thanks in advance

ximenao

Link to comment
Share on other sites

The problem isn't with your MySQL query, but with your (PHP code) logic: You haven't actually fetched the returned row from the result, just executed the query. You'll need to use mysql_fetch_array () to get the (first) row of results.

 

Also, you should never use @ to suppress errors, and the use of "or die (mysql_error ())" must be limited to debugging purposes only. Once you've fixed the script, you should handle errors in a more proper manner. So that you yourself gets all the details about the error, but your users only get told what part of their operation went wrong (such as "could not validate against database").

This'll help you make sure your scripts work as they should, without giving any malicious users any information they could potentially use in an attack on your site.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.