Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder
    Join Date
    Jul 2008
    Posts
    136
    Thanks
    18
    Thanked 0 Times in 0 Posts

    Quiz Answer Help: Apostrophe Issue

    I created a quiz to help me study for an exam I have coming up. It matches the answer with the correct answer to see if I got the answer right or not. This works for most of the questions, but if the answer has an ' in it it will display the answer as \' instead, and they will not match. I'm not sure why this is happening, though I think it's something pretty simple that I haven't noticed.

    PHP Code:
    <?php 
    session_start
    ();
    include 
    'library/beginning.php';?>
    <p>This is a quiz I created to help me study for my Red Seal exam. Please use it to help study, if you see any errors or questions you would like to have added please <a href ="contact.php">contact</a> me.</p>
    <?php
    if(isset($_POST['number']))
    {
    $Number $_POST['Quest_numb'];
    $Number preg_replace("/[^0-9]/"""$Number);
    if (
    $Number == '0' or $Number == NULL)
    {
    $Number 1;
    }
    mysql_select_db('cquiz') or die('Cannot select database'); 
    $result mysql_query("SELECT ID FROM culexam");
    $total mysql_num_rows($result);
    if (
    $total $Number)
    {
    $Number $total;
    }
    $Count 0;
    $result2 mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error());
    while(
    $row mysql_fetch_array($result2)){
    $Count $Count +1;
    $Question $row['Question'];
    $ID $row['ID'];
    $ID_array[] = $ID;
    $_SESSION['ID'] = $ID_array;
    echo 
    '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />';
    $result3 mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error());
    while(
    $row mysql_fetch_array($result3)){
    $A1 $row['A1'];
    $A2 $row['A2'];
    $A3 $row['A3'];
    $A4 $row['A4'];
    $A5 $row['A5'];
    $array = array($A1$A2$A3$A4$A5);
    shuffle($array);
    foreach (
    $array as $answers) {
    if (
    $answers == null)
    {
    }
    else
    {
    $Action $_SERVER['PHP_SELF'];
    echo 
    '<form method = "post" action = "'$Action .'">';
    echo 
    '<input type="radio" value="' .$answers .'" name="' .$ID .'">'$answers .'<br />';
    }
    }
    }
    }
    echo 
    '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>';
    }
    else
    {
    $Action $_SERVER['PHP_SELF'];
    echo 
    '<form method = "post" action = "'$Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>';
    if(isset(
    $_POST['quiz_results']))
    {
    $ID_array $_SESSION['ID'];
    $Score 0;
    $Count 0;
    foreach (
    $ID_array as $ID) {
    $Answer $_POST[$ID];
    mysql_select_db('cquiz') or die('Cannot select database'); 
    $result4 mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error());
    while(
    $row mysql_fetch_array($result4)){
    $Count $Count +1;
    $Correct_answer $row['A1'];
    if (
    $Answer == $Correct_answer)
    {
    $Score $Score +1;
    }
    else
    {
    }
    }
    }
    $Score $Score $Count 100;
    $Score =round($Score,2);
    echo 
    'You scored <strong>' $Score .'%</strong>.';
    if (
    $Score 70)
    {
    echo 
    ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />';
    }
    else
    {
    echo 
    ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />';
    }
    $Count2 0;
    foreach (
    $ID_array as $ID2) {
    $Answer2 $_POST[$ID2];
    $result5 mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error());
    while(
    $row mysql_fetch_array($result5)){
    $Correct_answer2 $row['A1'];
    $Question $row['Question'];
    if (
    $Answer2 == $Correct_answer2)
    {
    $Count2 $Count2 +1;
    echo 
    '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />';
    }
    else
    {
    If (
    $Answer2 == null)
    {
    $Answer2 'No answer.';
    }
    $Count2 $Count2 +1;
    echo 
    '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />';
    }
    }
    }
    session_destroy();
    }
    }
    ?>
    <?php 
    include 'library/ending.php';?>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,980
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Is the \' coming from a string entered by the user on a form, or from the selection called on the database?
    Also, do you have a formatted version of this? Its pretty hard to follow when there's no indentation :P

  • #3
    Regular Coder
    Join Date
    Jul 2008
    Posts
    136
    Thanks
    18
    Thanked 0 Times in 0 Posts
    The \' Is coming from the radio button after it is chosen. It will display as &#039; in the question page, and when I call the database to check the answer it displays as &#039;. The question page displays fine, but when I click "calculate results" when it displays the results page it gets switched over to the \' so the check doesn't work as they are now different strings.

    Sorry no better formatted version than this one.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,980
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    This is caused by an ini directive called magic_quotes_gpc. It was one of the worst ideas they ever came up with, and fortunately the functionality is now gone as of 5.4.0.
    Still, until you program specifically for the 5.4+, you must take care to remove them. If the post is simple, you can cheat it by simply mapping the array instead of walking it (if you were making a larger system, I'd suggest walking all the globals instead).
    PHP Code:
    if (ini_get('magic_quotes_gpc'))
    {
        
    $_POST array_map('stripslashes'$_POST);

    Here's a formatted version with the above added:
    PHP Code:

    <?php
    session_start
    ();
    include 
    'library/beginning.php';?>
    <p>This is a quiz I created to help me study for my Red Seal exam.
    Please use it to help study, if you see any errors or questions you
    would like to have added please <a href="contact.php">contact</a> me.</p>
    <?php
    if(isset($_POST['number']))
    {
        if (
    ini_get('magic_quotes_gpc'))
        {
            
    $_POST array_map('stripslashes'$_POST);
        }
        
    $Number $_POST['Quest_numb'];
        
    $Number preg_replace("/[^0-9]/"""$Number);
        if (
    $Number == '0' or $Number == NULL)
        {
            
    $Number 1;
        }
        
    mysql_select_db('cquiz') or die('Cannot select database');
        
    $result mysql_query("SELECT ID FROM culexam");
        
    $total mysql_num_rows($result);
        if (
    $total $Number)
        {
            
    $Number $total;
        }
        
    $Count 0;
        
    $result2 mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error());
        while(
    $row mysql_fetch_array($result2)){
            
    $Count $Count +1;
            
    $Question $row['Question'];
            
    $ID $row['ID'];
            
    $ID_array[] = $ID;
            
    $_SESSION['ID'] = $ID_array;
            echo 
    '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />';
            
    $result3 mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error());
            while(
    $row mysql_fetch_array($result3)){
                
    $A1 $row['A1'];
                
    $A2 $row['A2'];
                
    $A3 $row['A3'];
                
    $A4 $row['A4'];
                
    $A5 $row['A5'];
                
    $array = array($A1$A2$A3$A4$A5);
                
    shuffle($array);
                foreach (
    $array as $answers) {
                    if (
    $answers == null)
                    {
                    }
                    else
                    {
                        
    $Action $_SERVER['PHP_SELF'];
                        echo 
    '<form method = "post" action = "'$Action .'">';
                        echo 
    '<input type="radio" value="' .$answers .'" name="' .$ID .'">'$answers .'<br />';
                    }
                }
            }
        }
        echo 
    '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>';
    }
    else
    {
        
    $Action $_SERVER['PHP_SELF'];
        echo 
    '<form method = "post" action = "'$Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>';
        if(isset(
    $_POST['quiz_results']))
        {
            
    $ID_array $_SESSION['ID'];
            
    $Score 0;
            
    $Count 0;
            foreach (
    $ID_array as $ID) {
                
    $Answer $_POST[$ID];
                
    mysql_select_db('cquiz') or die('Cannot select database');
                
    $result4 mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error());
                while(
    $row mysql_fetch_array($result4)){
                    
    $Count $Count +1;
                    
    $Correct_answer $row['A1'];
                    if (
    $Answer == $Correct_answer)
                    {
                        
    $Score $Score +1;
                    }
                    else
                    {
                    }
                }
            }
            
    $Score $Score $Count 100;
            
    $Score =round($Score,2);
            echo 
    'You scored <strong>' $Score .'%</strong>.';
            if (
    $Score 70)
            {
                echo 
    ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />';
            }
            else
            {
                echo 
    ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />';
            }
            
    $Count2 0;
            foreach (
    $ID_array as $ID2) {
                
    $Answer2 $_POST[$ID2];
                
    $result5 mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error());
                while(
    $row mysql_fetch_array($result5)){
                    
    $Correct_answer2 $row['A1'];
                    
    $Question $row['Question'];
                    if (
    $Answer2 == $Correct_answer2)
                    {
                        
    $Count2 $Count2 +1;
                        echo 
    '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />';
                    }
                    else
                    {
                        If (
    $Answer2 == null)
                        {
                            
    $Answer2 'No answer.';
                        }
                        
    $Count2 $Count2 +1;
                        echo 
    '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />';
                    }
                }
            }
            
    session_destroy();
        }
    }
    ?>
    <?php 
    include 'library/ending.php';?>
    I haven't gone through all of this, but there appears to be some issues with security for sure. If its just for yourself on a local network, I'd say don't worry too much about them; if its in a public domain, you'll definitely want to fix that. It can be cleaned up a bit as well and compacted on the queries and whatnots, but I'd suggest you're more interested in getting it to work for your culinary exams.

  • Users who have thanked Fou-Lu for this post:

    kochier (01-08-2013)

  • #5
    Regular Coder
    Join Date
    Jul 2008
    Posts
    136
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Hmm I threw in the changes you mentioned and it's still giving me:

    581. Which of the following knives is used to turn vegetables?
    Your answer was: Bird\'s beak knife
    That is incorrect.
    The correct answer is: Bird's beak knife
    I thought I had magic quotes turned off as well (it's a setting with my host). What did you use to format it so nicely, is there something you use to indent your code?

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,980
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    I used eclipse to format it. It's different than I like, but it doesn't seem to be capable of linefeeding the braces in the PHP editor. Not sure why; pretty sure it does that with the java editor.

    I think I'm confused by exactly what the branches are doing here. No matter, remove the if branch for the magic quotes completely, and above the isset($_POST['number']) check simply do it there:
    PHP Code:
    if (ini_get('magic_quotes_gpc'))
    {
        
    $_POST array_map('stripslashes'$_POST);
    }
    if (isset(
    $_POST['number'])) 

  • Users who have thanked Fou-Lu for this post:

    kochier (01-09-2013)

  • #7
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    If it is useful I use the following code, which handles post-arrays:

    PHP Code:
    if (get_magic_quotes_gpc()) {
        
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
        while (list(
    $key$val) = each($process)) {
            foreach (
    $val as $k => $v) {
                unset(
    $process[$key][$k]);
                if (
    is_array($v)) {
                    
    $process[$key][stripslashes($k)] = $v;
                    
    $process[] = &$process[$key][stripslashes($k)];
                } else {
                    
    $process[$key][stripslashes($k)] = stripslashes($v);
                }
            }
        }
        unset(
    $process);

    It's not mine; I borrowed it from the internet
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  • Users who have thanked AndrewGSW for this post:

    kochier (01-09-2013)

  • #8
    Regular Coder
    Join Date
    Jul 2008
    Posts
    136
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Hmm well I've come to understand what you're telling me. Is it's basically just taking the backslash out when magic quotes are present? So basically I'd be comparing ' to &#039 which still wouldn't match. But now without the backslash I can use preg_replace to change ' to '. I still don't understand why this is an issue if I have PHP 5.2 with magic quotes off selected, shouldn't they be off then? Maybe something to take up with my host? Also why does POST change ' to '?


    EDIT: I also tried switching to PHP 5.4 to fix the problem. It was still turning the &#039 to ', I figure this has something to do with post? Only thing I noticed with the change was it took away the backslash that occurred. As it caused errors in other pages I reverted back for now, but will upgrade as soon as I get a chance.

  • #9
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,980
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    No you want to make sure you are comparing ' to '. When you take input from a form with magic_quotes_gpc enabled, this escapes the ' to become \'. You stripslash it so it removes the escape from the string. Since PHP isn't sensitive to using the addslashes (implicitly from the magic_quotes) and the mysql_real_escape_string, it would definitely corrupt the data when inserting to a database. Likewise, since you are not comparing using the SQL query itself, you need to make sure the state of the apostrophe is the same in both the input string and the retrieved string.

    If you are seeing ' I'd suspect that is coming from your storage where htmlentities were used to convert it. Don't convert with htmlentities before storage; use it after selection instead. That said, assuming it is also the case the htmlentities can be used on the input string (using the ENT_QUOTES as the second parameter) to compare the two.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •