CodingForums.com

CodingForums.com (http://www.codingforums.com/index.php)
-   PHP (http://www.codingforums.com/forumdisplay.php?f=6)
-   -   Resolved Quiz Answer Help: Apostrophe Issue (http://www.codingforums.com/showthread.php?t=285468)

kochier 01-08-2013 05:56 PM
Quiz Answer Help: Apostrophe Issue
 
I created a quiz to help me study for an exam I have coming up. It matches the answer with the correct answer to see if I got the answer right or not. This works for most of the questions, but if the answer has an ' in it it will display the answer as \' instead, and they will not match. I'm not sure why this is happening, though I think it's something pretty simple that I haven't noticed.

PHP Code:
<?php 
session_start();
include 'library/beginning.php';?>
<p>This is a quiz I created to help me study for my Red Seal exam. Please use it to help study, if you see any errors or questions you would like to have added please <a href ="contact.php">contact</a> me.</p>
<?php
if(isset($_POST['number']))
{
$Number $_POST['Quest_numb'];
$Number preg_replace("/[^0-9]/"""$Number);
if ($Number == '0' or $Number == NULL)
{
$Number 1;
}
mysql_select_db('cquiz') or die('Cannot select database'); 
$result mysql_query("SELECT ID FROM culexam");
$total mysql_num_rows($result);
if ($total $Number)
{
$Number $total;
}
$Count 0;
$result2 mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error());
while($row mysql_fetch_array($result2)){
$Count $Count +1;
$Question $row['Question'];
$ID $row['ID'];
$ID_array[] = $ID;
$_SESSION['ID'] = $ID_array;
echo '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />';
$result3 mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error());
while($row mysql_fetch_array($result3)){
$A1 $row['A1'];
$A2 $row['A2'];
$A3 $row['A3'];
$A4 $row['A4'];
$A5 $row['A5'];
$array = array($A1$A2$A3$A4$A5);
shuffle($array);
foreach ($array as $answers) {
if ($answers == null)
{
}
else
{
$Action $_SERVER['PHP_SELF'];
echo '<form method = "post" action = "'$Action .'">';
echo '<input type="radio" value="' .$answers .'" name="' .$ID .'">'$answers .'<br />';
}
}
}
}
echo '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>';
}
else
{
$Action $_SERVER['PHP_SELF'];
echo '<form method = "post" action = "'$Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>';
if(isset($_POST['quiz_results']))
{
$ID_array $_SESSION['ID'];
$Score 0;
$Count 0;
foreach ($ID_array as $ID) {
$Answer $_POST[$ID];
mysql_select_db('cquiz') or die('Cannot select database'); 
$result4 mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error());
while($row mysql_fetch_array($result4)){
$Count $Count +1;
$Correct_answer $row['A1'];
if ($Answer == $Correct_answer)
{
$Score $Score +1;
}
else
{
}
}
}
$Score $Score $Count 100;
$Score =round($Score,2);
echo 'You scored <strong>' $Score .'%</strong>.';
if ($Score 70)
{
echo ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />';
}
else
{
echo ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />';
}
$Count2 0;
foreach ($ID_array as $ID2) {
$Answer2 $_POST[$ID2];
$result5 mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error());
while($row mysql_fetch_array($result5)){
$Correct_answer2 $row['A1'];
$Question $row['Question'];
if ($Answer2 == $Correct_answer2)
{
$Count2 $Count2 +1;
echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />';
}
else
{
If ($Answer2 == null)
{
$Answer2 'No answer.';
}
$Count2 $Count2 +1;
echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />';
}
}
}
session_destroy();
}
}
?>
<?php include 'library/ending.php';?>

Fou-Lu 01-08-2013 06:00 PM
Is the \' coming from a string entered by the user on a form, or from the selection called on the database?
Also, do you have a formatted version of this? Its pretty hard to follow when there's no indentation :P

kochier 01-08-2013 06:09 PM
The \' Is coming from the radio button after it is chosen. It will display as ' in the question page, and when I call the database to check the answer it displays as '. The question page displays fine, but when I click "calculate results" when it displays the results page it gets switched over to the \' so the check doesn't work as they are now different strings.

Sorry no better formatted version than this one.

Fou-Lu 01-08-2013 06:25 PM
This is caused by an ini directive called magic_quotes_gpc. It was one of the worst ideas they ever came up with, and fortunately the functionality is now gone as of 5.4.0.
Still, until you program specifically for the 5.4+, you must take care to remove them. If the post is simple, you can cheat it by simply mapping the array instead of walking it (if you were making a larger system, I'd suggest walking all the globals instead).
PHP Code:
if (ini_get('magic_quotes_gpc'))
{
    $_POST array_map('stripslashes'$_POST);
Here's a formatted version with the above added:
PHP Code:

<?php
session_start();
include 'library/beginning.php';?>
<p>This is a quiz I created to help me study for my Red Seal exam.
Please use it to help study, if you see any errors or questions you
would like to have added please <a href="contact.php">contact</a> me.</p>
<?php
if(isset($_POST['number']))
{
    if (ini_get('magic_quotes_gpc'))
    {
        $_POST array_map('stripslashes'$_POST);
    }
    $Number $_POST['Quest_numb'];
    $Number preg_replace("/[^0-9]/"""$Number);
    if ($Number == '0' or $Number == NULL)
    {
        $Number 1;
    }
    mysql_select_db('cquiz') or die('Cannot select database');
    $result mysql_query("SELECT ID FROM culexam");
    $total mysql_num_rows($result);
    if ($total $Number)
    {
        $Number $total;
    }
    $Count 0;
    $result2 mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error());
    while($row mysql_fetch_array($result2)){
        $Count $Count +1;
        $Question $row['Question'];
        $ID $row['ID'];
        $ID_array[] = $ID;
        $_SESSION['ID'] = $ID_array;
        echo '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />';
        $result3 mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error());
        while($row mysql_fetch_array($result3)){
            $A1 $row['A1'];
            $A2 $row['A2'];
            $A3 $row['A3'];
            $A4 $row['A4'];
            $A5 $row['A5'];
            $array = array($A1$A2$A3$A4$A5);
            shuffle($array);
            foreach ($array as $answers) {
                if ($answers == null)
                {
                }
                else
                {
                    $Action $_SERVER['PHP_SELF'];
                    echo '<form method = "post" action = "'$Action .'">';
                    echo '<input type="radio" value="' .$answers .'" name="' .$ID .'">'$answers .'<br />';
                }
            }
        }
    }
    echo '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>';
}
else
{
    $Action $_SERVER['PHP_SELF'];
    echo '<form method = "post" action = "'$Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>';
    if(isset($_POST['quiz_results']))
    {
        $ID_array $_SESSION['ID'];
        $Score 0;
        $Count 0;
        foreach ($ID_array as $ID) {
            $Answer $_POST[$ID];
            mysql_select_db('cquiz') or die('Cannot select database');
            $result4 mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error());
            while($row mysql_fetch_array($result4)){
                $Count $Count +1;
                $Correct_answer $row['A1'];
                if ($Answer == $Correct_answer)
                {
                    $Score $Score +1;
                }
                else
                {
                }
            }
        }
        $Score $Score $Count 100;
        $Score =round($Score,2);
        echo 'You scored <strong>' $Score .'%</strong>.';
        if ($Score 70)
        {
            echo ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />';
        }
        else
        {
            echo ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />';
        }
        $Count2 0;
        foreach ($ID_array as $ID2) {
            $Answer2 $_POST[$ID2];
            $result5 mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error());
            while($row mysql_fetch_array($result5)){
                $Correct_answer2 $row['A1'];
                $Question $row['Question'];
                if ($Answer2 == $Correct_answer2)
                {
                    $Count2 $Count2 +1;
                    echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />';
                }
                else
                {
                    If ($Answer2 == null)
                    {
                        $Answer2 'No answer.';
                    }
                    $Count2 $Count2 +1;
                    echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />';
                }
            }
        }
        session_destroy();
    }
}
?>
<?php include 'library/ending.php';?>
I haven't gone through all of this, but there appears to be some issues with security for sure. If its just for yourself on a local network, I'd say don't worry too much about them; if its in a public domain, you'll definitely want to fix that. It can be cleaned up a bit as well and compacted on the queries and whatnots, but I'd suggest you're more interested in getting it to work for your culinary exams.

kochier 01-08-2013 06:43 PM
Hmm I threw in the changes you mentioned and it's still giving me:

Quote:
581. Which of the following knives is used to turn vegetables?
Your answer was: Bird\'s beak knife
That is incorrect.
The correct answer is: Bird's beak knife
I thought I had magic quotes turned off as well (it's a setting with my host). What did you use to format it so nicely, is there something you use to indent your code?

Fou-Lu 01-08-2013 07:16 PM
I used eclipse to format it. It's different than I like, but it doesn't seem to be capable of linefeeding the braces in the PHP editor. Not sure why; pretty sure it does that with the java editor.

I think I'm confused by exactly what the branches are doing here. No matter, remove the if branch for the magic quotes completely, and above the isset($_POST['number']) check simply do it there:
PHP Code:
if (ini_get('magic_quotes_gpc'))
{
    $_POST array_map('stripslashes'$_POST);
}
if (isset($_POST['number'])) 

AndrewGSW 01-08-2013 07:31 PM
If it is useful I use the following code, which handles post-arrays:

PHP Code:
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key$val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);

It's not mine; I borrowed it from the internet :)

kochier 01-09-2013 04:54 AM
Hmm well I've come to understand what you're telling me. Is it's basically just taking the backslash out when magic quotes are present? So basically I'd be comparing ' to &#039 which still wouldn't match. But now without the backslash I can use preg_replace to change ' to '. I still don't understand why this is an issue if I have PHP 5.2 with magic quotes off selected, shouldn't they be off then? Maybe something to take up with my host? Also why does POST change ' to '?


EDIT: I also tried switching to PHP 5.4 to fix the problem. It was still turning the &#039 to ', I figure this has something to do with post? Only thing I noticed with the change was it took away the backslash that occurred. As it caused errors in other pages I reverted back for now, but will upgrade as soon as I get a chance.

Fou-Lu 01-09-2013 01:21 PM
No you want to make sure you are comparing ' to '. When you take input from a form with magic_quotes_gpc enabled, this escapes the ' to become \'. You stripslash it so it removes the escape from the string. Since PHP isn't sensitive to using the addslashes (implicitly from the magic_quotes) and the mysql_real_escape_string, it would definitely corrupt the data when inserting to a database. Likewise, since you are not comparing using the SQL query itself, you need to make sure the state of the apostrophe is the same in both the input string and the retrieved string.

If you are seeing ' I'd suspect that is coming from your storage where htmlentities were used to convert it. Don't convert with htmlentities before storage; use it after selection instead. That said, assuming it is also the case the htmlentities can be used on the input string (using the ENT_QUOTES as the second parameter) to compare the two.


All times are GMT +1. The time now is 09:00 PM.

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.