CodingForums.com - View Single Post - Resolved Quiz Answer Help: Apostrophe Issue

Fou-Lu · 01-08-2013, 06:25 PM

This is caused by an ini directive called magic_quotes_gpc. It was one of the worst ideas they ever came up with, and fortunately the functionality is now gone as of 5.4.0.
Still, until you program specifically for the 5.4+, you must take care to remove them. If the post is simple, you can cheat it by simply mapping the array instead of walking it (if you were making a larger system, I'd suggest walking all the globals instead).

PHP Code:


			
if (ini_get('magic_quotes_gpc'))
{
    $_POST = array_map('stripslashes', $_POST);
}

Here's a formatted version with the above added:

PHP Code:


			

<?php
session_start();
include 'library/beginning.php';?>
<p>This is a quiz I created to help me study for my Red Seal exam.
Please use it to help study, if you see any errors or questions you
would like to have added please <a href="contact.php">contact</a> me.</p>
<?php
if(isset($_POST['number']))
{
    if (ini_get('magic_quotes_gpc'))
    {
        $_POST = array_map('stripslashes', $_POST);
    }
    $Number = $_POST['Quest_numb'];
    $Number = preg_replace("/[^0-9]/", "", $Number);
    if ($Number == '0' or $Number == NULL)
    {
        $Number = 1;
    }
    mysql_select_db('cquiz') or die('Cannot select database');
    $result = mysql_query("SELECT ID FROM culexam");
    $total = mysql_num_rows($result);
    if ($total < $Number)
    {
        $Number = $total;
    }
    $Count = 0;
    $result2 = mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error());
    while($row = mysql_fetch_array($result2)){
        $Count = $Count +1;
        $Question = $row['Question'];
        $ID = $row['ID'];
        $ID_array[] = $ID;
        $_SESSION['ID'] = $ID_array;
        echo '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />';
        $result3 = mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error());
        while($row = mysql_fetch_array($result3)){
            $A1 = $row['A1'];
            $A2 = $row['A2'];
            $A3 = $row['A3'];
            $A4 = $row['A4'];
            $A5 = $row['A5'];
            $array = array($A1, $A2, $A3, $A4, $A5);
            shuffle($array);
            foreach ($array as $answers) {
                if ($answers == null)
                {
                }
                else
                {
                    $Action = $_SERVER['PHP_SELF'];
                    echo '<form method = "post" action = "'. $Action .'">';
                    echo '<input type="radio" value="' .$answers .'" name="' .$ID .'">'. $answers .'<br />';
                }
            }
        }
    }
    echo '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>';
}
else
{
    $Action = $_SERVER['PHP_SELF'];
    echo '<form method = "post" action = "'. $Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>';
    if(isset($_POST['quiz_results']))
    {
        $ID_array = $_SESSION['ID'];
        $Score = 0;
        $Count = 0;
        foreach ($ID_array as $ID) {
            $Answer = $_POST[$ID];
            mysql_select_db('cquiz') or die('Cannot select database');
            $result4 = mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error());
            while($row = mysql_fetch_array($result4)){
                $Count = $Count +1;
                $Correct_answer = $row['A1'];
                if ($Answer == $Correct_answer)
                {
                    $Score = $Score +1;
                }
                else
                {
                }
            }
        }
        $Score = $Score / $Count * 100;
        $Score =round($Score,2);
        echo 'You scored <strong>' . $Score .'%</strong>.';
        if ($Score < 70)
        {
            echo ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />';
        }
        else
        {
            echo ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />';
        }
        $Count2 = 0;
        foreach ($ID_array as $ID2) {
            $Answer2 = $_POST[$ID2];
            $result5 = mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error());
            while($row = mysql_fetch_array($result5)){
                $Correct_answer2 = $row['A1'];
                $Question = $row['Question'];
                if ($Answer2 == $Correct_answer2)
                {
                    $Count2 = $Count2 +1;
                    echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />';
                }
                else
                {
                    If ($Answer2 == null)
                    {
                        $Answer2 = 'No answer.';
                    }
                    $Count2 = $Count2 +1;
                    echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />';
                }
            }
        }
        session_destroy();
    }
}
?>
<?php include 'library/ending.php';?>

I haven't gone through all of this, but there appears to be some issues with security for sure. If its just for yourself on a local network, I'd say don't worry too much about them; if its in a public domain, you'll definitely want to fix that. It can be cleaned up a bit as well and compacted on the queries and whatnots, but I'd suggest you're more interested in getting it to work for your culinary exams.

01-08-2013, 06:25 PM	PM User \| #4
Fou-Lu God Emperor Join Date: Sep 2002 Location: Saskatoon, Saskatchewan Posts: 15,635 Thanks: 4 Thanked 2,448 Times in 2,417 Posts	This is caused by an ini directive called magic_quotes_gpc. It was one of the worst ideas they ever came up with, and fortunately the functionality is now gone as of 5.4.0. Still, until you program specifically for the 5.4+, you must take care to remove them. If the post is simple, you can cheat it by simply mapping the array instead of walking it (if you were making a larger system, I'd suggest walking all the globals instead). PHP Code: `if (ini_get('magic_quotes_gpc')) { $_POST = array_map('stripslashes', $_POST); }` Here's a formatted version with the above added: PHP Code: <?php session_start(); include 'library/beginning.php';?> <p>This is a quiz I created to help me study for my Red Seal exam. Please use it to help study, if you see any errors or questions you would like to have added please <a href="contact.php">contact</a> me.</p> <?php if(isset($_POST['number'])) { if (ini_get('magic_quotes_gpc')) { $_POST = array_map('stripslashes', $_POST); } $Number = $_POST['Quest_numb']; $Number = preg_replace("/[^0-9]/", "", $Number); if ($Number == '0' or $Number == NULL) { $Number = 1; } mysql_select_db('cquiz') or die('Cannot select database'); $result = mysql_query("SELECT ID FROM culexam"); $total = mysql_num_rows($result); if ($total < $Number) { $Number = $total; } $Count = 0; $result2 = mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error()); while($row = mysql_fetch_array($result2)){ $Count = $Count +1; $Question = $row['Question']; $ID = $row['ID']; $ID_array[] = $ID; $_SESSION['ID'] = $ID_array; echo '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />'; $result3 = mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error()); while($row = mysql_fetch_array($result3)){ $A1 = $row['A1']; $A2 = $row['A2']; $A3 = $row['A3']; $A4 = $row['A4']; $A5 = $row['A5']; $array = array($A1, $A2, $A3, $A4, $A5); shuffle($array); foreach ($array as $answers) { if ($answers == null) { } else { $Action = $_SERVER['PHP_SELF']; echo '<form method = "post" action = "'. $Action .'">'; echo '<input type="radio" value="' .$answers .'" name="' .$ID .'">'. $answers .'<br />'; } } } } echo '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>'; } else { $Action = $_SERVER['PHP_SELF']; echo '<form method = "post" action = "'. $Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>'; if(isset($_POST['quiz_results'])) { $ID_array = $_SESSION['ID']; $Score = 0; $Count = 0; foreach ($ID_array as $ID) { $Answer = $_POST[$ID]; mysql_select_db('cquiz') or die('Cannot select database'); $result4 = mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error()); while($row = mysql_fetch_array($result4)){ $Count = $Count +1; $Correct_answer = $row['A1']; if ($Answer == $Correct_answer) { $Score = $Score +1; } else { } } } $Score = $Score / $Count * 100; $Score =round($Score,2); echo 'You scored <strong>' . $Score .'%</strong>.'; if ($Score < 70) { echo ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />'; } else { echo ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />'; } $Count2 = 0; foreach ($ID_array as $ID2) { $Answer2 = $_POST[$ID2]; $result5 = mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error()); while($row = mysql_fetch_array($result5)){ $Correct_answer2 = $row['A1']; $Question = $row['Question']; if ($Answer2 == $Correct_answer2) { $Count2 = $Count2 +1; echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />'; } else { If ($Answer2 == null) { $Answer2 = 'No answer.'; } $Count2 = $Count2 +1; echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />'; } } } session_destroy(); } } ?> <?php include 'library/ending.php';?> I haven't gone through all of this, but there appears to be some issues with security for sure. If its just for yourself on a local network, I'd say don't worry too much about them; if its in a public domain, you'll definitely want to fix that. It can be cleaned up a bit as well and compacted on the queries and whatnots, but I'd suggest you're more interested in getting it to work for your culinary exams.