I created a quiz to help me study for an exam I have coming up. It matches the answer with the correct answer to see if I got the answer right or not. This works for most of the questions, but if the answer has an ' in it it will display the answer as \' instead, and they will not match. I'm not sure why this is happening, though I think it's something pretty simple that I haven't noticed.
PHP Code:
<?php
session_start();
include 'library/beginning.php';?>
<p>This is a quiz I created to help me study for my Red Seal exam. Please use it to help study, if you see any errors or questions you would like to have added please <a href ="contact.php">contact</a> me.</p>
<?php
if(isset($_POST['number']))
{
$Number = $_POST['Quest_numb'];
$Number = preg_replace("/[^0-9]/", "", $Number);
if ($Number == '0' or $Number == NULL)
{
$Number = 1;
}
mysql_select_db('cquiz') or die('Cannot select database');
$result = mysql_query("SELECT ID FROM culexam");
$total = mysql_num_rows($result);
if ($total < $Number)
{
$Number = $total;
}
$Count = 0;
$result2 = mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error());
while($row = mysql_fetch_array($result2)){
$Count = $Count +1;
$Question = $row['Question'];
$ID = $row['ID'];
$ID_array[] = $ID;
$_SESSION['ID'] = $ID_array;
echo '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />';
$result3 = mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error());
while($row = mysql_fetch_array($result3)){
$A1 = $row['A1'];
$A2 = $row['A2'];
$A3 = $row['A3'];
$A4 = $row['A4'];
$A5 = $row['A5'];
$array = array($A1, $A2, $A3, $A4, $A5);
shuffle($array);
foreach ($array as $answers) {
if ($answers == null)
{
}
else
{
$Action = $_SERVER['PHP_SELF'];
echo '<form method = "post" action = "'. $Action .'">';
echo '<input type="radio" value="' .$answers .'" name="' .$ID .'">'. $answers .'<br />';
}
}
}
}
echo '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>';
}
else
{
$Action = $_SERVER['PHP_SELF'];
echo '<form method = "post" action = "'. $Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>';
if(isset($_POST['quiz_results']))
{
$ID_array = $_SESSION['ID'];
$Score = 0;
$Count = 0;
foreach ($ID_array as $ID) {
$Answer = $_POST[$ID];
mysql_select_db('cquiz') or die('Cannot select database');
$result4 = mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error());
while($row = mysql_fetch_array($result4)){
$Count = $Count +1;
$Correct_answer = $row['A1'];
if ($Answer == $Correct_answer)
{
$Score = $Score +1;
}
else
{
}
}
}
$Score = $Score / $Count * 100;
$Score =round($Score,2);
echo 'You scored <strong>' . $Score .'%</strong>.';
if ($Score < 70)
{
echo ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />';
}
else
{
echo ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />';
}
$Count2 = 0;
foreach ($ID_array as $ID2) {
$Answer2 = $_POST[$ID2];
$result5 = mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error());
while($row = mysql_fetch_array($result5)){
$Correct_answer2 = $row['A1'];
$Question = $row['Question'];
if ($Answer2 == $Correct_answer2)
{
$Count2 = $Count2 +1;
echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />';
}
else
{
If ($Answer2 == null)
{
$Answer2 = 'No answer.';
}
$Count2 = $Count2 +1;
echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />';
}
}
}
session_destroy();
}
}
?>
<?php include 'library/ending.php';?>
Is the \' coming from a string entered by the user on a form, or from the selection called on the database?
Also, do you have a formatted version of this? Its pretty hard to follow when there's no indentation :P
The \' Is coming from the radio button after it is chosen. It will display as ' in the question page, and when I call the database to check the answer it displays as '. The question page displays fine, but when I click "calculate results" when it displays the results page it gets switched over to the \' so the check doesn't work as they are now different strings.
This is caused by an ini directive called magic_quotes_gpc. It was one of the worst ideas they ever came up with, and fortunately the functionality is now gone as of 5.4.0.
Still, until you program specifically for the 5.4+, you must take care to remove them. If the post is simple, you can cheat it by simply mapping the array instead of walking it (if you were making a larger system, I'd suggest walking all the globals instead).
PHP Code:
if (ini_get('magic_quotes_gpc')) { $_POST = array_map('stripslashes', $_POST); }
Here's a formatted version with the above added:
PHP Code:
<?php session_start(); include 'library/beginning.php';?> <p>This is a quiz I created to help me study for my Red Seal exam. Please use it to help study, if you see any errors or questions you would like to have added please <a href="contact.php">contact</a> me.</p> <?php if(isset($_POST['number'])) { if (ini_get('magic_quotes_gpc')) { $_POST = array_map('stripslashes', $_POST); } $Number = $_POST['Quest_numb']; $Number = preg_replace("/[^0-9]/", "", $Number); if ($Number == '0' or $Number == NULL) { $Number = 1; } mysql_select_db('cquiz') or die('Cannot select database'); $result = mysql_query("SELECT ID FROM culexam"); $total = mysql_num_rows($result); if ($total < $Number) { $Number = $total; } $Count = 0; $result2 = mysql_query("SELECT ID, Question FROM culexam ORDER BY RAND() Limit $Number") or die(mysql_error()); while($row = mysql_fetch_array($result2)){ $Count = $Count +1; $Question = $row['Question']; $ID = $row['ID']; $ID_array[] = $ID; $_SESSION['ID'] = $ID_array; echo '<br /><strong>' .$Count .'. ' .$Question .'</strong><br />'; $result3 = mysql_query("SELECT A1, A2, A3, A4, A5 FROM culexam Where ID = $ID") or die(mysql_error()); while($row = mysql_fetch_array($result3)){ $A1 = $row['A1']; $A2 = $row['A2']; $A3 = $row['A3']; $A4 = $row['A4']; $A5 = $row['A5']; $array = array($A1, $A2, $A3, $A4, $A5); shuffle($array); foreach ($array as $answers) { if ($answers == null) { } else { $Action = $_SERVER['PHP_SELF']; echo '<form method = "post" action = "'. $Action .'">'; echo '<input type="radio" value="' .$answers .'" name="' .$ID .'">'. $answers .'<br />'; } } } } echo '<br /><input name ="quiz_results" type ="submit" value="Calculate Results" /></form>'; } else { $Action = $_SERVER['PHP_SELF']; echo '<form method = "post" action = "'. $Action .'"><p>Please select the number of questions you would like to begin a new quiz:<input type ="text" name="Quest_numb" size="5" /><input name ="number" type ="submit" value="Start" /><br /></p></form>'; if(isset($_POST['quiz_results'])) { $ID_array = $_SESSION['ID']; $Score = 0; $Count = 0; foreach ($ID_array as $ID) { $Answer = $_POST[$ID]; mysql_select_db('cquiz') or die('Cannot select database'); $result4 = mysql_query("SELECT A1 FROM culexam Where ID = $ID") or die(mysql_error()); while($row = mysql_fetch_array($result4)){ $Count = $Count +1; $Correct_answer = $row['A1']; if ($Answer == $Correct_answer) { $Score = $Score +1; } else { } } } $Score = $Score / $Count * 100; $Score =round($Score,2); echo 'You scored <strong>' . $Score .'%</strong>.'; if ($Score < 70) { echo ' If this was a real Red Seal Exam you would have failed. Sorry, please try again and study more.<br /><br />'; } else { echo ' Congratulations! If this was a real Red Seal Exam you would have passed. Good luck on the real thing!<br /><br />'; } $Count2 = 0; foreach ($ID_array as $ID2) { $Answer2 = $_POST[$ID2]; $result5 = mysql_query("SELECT A1, Question FROM culexam Where ID = $ID2") or die(mysql_error()); while($row = mysql_fetch_array($result5)){ $Correct_answer2 = $row['A1']; $Question = $row['Question']; if ($Answer2 == $Correct_answer2) { $Count2 = $Count2 +1; echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="lime">correct.</strong></font><br /><br />'; } else { If ($Answer2 == null) { $Answer2 = 'No answer.'; } $Count2 = $Count2 +1; echo '<strong>' .$Count2 .'. ' .$Question .'</strong><br /> Your answer was: ' .$Answer2 .'<br />That is <strong><FONT COLOR="red">incorrect.</strong></font><br />The correct answer is: ' .$Correct_answer2 .'<br /><br />'; } } } session_destroy(); } } ?> <?php include 'library/ending.php';?>
I haven't gone through all of this, but there appears to be some issues with security for sure. If its just for yourself on a local network, I'd say don't worry too much about them; if its in a public domain, you'll definitely want to fix that. It can be cleaned up a bit as well and compacted on the queries and whatnots, but I'd suggest you're more interested in getting it to work for your culinary exams.
Hmm I threw in the changes you mentioned and it's still giving me:
Quote:
581. Which of the following knives is used to turn vegetables?
Your answer was: Bird\'s beak knife
That is incorrect.
The correct answer is: Bird's beak knife
I thought I had magic quotes turned off as well (it's a setting with my host). What did you use to format it so nicely, is there something you use to indent your code?
I used eclipse to format it. It's different than I like, but it doesn't seem to be capable of linefeeding the braces in the PHP editor. Not sure why; pretty sure it does that with the java editor.
I think I'm confused by exactly what the branches are doing here. No matter, remove the if branch for the magic quotes completely, and above the isset($_POST['number']) check simply do it there:
PHP Code:
if (ini_get('magic_quotes_gpc')) { $_POST = array_map('stripslashes', $_POST); } if (isset($_POST['number']))
__________________
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
Validate your HTML and CSS
Hmm well I've come to understand what you're telling me. Is it's basically just taking the backslash out when magic quotes are present? So basically I'd be comparing ' to ' which still wouldn't match. But now without the backslash I can use preg_replace to change ' to '. I still don't understand why this is an issue if I have PHP 5.2 with magic quotes off selected, shouldn't they be off then? Maybe something to take up with my host? Also why does POST change ' to '?
EDIT: I also tried switching to PHP 5.4 to fix the problem. It was still turning the ' to ', I figure this has something to do with post? Only thing I noticed with the change was it took away the backslash that occurred. As it caused errors in other pages I reverted back for now, but will upgrade as soon as I get a chance.
No you want to make sure you are comparing ' to '. When you take input from a form with magic_quotes_gpc enabled, this escapes the ' to become \'. You stripslash it so it removes the escape from the string. Since PHP isn't sensitive to using the addslashes (implicitly from the magic_quotes) and the mysql_real_escape_string, it would definitely corrupt the data when inserting to a database. Likewise, since you are not comparing using the SQL query itself, you need to make sure the state of the apostrophe is the same in both the input string and the retrieved string.
If you are seeing ' I'd suspect that is coming from your storage where htmlentities were used to convert it. Don't convert with htmlentities before storage; use it after selection instead. That said, assuming it is also the case the htmlentities can be used on the input string (using the ENT_QUOTES as the second parameter) to compare the two.
Before you post, read our: 
