-1

I am getting ready with a tutorial website, in which th user takes up quiz and the answer will be stored in database. When the admin enters user's name or id, user's mark has to be fetched from database and displayed in a bar graph. The following code is the graph, "25" is the variable and that has to be fetched from db. 

<section id="wrapper">
<ul id="chart">
    <li title="25" class="orange">
        <span class="bar"></span>
        <span class="percent"></span>
    </li>
    </ul>
</section>

and this is the condition which i've used in my php.

if ($name==NULL)
    echo"Please enter a name";
else{
    $mark = mysql_query("SELECT mark FROM lms.login WHERE name='$name'");
    $mark_num_rows = mysql_num_rows($mark);

if($mark_num_rows==0)
    echo "Name does not exist!";
else{
    $mark=mysql_result($mark,0);
    echo"$name's mark is $mark";
    }
}

the result for this code is "Franklin's mark is 50". i want this mark to be used in that class. Like this, i hav lot of marks that has to be displayed. Please help! thanks in advance!

Franklin Vaz
  • 19
  • 1
  • 2
  • 9
  • You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Apr 10 '13 at 13:27
  • what?? i cant get u....sorry....:( – Franklin Vaz Apr 10 '13 at 13:47

1 Answers1

0

If you want the value in the title attribute, try the following...

<li title="<?php echo htmlentities($mark); ?>" class="orange">

It's well worth you reading up on security too such as sql injection and cross site scripting (xss) to make sure your work is not compromised (see use of htmlentities).

user466764
  • 1,201
  • 7
  • 7