0

I've written the following code which records whether user submitted answers are correct. score_one is either 0 or 1 for getting the first question right, score_two is either 0 or 1 for getting the second question right and so on. totalScore is basically the sum of score_one to score_four

What I would like is that the totalScore value returned through PHP to my email address. My current HTML form has an email field and a name field. I have a PHP script which is successfully sending these field answers to my inbox. However I can't get the totalScore value to appear. The code below is what I'm using but I'm not an expert

<input type="text" id="score" value="" disabled />
<script>

    var score_one = 0;
    var score_two = 0;
    var score_three = 0;
    var score_four = 0;
    var totalScore = 0;

    function fsubmit(){
        var correctFirstAnswer = document.getElementById("price_three");
        var correctSecondAnswer = document.getElementById("price_six");
        var correctThirdAnswer = document.getElementById("price_seven");
        var correctFourthAnswer = document.getElementById("price_eleven");

        if (correctFirstAnswer.checked === true){
            score_one = 1;
        }

        if (correctSecondAnswer.checked === true){
            score_two = 1;
        }

        if (correctThirdAnswer.checked === true){
            score_three = 1;
        }

        if (correctFourthAnswer.checked === true){
            score_four = 1;
        }

        totalScore = score_one + score_two + score_three +score_four;
    }


    document.getElementById("score").value = totalScore;
</script>

My PHP code snippet is:

$email = $_POST['email'];
$name = $_POST['name'];
$score = $_POST['score'];

$body = <<<EOD
Name: $name <br>
Email: $email <br>
Score: $score <br>

A typical reply is: Name: Mr Bloggs Email: bloggs@bloggs.com Score:

I get no value at all in the Score: part - no zero or anything.

Can anyone help? I would be really grateful - I'm not an expert coder, just muddling through really.

user2840467
  • 801
  • 3
  • 10
  • 19
  • You're missing a closing `EOD` with a `;` on a new line after `Score: $score
    `. And do think about escaping your input values.     – Funk Forty Niner Nov 30 '13 at 21:25
  • Hi Fred, the closing EOD is on the next line - sry, I should have included that. How do I escape input values? – user2840467 Nov 30 '13 at 21:35
  • Have a look at this page on SO, there are many ways of doing this => http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Funk Forty Niner Nov 30 '13 at 21:40

2 Answers2

1

a disabled field will not be submitted (RFC term: successful).

In this example, the INPUT element is disabled. Therefore, it cannot receive user input nor will its value be submitted with the form. <INPUT disabled name="fred" value="stone">

Maslow
  • 18,464
  • 20
  • 106
  • 193
0

Please simply modify this, by adding name attribute for an input:

<input type="text" id="score" value="" disabled />

==>

<input type="text" id="score" name="score" value="" disabled />

Only named input's can be posted, id attribute only inputs are not passed to your processing PHP script.

jacouh
  • 8,473
  • 5
  • 32
  • 43