-2

Every Thing is working fine for my online quiz system but page of uploading questions is not working as it should be working.

The user is restricted to add 20 questions at a time if the limit exceeds, a message will prompted and he will be redirected to his account.

This is the form which will allow the user to input his question, four options and a correct option.

<html>
<body>
<form action="be_uploadquiz.php" method="post">
<table><tr><td>Enter Question Here</td>
<td>
<input name="question" type="text" maxlength="100" /></td></tr>
<tr><td>Enter First Option</td>
<td>
<input name="opt1" type="text" maxlength="100" /></td></tr>
<tr><td>Enter Second Option</td><td>
<input name="opt2" type="text" maxlength="100" /></td></tr>
<tr><td>Enter Third Option</td>
<td>
<input name="opt3" type="text" maxlength="30" /></td></tr>
<tr><td>Enter Fourth Option</td>
<td>
<input name="opt4" type="text" maxlength="30" /></td></tr>
<tr><td>Select The Correct Option</td>
<td>
<select name="woptcode">
<option>A</option>
<option>B</option>
<option>C</option>
<option>D</option>
</select>
</td></tr>
<tr><td>
<input name="submit" type="submit" value="Next" />
</td></tr></table></form>
</body>
</html>

Here is the uploadquiz.php file which inserts the questions

    <?php
session_start();
$link = mysql_connect("localhost","root","");
mysql_select_db("quiz",$link);
$question = $_POST['question'];
$opt1 = $_POST['opt1'];
$opt2 = $_POST['opt2'];
$opt3 = $_POST['opt3'];
$opt4 = $_POST['opt4'];
$woptcode = $_POST['woptcode'];
if ( isset( $_POST['submit'] ) ) {
    $sql = "INSERT INTO be_quiz (question,opt1,opt2,opt3,opt4,woptcode) VALUES ('$question', '$opt1','$opt2','$opt3','$opt4','$woptcode')";
    $i++;
 header('Location:be_uploadquiz.html');
if($i==20)
{
    header('Location:message.html');
}
}
session_destroy();
if(!mysql_query($sql))
{
    die('Error:'.mysql_error());
}

mysql_close();
?>

I want the user to redirect again to uploadquiz.html if the limit is not reached and to a file message.html if the maximum limit (i.e 20 questions have been reached) is reached and then to his account. this is not working need help.

Asim Haider
  • 25
  • 1
  • 1
  • 8
  • nowhere do you set a value for `$i`, nowhere do you have a loop, nowhere do you persist the value of `$i` between separate post operations, and you're vulnerable to [sql injection attacks](http://bobby-tables.com). – Marc B Nov 19 '15 at 20:27
  • @developerwjk: why? don't need php for a simple form... – Marc B Nov 19 '15 at 20:27
  • You need to read the number of questions already in the database from the database. The value of `$i` is not retained but thrown away when the page is done executing. So the `$i` just starts over with the next upload. (You could use session, but if someone is adding questions at different times, that won't actually work.) – developerwjk Nov 19 '15 at 20:29
  • You don't store the owner of the question? Does the 20-limit apply per connected user, or for the overall question count? When should the limit reset again? Or is it permanent? – trincot Nov 19 '15 at 20:37
  • Did you notice this in the related questions sidebar? http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?rq=1 How about this one? http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 This is important stuff. – miken32 Nov 19 '15 at 20:42
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 19 '15 at 20:42
  • 1
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Nov 19 '15 at 20:43

1 Answers1

1

Your variable $i is not maintained across navigation. You could use a session variable for that, like this:

start_session();
if (!isset($_SESSION["counter"])) {
    $_SESSION["counter"] = 0;
}

Then use $_SESSION["counter"] instead of $i;

$_SESSION["counter"]++

Don't destroy the session, or you will not retain this value. So delete this line:

destroy_session();

If you want to make sure sessions are destroyed after a certain time of inactivity (also resetting the counter for that user), then read here how you can do that.

Now there is still an issue: your check on the 20-limit happens too late and would not stop the user from continuing to submit. You should put that test before the actual insert and increment happens.

Community
  • 1
  • 1
trincot
  • 317,000
  • 35
  • 244
  • 286
  • You're welcome. You may want to accept the answer :-) – trincot Nov 20 '15 at 12:12
  • i tried this code but is working for once and then when i ran it for the second time it didnt work and the uploading goes on any help – Asim Haider Nov 20 '15 at 15:34
  • Can you edit your question and add "EDIT: I adapted the code to this: " and then add your code as it looks now, and that it still has an issue. I will have a look at it then. – trincot Nov 20 '15 at 15:46
  • i had resolved that issue but i am having problem in the script of attempting tests which will be selecting the data from the same table and showing it to the students i am unable to count the number of times the student had checked the correct option or not. if yes then increment some variable to show the result at the end. – Asim Haider Nov 21 '15 at 06:57
  • Your follow-up question is a bit of topic. What you need to do is to include in your `insert` statement the `id` of the student. But this also requires that students log in to your application, that you have their username, full name, and possibly some other info, like class, and that you have password management. Please look in that subject, and then ask a new question, as it goes beyond the scope of your original question. If you want me to look at it, you can also post the link to your new question here, and I will certainly have a look. – trincot Nov 21 '15 at 07:57
  • I know, and my suggestion is that you do. – trincot Nov 21 '15 at 08:56