1

I'm using this code for my questionnaire, how can I prevent them from inserting their answers/post? If they did not yet clicked all the radio buttons, that is given within the system which is the questions? And how to add an error message besides the question?

Questionnaire Picture1

Questionnaire Picture2 
if(isset($_POST['question']))
{
    $AddQuery = "INSERT INTO tblevaluate (evaluateid,professorid,professorname,studentid,course,section,subjectid,subjectname) VALUES ('','$server_professorid','$server_name',' $username','$course','$section','$server_subjectid','$server_subject')";
    mysql_query($AddQuery, $connect);
    $id = mysql_insert_id();

    foreach($_POST['question'] as $questionId => $answer)
    {
        $AddQuery = "INSERT INTO tblanswer (answervalue,evaluateid,professorid,professorname,studentid,course,section,subjectid,subjectname) VALUES ($answer,$id,$server_professorid,'$server_name',$username,'$course','$section',$server_subjectid,'$server_subject')";
        mysql_query($AddQuery, $connect);
        header('Location: evaluate.php');
    }
}

while($row = mysql_fetch_array($result))
{

    echo "<br>";
    echo "<strong>" . $row["questionno"] . ".</strong> " . $row["question"] . "";
    echo "<br>";
    echo "<input type = radio name = 'question[". $row ["questionid"] . "]'  value = '5'/><label>5</label>";
    echo "<input type = radio name = 'question[". $row ["questionid"] . "]'  value = '4'/><label>4</label>";
    echo "<input type = radio name = 'question[". $row ["questionid"] . "]'  value = '3'/><label>3</label>";
    echo "<input type = radio name = 'question[". $row ["questionid"] . "]'  value = '2'/><label>2</label>";
    echo "<input type = radio name = 'question[". $row ["questionid"] . "]' value = '1'/><label>1</label>";
    echo "<br>";
    echo "<hr size = 5 color = black noshade >";
}
Prix
  • 19,417
  • 15
  • 73
  • 132
Raniel Quirante
  • 315
  • 2
  • 15
  • [Make the radio groups required](http://stackoverflow.com/questions/8287779/html5-how-to-use-the-required-attribute-with-a-radio-input-field) is the simplest way to prevent form submission. To be 'truly safe' you'd also need to ensure that all the values are set to allowable values on the server, but *meh* - not really any point even talking about that when there is *Blatant SQL Injection* vulnerabilities. Also, your tables are poorly normalized. – user2864740 Jan 25 '16 at 03:39
  • Use javascript to verify whether radio buttons are set on submitting the form. – r2_d2 Jan 25 '16 at 03:41
  • @user2864740 yes, it is poorly normalized because I'm using phpmyadmin as a database. I'm going to review the link that you gave me. – Raniel Quirante Jan 25 '16 at 03:45
  • @r2_d3 I'll take a look on it, thanks. – Raniel Quirante Jan 25 '16 at 03:45
  • @user2864740 MAN, THANKS A LOT, IT WORKS PERFECTLY FINE! :) Thanks be to God for your patience on answering this question, May God Bless you! – Raniel Quirante Jan 25 '16 at 03:49

1 Answers1

1

The Answer came from user2864740

Make the radio groups required is the simplest way to prevent form submission. To be 'truly safe' you'd also need to ensure that all the values are set to allowable values on the server, but meh - not really any point even talking about that when there is Blatant SQL Injection vulnerabilities. Also, your tables are poorly normalized. – user2864740

Community
  • 1
  • 1
Raniel Quirante
  • 315
  • 2
  • 15