0

I am trying to pull a random question from one of my tables and display it in HTML. The point is to have the user put in their info in a form, answer the random question that appears, and submit the form that will store the users info along with the question they were asked and their answer. I can't seem to get the question to show up in my HTML and I'm not sure how to fix this. Still new to mySQL.

Code:

<?php

define('DB_NAME', 'db');
define('DB_USER', 'admin');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
    die('Could not connect: ' . mysql_error());
}

mysql_select_db('db', $link);

$db_selected = mysql_query("SELECT Question FROM QuestionDB ORDER BY RAND() LIMIT 1");

if (!$db_selected) {
    die('Cant use ' . DB_NAME . ': ' . mysql_error());
}

  if(isSet($_POST['submit'])) {

     $fname = $row['f_name'];
     $lname = $row['l_name'];
     $email = $row['email'];
     $question = $row['question'];
     $answer = $row['answer'];

$sql = "INSERT INTO StudentDB VALUE ( NULL,'$fname','$lname','$email','$question','$answer')";

if (!mysql_query($sql)) {
    die('Error: ' . mysql_error());
}

echo 'Thank you, your information has been sent';
}
else{
echo'

<!DOCTYPE HTML>
<html lang="en">

<head>

</head>

<body>


<form id = "myForm" method="POST">

<div class="col-sm-6" >
<h5><b>First Name: </b><br/><input type="text" name="f_name" size="70"  required></h5>  <br/>
<h5><b> Last Name: </b><br/><input type="text" name="l_name" size="70"  required></h5>  <br/>
</div>
<div class="col-sm-6" >
<h5><b>Email: </b><br/><input type="text" name="email" required></h5><br/>
</div>

<div class="col-sm-12" >
<br/><br/> Question:   ' .$row["Question"]. '
</div>


<div class="col-sm-12" >
<br/><br/>
<h3><b>Answer:</b></h3>
    <textarea maxlength="500" name="comment" id="comment"></textarea><br/>
    </div>

<div class="col-sm-6" >
<input type="submit" name="submit" value="Submit">
</div>
</form>

</body>
</html>';
}
?>
Ken
  • 63
  • 13
  • 1
    Please dont use [the `mysql_` database extension](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), it is deprecated (gone for ever in PHP7) Specially if you are just learning PHP, spend your energies learning the `PDO` database extensions. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly May 09 '16 at 20:20
  • 1
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) – RiggsFolly May 09 '16 at 20:20
  • 1
    May be you need to fetch something into something? – mustaccio May 09 '16 at 20:21
  • Just running a mysql_query() does not magically fill a `$row` variable – RiggsFolly May 09 '16 at 20:23
  • 1
    When the user submits data from the page it will be returned to the script in `$_POST` array variables, not in `$row` variables. **Suggest you sit down and read what you have written and sanity check it** – RiggsFolly May 09 '16 at 20:24
  • Thanks for the input. Most tutorial I've seen online still use mysqli_ and from what I understand that too is deprecated and i was told to us simply mysql_. – Ken May 09 '16 at 20:31
  • @Ken What tutorial said MySQLi is deprecated and to use MySQL? This tutorial needs removing as that's SQL injection waiting to happen on many sites... – Matt May 09 '16 at 20:39
  • My mistake, I just checked my notes and I had them mixed up. Thank you for clearing that up, I was going to continue using mysql_ but ill switch to mysqli_. – Ken May 09 '16 at 20:52

1 Answers1

1

On a side note running ORDER BY RAND() is not a good idea. It works to generate a random result, but it adds a lot of overhead which translates into long load times. If you start getting past 100 records you can see this really slow down MySQL queries and lead to long time to first byte wait times by the server. See here: http://www.titov.net/2005/09/21/do-not-use-order-by-rand-or-how-to-get-random-rows-from-table/

Smauel
  • 26
  • 1