-3

querying is my problem to choose the correct answer . . . . please answer my problem

*

<?php
$sql = "SELECT * FROM questions_exam_tbl WHERE exam_id = '" . $_POST['subject'] . "'";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result)){
    if($row['test_num'] = $qnumber){
        echo '
        <h3>' . $row['test_num']. '. ' . $row['test_question'] . '</h1>
        <input type="radio" name="choiceA" value="' . $row['choice_A'] . '"> ' . $row['choice_A'] . '
        <input type="radio" name="choiceA" value="' . $row['choice_B'] . '"> ' . $row['choice_B'] . '
        <input type="radio" name="choiceA" value="' . $row['choice_C'] . '"> ' . $row['choice_C'] . '
        <input type="radio" name="choiceA" value="' . $row['choice_D'] . '"> ' . $row['choice_D'] . '
        ';  
    }
}
?>

*

P.aris
  • 1
  • 3
  • 1
    In the future please format your question so the code is readable. https://meta.stackexchange.com/questions/22186/how-do-i-format-my-code-blocks – chris85 Oct 14 '17 at 19:25
  • 1
    You shouldn't use `mysql_*` and you should have the correct answer marked in the DB. – chris85 Oct 14 '17 at 19:26
  • FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde Oct 14 '17 at 19:32
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Oct 14 '17 at 19:32

1 Answers1

0
if($row['test_num'] = $qnumber)

should be

if($row['test_num'] == $qnumber)

Single = is for value assigning. For comparison it is == or ===.

azbatuk
  • 273
  • 1
  • 6