-3

$query = mysqli_query($database, "select * from questions where e_category='$_SESSION[categories]' && question_no='$que_no' order by rand() ");

Here, the problem is that I want to display a random question from the selected exam.

Exams:-

(1) PHP (2) C language (3) Java

e.g. If the user selects PHP (exam), but cannot display random questions due to the above query, they will also verify e_category='$_SESSION[categories]'

No Warring appears.

$query = mysqli_query($database, "select * from questions where question_no='$que_no' order by rand() ");

The problem arises when e_category='$_SESSION[categories]' is not used, as it displays all exam questions, not just a specific exam.

TaskHunt
  • 1
  • 1
  • 1
    FYI: [How do I format my posts?](https://stackoverflow.com/help/formatting) – ADyson Aug 30 '23 at 12:20
  • 2
    This does not appear to be syntactically correct PHP code. Did you modify it for pasting into here? Please restore it correctly so it's clear. You can [edit] your post. – ADyson Aug 30 '23 at 12:21
  • 1
    Important info: [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) . You are not currently doing it correctly. – ADyson Aug 30 '23 at 12:22
  • `but cannot display random questions due to the above query`...why, what goes wrong? It's unclear what the specific problem is. See also [ask] and how to make a [mre] of your issue. – ADyson Aug 30 '23 at 12:23
  • Please reupload the code into your question as you have fallen a victim to an editor bug. – Dharman Aug 30 '23 at 12:28
  • 3
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Aug 30 '23 at 12:28
  • 1
    _"The problem arises when e_category='$\_SESSION\[categories\]' is not used, as it displays all exam questions, not just a specific exam."_ - so the category _is_ the exam? Well then why would you "not use" it, if you want to limit the results to a specific exam? And if that's not the case - well then what _does_ specify which exam a question belongs to? – CBroe Aug 30 '23 at 12:48
  • `select \*` - where does that come from? – Nico Haase Aug 30 '23 at 13:26

0 Answers0