War_Hero Posted September 29, 2008 Share Posted September 29, 2008 Hi all. :) I'm having a little trouble with a mod I'm making with my brother. The mod asks the user a question and the user is asked to submit an answer. However, when the user enters the correct answer, it doesn't give them what they're supposed to get. :? I've tried all sorts of things to try and get it to work, but I can't seem to do it. Also, at the moment the mod requires the user to input a number answer, but I'd like them to input a text answer for two of the questions. But, I'm not sure how to secure the $_POST from SQL injections and all if the form requires a text answer. This is one of my functions: function index() { global $db,$ir,$c,$h,$userid; $_POST['clue1'] = abs((int) $_POST['clue1']) && $_POST['clue1'] = isset($_POST['clue1']); $_POST['clue2'] = abs((int) $_POST['clue2']) && $_POST['clue2'] = isset($_POST['clue2']); $_POST['clue3'] = abs((int) $_POST['clue3']) && $_POST['clue3'] = isset($_POST['clue3']); print "Congratulations. You found the clues page. Here, you can find out clues to what the URL is for the Hidden Link. There will be 3 clues. You will have to answer the riddles correctly, however, to receive a clue. "; if($ir['clue'] == 0) { print "Here is your first question/riddle. <table width = '45%' cellspacing = '1' class = 'table' /> <tr /> <th />Time</th> <th />Frequency</th> <th />Cumulative Frequency</th> </tr> <tr /> <td />0 <= t < 2</td> <td />8</td> <td />8</td> </tr> <tr /> <td />2 <= t < 4</td> <td />14</td> <td />22</td> </tr> <tr /> <td />4 <= t < 6</td> <td />23</td> <td />45</td> </tr> <tr /> <td />6 <= t < 8</td> <td />35</td> <td />80</td> </tr> <tr /> <td />8 <= t < 10</td> <td />20</td> <td />100</td> </tr> <tr /> <td />10 <= t < 12</td> <td />4</td> <td />104</td> </tr> <tr /> <td /> </td> <td /> <b />104[/b] </td> <td /> </td> </tr> </table> From this table, work out the <b /><font color = 'blue' />Median, Upper Quartile and Lower Quartile</font>[/b]. Once you find the answers to each, combine them and that will be your final answer. <i /><font color = 'green' />For Example: If the Median was 6.7, it would be rounded up to 7. If the UQ was 9.4, it would be rounded down to 9, and if the LQ was 4.65, it would be rounded up to 5. Therefore, the answer would be <u />795</u>.</font>[/i]. <form action = 'clues.php?action=clue1' method = 'post' /> Your Final Answer: <input type = 'text' name = 'clue1' value = '' /> <input type = 'submit' value = 'Submit Answer' /> </form>"; } and the clue function to go with it: function clue1() { global $db,$ir,$c,$h,$userid; $_POST['clue1'] = abs((int) $_POST['clue1']) && $_POST['clue1'] = isset($_POST['clue1']); $_POST['clue2'] = abs((int) $_POST['clue2']) && $_POST['clue2'] = isset($_POST['clue2']); $_POST['clue3'] = abs((int) $_POST['clue3']) && $_POST['clue3'] = isset($_POST['clue3']); $answer1 = 648; //**Answer to first clue goes here**// if($ir['clue'] != 0) { die("Either you've had this clue before or haven't figured out the clue before this. <a href = 'clues.php' />Go Back</a>"); } elseif($_POST['clue1'] != $answer) { die("Sorry. That is not the correct answer. Please <a href = 'clues.php' />try again</a>."); } elseif($_POST['clue1'] == $answer) { print "Well done! That is the correct answer. Your first clue to the hidden link: <font color = 'blue' /><i />You see the light and start walking towards it. When you arrive, you see the Golden Gates, and beyond them two beautiful angels. Where are you? (The first part of the URL)[/i]</font>"; $sql = sprintf("UPDATE `users` SET `clue` = '%d' WHERE `userid` = ('%u')", 1, $userid); $db->query($sql); } } Is anyone able to help? All help will be highly appreciated. :) Cheers, Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted September 29, 2008 Share Posted September 29, 2008 Re: $_POST Help Needed Just looking at the first bit, I notice this is incorrect: $_POST['clue1'] = abs((int) $_POST['clue1']) && $_POST['clue1'] = isset($_POST['clue1']); It should look something like this: $_POST['clue1'] = isset($_POST['clue1']) ? abs(@intval($_POST['clue1'])) : 0; To secure against SQL injections in a string, an example would be: $sql = sprintf("UPDATE `users` SET `clue` = '%s' WHERE `userid` = ('%u')", mysql_real_escape_string($_POST['textanswer']), // Use MRES to escape the data $userid); Or regex: if (preg_match('/[^a-z]/i', $_POST['textanswer'])) { die('error'); } Quote Link to comment Share on other sites More sharing options...
War_Hero Posted September 29, 2008 Author Share Posted September 29, 2008 Re: $_POST Help Needed Ohhh. Thank you. Security is one of my biggest issues. I usually just use $_POST['clue1'] = abs((int) $_POST['clue1']; to secure my $_POST's. Now that I've sorted that bit out, how would I fix my mod so that it will give out the clue if the user gets the answer right? :) Thank you for helping me with the first bit. Just a small question: is $_POST['clue1'] = abs((int) $_POST['clue1']; enough to secure the $_POST's or would what you did: $_POST['clue1'] = isset($_POST['clue1']) ? abs(@intval($_POST['clue1'])) : 0; be a lot better? :) Thanks again, Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted September 29, 2008 Share Posted September 29, 2008 Re: $_POST Help Needed Ohhh. Thank you. Security is one of my biggest issues. I usually just use $_POST['clue1'] = abs((int) $_POST['clue1']; to secure my $_POST's. Now that I've sorted that bit out, how would I fix my mod so that it will give out the clue if the user gets the answer right? :) Thank you for helping me with the first bit. Just a small question: is $_POST['clue1'] = abs((int) $_POST['clue1']; enough to secure the $_POST's or would what you did: $_POST['clue1'] = isset($_POST['clue1']) ? abs(@intval($_POST['clue1'])) : 0; be a lot better? :) Thanks again, They both do both the same thing. Mine just sets the $_POST['clue1'] as 0 if not set. But abs(@intval()), does the same if the result is not numeric. To display the clue would be pretty simple, locate the if statement executed if the answer is correct then add.. echo sprintf('%s', $_POST['clue1']); Quote Link to comment Share on other sites More sharing options...
War_Hero Posted September 29, 2008 Author Share Posted September 29, 2008 Re: $_POST Help Needed Ah right, thank you. :) Hmm. I don't think the section about the clue being displayed was very clear in my first post. :-P lol I'll explain my mod a little more: The clues page will ask the user a question. If the user gets the question right, a clue to a hidden link will be given, but if they do not get it right, they will have to try again. Therefore, the $_POST['clue1'] is the user's answer to the question. This part of my code: if($ir[$_POST['clue1'] == $answer) { print "Correct answer!"; $sql = 'my queries' } doesn't work, because even if they do enter the right answer, it still says it's wrong. In this case, $answer = 648;. I'm not sure as to how to fix that bit, so that when the user enters the correct answer, it will output the correct text. I hope that that clears it up a little bit. :) Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted September 29, 2008 Share Posted September 29, 2008 Re: $_POST Help Needed Try.. if($_POST['clue1'] == $answer) { print "Correct answer!"; $sql = 'my queries' } No need for the $ir[ .. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 30, 2008 Share Posted September 30, 2008 Re: $_POST Help Needed I would go with session's for this mod. Quote Link to comment Share on other sites More sharing options...
War_Hero Posted September 30, 2008 Author Share Posted September 30, 2008 Re: $_POST Help Needed Agh. I accidently put that $ir[ bit in. I actually have: elseif($_POST['clue1'] == $answer) etc. Yet is still doesn't work. :( Hmm...confusing me. Sessions? I'm not sure how to 'work' them. :-P lol Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted September 30, 2008 Share Posted September 30, 2008 Re: $_POST Help Needed Check if $_POST['clue1'] is defined correctly.. echo $_POST['clue'] . $answer; Do they match? Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 30, 2008 Share Posted September 30, 2008 Re: $_POST Help Needed Easily can do that. $answers = array ( 1 => "Blah" ); $questions = array ( 1 => "What is blah?" ); $count = count($questions); if($_POST['answer'] == $_SESSION['answer']) { echo 'You got it correct.'; $h->endpage(); exit; } else { $r = rand(1,$count); $_SESSION['answer'] = $answers[$r]; echo ' The question is: '.$questions[$r].' <form action="'.$_SERVER['PHP_SELF'].'" method="post"> Answer: <input type="text" name="answer"> <input type="submit" value="Answer!"> </form>'; $h->endpage(); exit; } You will need to change some values there. Quote Link to comment Share on other sites More sharing options...
War_Hero Posted September 30, 2008 Author Share Posted September 30, 2008 Re: $_POST Help Needed Ah right. Thank you killah. I'll take a look at that. :) Right. I'm really pleased but also rather pissed off. The reason why it wasn't working was because of the names of my $_POSTs. I had clue1, clue2 and clue3 as the names of my $_POSTs and my functions/cases. So, I'm guessing that was the reason why it didn't work. I just changed the names of the $_POSTs and it worked. That's why I'm a little p-eed off, as it was such a simple error. :-P lol Now to try it with a text answer. I'm not too sure how that will go though. :-P Thank you all for helping me out. I may need some help with the text answers if I can't get it to work. Thanks again, Quote Link to comment Share on other sites More sharing options...
War_Hero Posted October 2, 2008 Author Share Posted October 2, 2008 Re: $_POST Help Needed Hi again. :) I've tried editing my code so the user has to have a text answer to get a clue, but it doesn't work. I don't get any error with it though. This is the small bit I've edited: function clue2() { global $db,$ir,$c,$h,$userid; $_POST['ans1'] = isset($_POST['ans1']) ? abs(@intval($_POST['ans1'])) : 0; $_POST['ans2'] = isset($_POST['ans2']) ? abs(@intval($_POST['ans2'])) : 0 && $_POST['ans2'] = strip_tags($_POST['ans2']); $_POST['ans3'] = isset($_POST['ans3']) ? abs(@intval($_POST['ans3'])) : 0; $regexp = "^[M-O]$"; $answer2 = $regexp; //**Answer to the second clue goes here**// if($ir['clue'] != 1) { die("Either you've had this clue before or you haven't figured out the clue before this. <a href = 'clues.php' />Go Back</a>"); } elseif(!is_int($_POST['ans2'])) { die("The answer is not a number! Please <a href = 'clues.php' />try again.</a>."); } elseif(!ereg($regexp,$_POST['ans2'])) { die("Sorry. That was not the correct answer. Please <a href = 'clues.php' />try again</a>."); } else { print "Well done! That is the correct answer. Your second clue to the hidden link: <font color = 'blue' /><i />If you live a life of crime and sin, you will spend the rest of eternity in the firey depths of the underworld.[/i]</font> <br / > <a href = 'clues.php' />Have another clue</a> or <a href = 'index.php' />return home</a>."; $sql1 = sprintf("UPDATE `users` SET `clue` = '%d' WHERE `userid` = ('%u')", 2, $userid); $db->query($sql1); } } I've tried using a few new things (new to me, that is). So I've probably cocked everything up. :-P I'm not sure why it isn't working, so any help would be highly appreciated. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.