Jump to content
MakeWebGames

$_POST Help Needed


War_Hero
 Share

Recommended Posts

Hi all. :)

I'm having a little trouble with a mod I'm making with my brother.

The mod asks the user a question and the user is asked to submit an answer. However, when the user enters the correct answer, it doesn't give them what they're supposed to get. :?

I've tried all sorts of things to try and get it to work, but I can't seem to do it.

 

Also, at the moment the mod requires the user to input a number answer, but I'd like them to input a text answer for two of the questions. But, I'm not sure how to secure the $_POST from SQL injections and all if the form requires a text answer.

This is one of my functions:

function index()
{
global $db,$ir,$c,$h,$userid;

$_POST['clue1'] = abs((int) $_POST['clue1']) && $_POST['clue1'] = isset($_POST['clue1']);
$_POST['clue2'] = abs((int) $_POST['clue2']) && $_POST['clue2'] = isset($_POST['clue2']);
$_POST['clue3'] = abs((int) $_POST['clue3']) && $_POST['clue3'] = isset($_POST['clue3']);

print "Congratulations. You found the clues page. Here, you can find out clues to what the URL is for the Hidden Link. There will be 3 clues. You will have to answer the riddles correctly, however, to receive a clue. 

";

if($ir['clue'] == 0)
{
	print "Here is your first question/riddle. 



	<table width = '45%' cellspacing = '1' class = 'table' />

	<tr />
		<th />Time</th>
		<th />Frequency</th>
		<th />Cumulative Frequency</th>
	</tr>

	<tr />
		<td />0 <= t < 2</td>
		<td />8</td>
		<td />8</td>
	</tr>

	<tr />
		<td />2 <= t < 4</td>
		<td />14</td>
		<td />22</td>
	</tr>

	<tr />
		<td />4 <= t < 6</td>
		<td />23</td>
		<td />45</td>
	</tr>

	<tr />
		<td />6 <= t < 8</td>
		<td />35</td>
		<td />80</td>
	</tr>

	<tr />
		<td />8 <= t < 10</td>
		<td />20</td>
		<td />100</td>
	</tr>

	<tr />
		<td />10 <= t < 12</td>
		<td />4</td>
		<td />104</td>
	</tr>

	<tr />
		<td /> </td>
		<td /> <b />104[/b] </td>
		<td /> </td>
	</tr>

	</table> 



	From this table, work out the <b /><font color = 'blue' />Median, Upper Quartile and Lower Quartile</font>[/b]. Once you find the answers to each, combine them and that will be your final answer. 

	<i /><font color = 'green' />For Example: If the Median was 6.7, it would be rounded up to 7. If the UQ was 9.4, it would be rounded down to 9, and if the LQ was 4.65, it would be rounded up to 5. Therefore, the answer would be <u />795</u>.</font>[/i]. 



	<form action = 'clues.php?action=clue1' method = 'post' />
	Your Final Answer:   <input type = 'text' name = 'clue1' value = '' /> 

	<input type = 'submit' value = 'Submit Answer' /> </form>";
}

 

and the clue function to go with it:

 

function clue1()
{
global $db,$ir,$c,$h,$userid;

$_POST['clue1'] = abs((int) $_POST['clue1']) && $_POST['clue1'] = isset($_POST['clue1']);
$_POST['clue2'] = abs((int) $_POST['clue2']) && $_POST['clue2'] = isset($_POST['clue2']);
$_POST['clue3'] = abs((int) $_POST['clue3']) && $_POST['clue3'] = isset($_POST['clue3']);

$answer1 = 648; //**Answer to first clue goes here**//

if($ir['clue'] != 0)
{
	die("Either you've had this clue before or haven't figured out the clue before this. <a href = 'clues.php' />Go Back</a>");
}

elseif($_POST['clue1'] != $answer)
{
	die("Sorry. That is not the correct answer. Please <a href = 'clues.php' />try again</a>.");
}

elseif($_POST['clue1'] == $answer)
{
	print "Well done! That is the correct answer. 



	Your first clue to the hidden link: <font color = 'blue' /><i />You see the light and start walking towards it. When you arrive, you see the Golden Gates, and beyond them two beautiful angels. Where are you? (The first part of the URL)[/i]</font>";

	$sql = sprintf("UPDATE `users` SET `clue` = '%d'
				   WHERE `userid` = ('%u')",
				   1, $userid);

	$db->query($sql);
}
}

 

Is anyone able to help? All help will be highly appreciated. :)

Cheers,

Link to comment
Share on other sites

Re: $_POST Help Needed

Just looking at the first bit, I notice this is incorrect:

 

$_POST['clue1'] = abs((int) $_POST['clue1']) && $_POST['clue1'] = isset($_POST['clue1']);

 

It should look something like this:

 

$_POST['clue1'] = isset($_POST['clue1']) ? abs(@intval($_POST['clue1'])) : 0;

 

To secure against SQL injections in a string, an example would be:

 

$sql = sprintf("UPDATE `users` SET `clue` = '%s' WHERE `userid` = ('%u')",
mysql_real_escape_string($_POST['textanswer']), // Use MRES to escape the data
$userid);

 

Or regex:

 

if (preg_match('/[^a-z]/i', $_POST['textanswer'])) { die('error'); }
Link to comment
Share on other sites

Re: $_POST Help Needed

Ohhh. Thank you. Security is one of my biggest issues. I usually just use $_POST['clue1'] = abs((int) $_POST['clue1']; to secure my $_POST's.

 

Now that I've sorted that bit out, how would I fix my mod so that it will give out the clue if the user gets the answer right? :)

 

Thank you for helping me with the first bit. Just a small question: is $_POST['clue1'] = abs((int) $_POST['clue1']; enough to secure the $_POST's or would what you did: $_POST['clue1'] = isset($_POST['clue1']) ? abs(@intval($_POST['clue1'])) : 0; be a lot better? :)

Thanks again,

Link to comment
Share on other sites

Re: $_POST Help Needed

 

Ohhh. Thank you. Security is one of my biggest issues. I usually just use $_POST['clue1'] = abs((int) $_POST['clue1']; to secure my $_POST's.

 

Now that I've sorted that bit out, how would I fix my mod so that it will give out the clue if the user gets the answer right? :)

 

Thank you for helping me with the first bit. Just a small question: is $_POST['clue1'] = abs((int) $_POST['clue1']; enough to secure the $_POST's or would what you did: $_POST['clue1'] = isset($_POST['clue1']) ? abs(@intval($_POST['clue1'])) : 0; be a lot better? :)

Thanks again,

They both do both the same thing. Mine just sets the $_POST['clue1'] as 0 if not set. But abs(@intval()), does the same if the result is not numeric.

To display the clue would be pretty simple, locate the if statement executed if the answer is correct then add..

 

 echo sprintf('%s', $_POST['clue1']); 
Link to comment
Share on other sites

Re: $_POST Help Needed

Ah right, thank you. :)

Hmm.

I don't think the section about the clue being displayed was very clear in my first post. :-P lol

 

I'll explain my mod a little more: The clues page will ask the user a question. If the user gets the question right, a clue to a hidden link will be given, but if they do not get it right, they will have to try again.

Therefore, the $_POST['clue1'] is the user's answer to the question.

This part of my code:

if($ir[$_POST['clue1'] == $answer)

{

print "Correct answer!";

 

$sql = 'my queries'

}

doesn't work, because even if they do enter the right answer, it still says it's wrong. In this case, $answer = 648;.

I'm not sure as to how to fix that bit, so that when the user enters the correct answer, it will output the correct text.

 

I hope that that clears it up a little bit. :)

Link to comment
Share on other sites

Re: $_POST Help Needed

Easily can do that.

 

$answers = array
(
	1 => "Blah"
);
$questions = array
(
	1 => "What is blah?"
);
$count = count($questions);
if($_POST['answer'] == $_SESSION['answer'])
{
echo 'You got it correct.';
$h->endpage();
exit;
}
else
{
$r = rand(1,$count);
$_SESSION['answer'] = $answers[$r];
echo '
The question is:

'.$questions[$r].'


<form action="'.$_SERVER['PHP_SELF'].'" method="post">
	Answer: <input type="text" name="answer">

	<input type="submit" value="Answer!">
</form>';
$h->endpage();
exit;
}

 

You will need to change some values there.

Link to comment
Share on other sites

Re: $_POST Help Needed

Ah right. Thank you killah. I'll take a look at that. :)

 

Right. I'm really pleased but also rather pissed off. The reason why it wasn't working was because of the names of my $_POSTs. I had clue1, clue2 and clue3 as the names of my $_POSTs and my functions/cases. So, I'm guessing that was the reason why it didn't work. I just changed the names of the $_POSTs and it worked. That's why I'm a little p-eed off, as it was such a simple error. :-P lol

Now to try it with a text answer. I'm not too sure how that will go though. :-P

 

Thank you all for helping me out. I may need some help with the text answers if I can't get it to work. Thanks again,

Link to comment
Share on other sites

Re: $_POST Help Needed

Hi again. :)

I've tried editing my code so the user has to have a text answer to get a clue, but it doesn't work. I don't get any error with it though.

This is the small bit I've edited:

 

function clue2()
{
global $db,$ir,$c,$h,$userid;

$_POST['ans1'] = isset($_POST['ans1']) ? abs(@intval($_POST['ans1'])) : 0;
$_POST['ans2'] = isset($_POST['ans2']) ? abs(@intval($_POST['ans2'])) : 0 && $_POST['ans2'] = strip_tags($_POST['ans2']);
$_POST['ans3'] = isset($_POST['ans3']) ? abs(@intval($_POST['ans3'])) : 0;

$regexp = "^[M-O]$";
$answer2 = $regexp; //**Answer to the second clue goes here**//

if($ir['clue'] != 1)
{
	die("Either you've had this clue before or you haven't figured out the clue before this. <a href = 'clues.php' />Go Back</a>");
}

elseif(!is_int($_POST['ans2']))
{
	die("The answer is not a number! Please <a href = 'clues.php' />try again.</a>.");
}

elseif(!ereg($regexp,$_POST['ans2']))
{
	die("Sorry. That was not the correct answer. Please <a href = 'clues.php' />try again</a>.");
}

else
{
	print "Well done! That is the correct answer. 



	Your second clue to the hidden link: <font color = 'blue' /><i />If you live a life of crime and sin, you will spend the rest of eternity in the firey depths of the underworld.[/i]</font> <br / > 

	<a href = 'clues.php' />Have another clue</a> or <a href = 'index.php' />return home</a>.";

	$sql1 = sprintf("UPDATE `users` SET `clue` = '%d'
					WHERE `userid` = ('%u')",
					2, $userid);

	$db->query($sql1);
}
}

 

I've tried using a few new things (new to me, that is). So I've probably cocked everything up. :-P I'm not sure why it isn't working, so any help would be highly appreciated. :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...