Feel free to ask a question.

Tables for layout went out in the 90's. We use CSS now.

pty commented: Indeed +9

Having vms for software testing or whatever else is a great option. Once you have a clean install of an OS on VM, take a snapshot, then install whatever you want. You can instantly revert to the clean install and keep repeating the process. You can also save a snapshot of the os after you install your test software and then revert to clean again for some other software.

Using VM's you can keep your host OS clean forever.

While not a bad idea to do the second clean install the upgrade is smart enough to put all the "crap" in a folder called windows.old which has everything from the previous version which is why you are able to roll back. All you really have to do is delete that folder. Although the folder is called windows.old it is not just the windows os directory in there, it is everything from the old os.

As you have been told by many on the other forum you crossposted on, you need to fix your Database before you do anything.

rproffitt commented: +1 for user icon. Nice. +15

There are numerous issues with your code.

You need to check the request method. Depending on the name of a button being submitted in order for your script to work will completetly fail in certain cases.

Get rid of the try/catch blocks. Php is perfectly capable of handling errors.

Do not output internal sytem errors to the user. That info is only good to hackers.

I assume your use of id is equivelent to a username. In programming id is known in a much differnet sense. Best to change the name.

There is no need to count results. You can simply do if ($results)
You need to kill the script after redirects otherwise the script will keep running.

PHP_SELF is vulnerable to an XSS Attack

This is all you need to completely log out - logout.php

<?php
    session_start();
    session_unset(); //remove all the variables in the session
    session_destroy(); // destroy the session
   die(header("Location: ./login.php?logout"));

Your letting the user create their own ID?

I only did a quick read through, but have you considered cloning your drive and then attempting whatever on the clone?

rproffitt commented: +1. Make clone, operation fails on clone. Repeat. +14

Being that their own server has numerous basic security issues and is vulnerable to a Clickjacking Attack, I would stay away from them.

This thread is TEN YEARS OLD. The OP is long gone.

This is a very poorly written and insecure script that is vulnerable to SQL Injection. Before you start adding new features you need to fix the script. There are numerous problems with it.

You need to use Prepared Statements. I suggest you use PDO.

Do not output internal errors to the user. That info is only useful to hackers

Never ever put variables in your query

Learn about "Seperation of Concerns" and then implement it

Do not create variables for nothing.

If you have this script on the net you should take it down until you fix it. If you have not been hacked yet, you will be.

You are using obsolete and dangerous code that has been completetly removed from Php. You need to use PDO with prepared statements. PDO Tutorial

Never ever put variables in a query.
Do not output internal system messages the user. That info is only good to hackers.

Having the test id in a GET variable is a very flawed approach and can be changed by the user at will. At some point a session variable for the test should be set among other things.

It would appear your DB design is flawed as well. There is not enough info here to say much more.

This is an XY Problem which basically means "Help me with my attempted solution" rather than the real problem which is likely "How do I design a quiz application".

@sriram_2, you revived a SIX YEAR OLD thread to post severely flawed and VERY DANGEROUS CODE?

I am not even going to get into everything wrong with what you posted. You need to do a lot more learning before you post a wall of code to "help".

I believe this question may be part of this thread Click Here

cereal commented: indeed +15

Based on ALL your other posts, the answer is ALL your posts.

happygeek commented: Yep, glad I'm not the only one thinking that :-) +16

Let's set your "problem" aside for a moment.

You are using dangerous obsolete mysql code that has been completetly removed from Php and will not work in the current versions at all no matter what you do. You need to use Prepared Statements. I reccomend you use PDO. https://phpdelusions.net/pdo.

That is enough wrong alone that there is really no point detailing anything else about it except to say NEVER EVER put variables in a query, do not create variables for nothing and do not SELECT *. Specify the column names you want explicitly.

Re-write your code in PDO after you study it and come back if you are still having problems. I will be happy to help once you do.

Just to give you an example, it took 0.1 seconds to get a list of all the serial numbers that occur only 1 or 3 times. This was run on a Windows 7 machine.

The file you gave me there are 43663 serials that occur only 1 time, and 9786 that occur 3 times out of 120,050 serials.

You have code issues. Run your site through bootlint.

CSS should be in an external file.

You have added your own media queries. Are the bootsrap defaults not adequate?

First, do not SELECT*. Specify the column names you want.

SELECT 
  column1
, column2
, date_format(fld_order_date, '/%d%m/%Y') AS fld_order_date
FROM table