I have a problem in this code .this code is for adding question to database.please advise thanks in advance.


<div class="row">
    <div class="col-md-offset-2 col-md-8">
        <h1>Add Quiz</h1>
        <form action="process_quizAdd.php" method="post">
            <div class="form-group">
                <label for="question">Ask Question</label>
                <input type="text" class="form-control" id="question" name="question" placeholder="Enter your question here">
            <div class="form-group">
                <label for="correct_answer">Correct answer</label>
                <input type="text" class="form-control" id="correct_answer1" name="correct_answer1" placeholder="Correct answer 1">
            <div class="form-group">
            <label class="sr-only" for="correct_answer2">Correct answer 2</label>
                <input type="text" class="form-control" id="correct_answer2" name="correct_answer2" placeholder="Correct answer 2">
            <div class="form-group">
                <label class="sr-only" for="correct_answer2">Correct answer 2</label>
                <input type="text" class="form-control" id="correct_answer3" name="correct_answer3" placeholder="Correct answer 3">
            <div class="form-group">
                <label for="wrong_answer1">Wrong Answers</label>
                <input type="text" class="form-control" id="wrong_answer1" name="wrong_answer1" placeholder="Wrong answer 1">
            <div class="form-group">
                <label class="sr-only" for="wrong_answer2">Wrong Answers 2</label>
                <input type="text" class="form-control" id="wrong_answer2" name="wrong_answer2" placeholder="Wrong answer 2">
            <div class="form-group">
                <label class="sr-only" for="wrong_answer3">Wrong Answers 2</label>
                <input type="text" class="form-control" id="wrong_answer3" name="wrong_answer3" placeholder="Wrong answer 3">
            <button type="submit" class="btn btn-primary btn-large" value="submit" name="submit">+ Add Question</button>

    <?php include('includes/footer.html') ?>

This code is for viewing questions and results.


ini_set('display_errors', 'On');

//Check for empty fields
    empty($_POST['correct_answer1'])    ||
    empty($_POST['correct_answer2'])    ||
    empty($_POST['correct_answer3'])    ||
    empty($_POST['wrong_answer1'])      ||
    empty($_POST['wrong_answer2'])      ||
    echo "Please complete all fields";

//Create short variables
$question = $_POST['question'];
$correct_answer1 = ($_POST['correct_answer1']);
$correct_answer2 = ($_POST['correct_answer2']);
$correct_answer3 = ($_POST['correct_answer3']);
$wrong_answer1 = ($_POST['wrong_answer1']);
$wrong_answer2 = ($_POST['wrong_answer2']);
$wrong_answer3 = ($_POST['wrong_answer3']);

//connect to the database

//Create the insert query
$query = "INSERT INTO questions
            -- (questionid, name, choice1, choice2, choice3,choice4,choice5,choice6, answer)
             VALUES (NULL, '".$question."','".$wrong_answer1."','".$wrong_answer2."','".$wrong_answer3."','".$correct_answer1."','".$correct_answer2."','".$correct_answer3."')";

$result = $dbc->query($query);

    echo "Your quiz has been saved";
} else {
    echo '<h1>System Error</h1>';


I have a problem in this code

Can you be more specific?

What I notice are the -- on line 34, that can cause issues.

Well, you haven't told us what you are getting so it's hard to pinpoint a problem. Is it a blank screen? Are you not getting the correct database results? Are the forms not showing up correctly?

A few notes from a quick glance-over:

  • Not sure if this is still true, but I believe input tags should end in a slash to adhere to proper xml formatting. Doesn't really affect much, but I had it beat into me

  • Your include at the end of the first section needs a semicolon to end it

  • I notice you do zero validation of input from the user. This can be quite dangerous. You'll want to use an escape string for database entries or, better, switch to parameterized entries. Also, you might want to check and make sure they didn't just type in garble so, maybe check for a min length, max length, characters that probably wouldn't exist in a question or answer, etc.

  • It's been awhile, but I don't remember -- in sql queries. I believe you just put an empty space between tablename and entries.

  • You don't actually connect to a database. Or do you? Is db_conn setting $dbc to a connection? You might want to verify this is occuring. Do a var_dump($dbc) to make sure.

  • Is questionid an autoincrement? If so, you can leave it out.

  • Keep in mind that you can put PHP variables directly into double-quoted strings now so you don't have to do all that concatenation. For example:

    $a = 'John'
    $greeting = "Hello, my name is $a"
    echo $greeting

You would see "Hello, my name is John". But, if you switch to parameterized queries as I suggest above, those lines will change significantly, anyway.

Thanks for reply.
IT was actually i had written more enteries in database than what was in my sql .
I want to add video and image into some questions .I know for images we use BLOB what shall we use for Video.It is good to use database for video or folder.Thanks