Home/ Questions/Q 8259831
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T02:57:12+00:00

The varibles inside of this script aren’t working at all, its driving me nuts,

  • 0

The varibles inside of this script aren’t working at all, its driving me nuts, if anyone could help that would be great ! 

<?php 
$db = mysql_connect('HOST', 'USER', 'PASS') or die('Could not connect: ' . mysql_error()); 
mysql_select_db('DBNAME') or die('Could not select database');

// Strings must be escaped to prevent SQL injection attack. 
$name = mysql_real_escape_string($_GET['name'], $db); 
$score = mysql_real_escape_string($_GET['score'], $db); 
$QuestionN = mysql_real_escape_string($_GET['QuestionN'], $db);        
$hash = $_GET['hash']; 
$num = (int)$QuestionN;
$var1     = mysql_real_escape_string($_POST['var1']);   
$var2     = mysql_real_escape_string($_POST['var2']);           


$secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below 

$real_hash = md5($name . $score . $secretKey); 
if($real_hash == $hash) { 
$query = mysql_query("UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2);
//$query = mysql_query("UPDATE Quiz1 SET " . $score . " = (1 + ". $score .")". " WHERE Question = " . $QuestionN);
//$query = mysql_query("UPDATE Quiz1 SET A = (1 + A ) WHERE Question = 1 ");

    $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
} 
print($var1) ; 
?>

Cleaned this up with PDO , heres the same code with better PHP practices for anyone who needs it . 

<?php
        // Configuration
        $hostname = 'host';
        $username = 'user';
        $password = 'pass';
        $database = 'DBNAME';
    //$score = 'A' ; 

        $name = $_GET['name']; 
        $score = $_GET['score']; 
    $QuestionN = $_GET['QuestionN'];   
        $table = $_GET['table'];
$hash = $_GET['hash']; 
    $num = (int)$QuestionN;
        $secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below 

        $real_hash = md5($name . $score . $secretKey); 
       // if($real_hash == $hash) { 



        try {
            $conn = new PDO('mysql:host='. $hostname .';dbname='. $database, $username, $password);
    echo "Connected to database"; // check for connection
    //$dbh->exec("UPDATE Quiz1 SET $score = 1 WHERE Question = 1");  // THIS DOES NOT  
    //$dbh->exec("UPDATE Quiz1 SET B = 1 WHERE Question = 1"); // THIS WORKS
$conn->exec("SET CHARACTER SET utf8");      // Sets encoding UTF-8
//$score = 'A';
//$scoreB = 'A'; 
//14
$author = 'Imanda';
//15
//$id = 1 ;
//16
// query
//$table = 'Quiz1';
//17
$sql = "UPDATE $table 

        SET $score = ( 1 + $score)

        WHERE Question = ?  "  ;
//20
$q = $conn->prepare($sql);
//21
$q->execute(array($QuestionN));




    //AddScore($dbh,'Quiz1','A','1'); 



}
catch(PDOException $e)
    {
    echo $e->getMessage();
    }
//  }
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You using mysql_query in two places, where it should be only in one place.

    $query = mysql_query("UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2);

    $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
}

    to 

    $query = "UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2;
    $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
}
    • 0