php - How to validate input from database -
i develop captcha require user answer question randomly display. database consist of id,question,answer. problem although enter correct answer still redirected me error.php instead of success.php.
<?php $database_db="test2"; $user_db="root"; $password_db=""; $host_db="localhost"; $link = mysqli_connect($host_db, $user_db, $password_db, $database_db); /* check connection */ if (mysqli_connect_errno()) { die ("couldnot connect: ".mysqli_connect_error()); exit(); } if (array_key_exists("answer", $_post) , array_key_exists("question", $_post)) { $id = intval($_post['question']); $sql="select question, answer captcha question='$id' , answer='".mysqli_real_escape_string($link, $_post['answer'])."'"; $result = mysqli_query($link, $sql) or exit('$sql failed: '.mysqli_error($link)); $num_rows = mysqli_num_rows($result); if($num_rows > 0) { header("location: success.php"); } else { header("location: error.php"); } exit; } else { $query = "select id, question `captcha` order rand() limit 1"; if ($result = mysqli_query($link, $query)) { if ($row = mysqli_fetch_assoc($result)) { $id = $row["id"]; $question = $row["question"]; } } } ?> <html> <body> <form method="post"> <?php echo $question; ?><br /> <input type="hidden" name="question" id="question" value="<?php echo $id; ?>" /> <input type="text" name="answer" id="answer" /><br /> <input type="submit" name="submit" value="submit" /><br /> </form> </body> </html>
it looks you're querying wrong column match $id:
"select question, answer captcha question='$id' , ... " i think should be:
"select question, answer captcha id='$id' , ... "
Comments
Post a Comment