从页面有效地获取许多单选按钮的价值

时间:2015-05-31 08:03:06

标签: php html sql brute-force

我的应用程序是一个数学测验,我必须从这个页面获得许多单选按钮的值来用来计算分数和诸如此类的东西。

到目前为止,我为每个单选按钮指定了十个单独的变量,但这对我来说听起来像是强力编码。有没有人有更有效的方法这样做?这是我目前的代码。

//these variables hold which radio button the user selected
$answerChoice1 = $_POST['test1']; //pulls value of radio button named test 1
$answerChoice2 = $_POST['test2'];
$answerChoice3 = $_POST['test3'];
$answerChoice4 = $_POST['test4'];
$answerChoice5 = $_POST['test5'];
$answerChoice6 = $_POST['test6'];
$answerChoice7 = $_POST['test7'];
$answerChoice8 = $_POST['test8'];
$answerChoice9 = $_POST['test9'];
$answerChoice10 = $_POST['test10'];

$questionID1 = $_POST['theId1']; //pulls the 'bid' of the question asked
$questionID2 = $_POST['theId2'];
$questionID3 = $_POST['theId3'];
$questionID4 = $_POST['theId4'];
$questionID5 = $_POST['theId5'];
$questionID6 = $_POST['theId6'];
$questionID7 = $_POST['theId7'];
$questionID8 = $_POST['theId8'];
$questionID9 = $_POST['theId9'];
$questionID10 = $_POST['theId10'];

$sqlAnswer1 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID1 . "\"  "; //sql statement for selecting the questions that were generated
$sqlAnswer2 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID2 . "\"  "; //on the page
$sqlAnswer3 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID3 . "\"  ";
$sqlAnswer4 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID4 . "\"  ";
$sqlAnswer5 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID5 . "\"  ";
$sqlAnswer6 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID6 . "\"  ";
$sqlAnswer7 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID7 . "\"  ";
$sqlAnswer8 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID8 . "\"  ";
$sqlAnswer9 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID9 . "\"  ";
$sqlAnswer10 = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID10 . "\"  ";

看看这段代码是多么笨重和丑陋?在这些sql语句下面,我对每个语句都有十个单独的查询。有什么想法吗?

2 个答案:

答案 0 :(得分:2)

在不改变标记的情况下,您可以创建一个循环来读取和处理变量:

for ($i = 1; $i <= 10; $i++)
{
  $answerChoice = $_POST["test$i"];
  $questionID = $_POST["theId$i"]; //pulls the 'bid' of the question asked

  $sqlAnswer = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID . "\"  ";

  // Execute the other stuff within the loop as well, if it is per question.  
}

注意:我将代码片段重点放在优化您的代码段上,因为这就是您要求的内容,但它仍然容易受到SQL注入攻击。如果某人伪造了$_POST["theId1"]中有一些奇怪内容的请求,那么这些内容将成为SQL查询的一部分,并可能损坏您的数据库!

关于数组

<强> 正常 

// You can declare an array like this:
$answerChoices = array();
for ($i = 1; $i <= 10; $i++)
{
  // Using the bracked notation, you can append an item to an array. 
  // You don't even have to specify an index. It will just start at 0.
  $answerChoices[] = $_POST["test$i"];

  // You *can* specify an index, though. Using -1 here to be in sync with the 0-based array above.
  $questionIDs[$i - 1] = $_POST["theId$i"]; //pulls the 'bid' of the question asked

  // You don't have to declare the array first. If you just add an item, PHP will 
  // create the array for you.
  $sqlAnswers[] = "SELECT * FROM `math` WHERE `bid` = \"" . $questionID . "\"  ";
}

你可以像这样循环遍历:

foreach ($sqlAnswers as $i => $sqlAnswer) {

  echo $sqlAnswer; // This variable is generated in the foreach loop.

  echo $answerChoices[$i]; // For the other arrays you can use the index.
}

当然,混合你访问阵列的方式,如上所述,可能会令人困惑。幸运的是,您仍然可以使用整数索引来使用正常for循环:

for ($i = 0; $i < count($answerChoices); $i++)
{
  echo $answerChoices[$i];
  echo $sqlAnswers[$i];
}

<强> 嵌套

您也可以嵌套数组。您可以使用字符串作为索引。这样,您可以更好地构建数据,因此在代码的其余部分中使用它会更容易。

$quizData = array();
for ($i = 1; $i <= 10; $i++)
{
  $questionID => $_POST["theId$i"];

  // Not the best way, but for now a simple way to make your code a little 
  // safer, if question id is indeed an integer.
  $questionID = (int)$questionID;

  // Question, answer and SQL are stored in an array with string keys. 
  // That array is stored in $quizData, so it will be an array of arrays.
  $quizData[] = array(
    'answerChoice' => $_POST["test$i"],
    'questionID' => $questionID,
    'sqlAnswer' => "SELECT * FROM `math` WHERE `bid` = \"" . $questionID . "\"  ";
}

现在你有了一个嵌套数组,其中每个项目都是一个包含数据的命名索引的数组。

检查此循环:

print_r($quizData); // Show the whole array in all its glory. ;)

foreach ($quizData as $questionData)
{
  print_r($questionData); // All data for a single question

  echo $questionData['questionID']; // Just one property of a question.
}

下一个选项是对象,但我认为我正在推动问题的范围。 ;)

答案 1 :(得分:1)

如果您想要更多地控制变量,我建议您将POST变量放在数组中。

input[type="checkbox"]:checked + .btn { background: #5BC0DE; } 然后使用$answerChoice = array($_POST["test1"], $_POST["test2"], etc...)迭代数组

for loop

这使您可以轻松定位某些答案选项

相关问题
最新问题