What are some potential pitfalls of structuring PHP code for displaying questions and answers in a quiz format?
One potential pitfall of structuring PHP code for displaying questions and answers in a quiz format is not properly sanitizing user input, which can lead to security vulnerabilities such as SQL injection or cross-site scripting attacks. To mitigate this risk, always use prepared statements or parameterized queries when interacting with a database to prevent malicious input from being executed.
// Example of using prepared statements to sanitize user input when retrieving quiz questions from a database
// Assuming $db is a PDO object connected to the database
$stmt = $db->prepare("SELECT question, answer1, answer2, answer3, answer4 FROM quiz_questions WHERE quiz_id = :quiz_id");
$stmt->bindParam(':quiz_id', $quiz_id);
$stmt->execute();
// Fetching quiz questions and answers
while ($row = $stmt->fetch()) {
$question = htmlspecialchars($row['question']);
$answer1 = htmlspecialchars($row['answer1']);
$answer2 = htmlspecialchars($row['answer2']);
$answer3 = htmlspecialchars($row['answer3']);
$answer4 = htmlspecialchars($row['answer4']);
// Display the question and answers in the quiz format
echo "<h3>{$question}</h3>";
echo "<input type='radio' name='answer' value='1'> {$answer1}<br>";
echo "<input type='radio' name='answer' value='2'> {$answer2}<br>";
echo "<input type='radio' name='answer' value='3'> {$answer3}<br>";
echo "<input type='radio' name='answer' value='4'> {$answer4}<br>";
}
Related Questions
- What is the significance of using global variables in PHP functions and what are the potential pitfalls associated with it?
- What are the potential pitfalls of delayed database connection in PHP scripts and how can they be avoided?
- What steps can PHP developers take to troubleshoot and resolve issues with incorrect character encoding in email messages?