My problem is, in question.php I wish to select 5 random rows from my database (questions) and then echo these questions as necessary with the associated answers. I then wish to, on result.php use those same 5 random selections in order to give correct/incorrect answer feedback. My problem is if I query the database using the same rand query I will get 5 different random questions. The query I have in question.php is:
<?php
$query="SELECT * FROM (SELECT * FROM dspstuff ORDER BY rand() LIMIT 5) T1 ORDER BY id";
?>
I then echo the relative 4 options associated with the question in the database:
<?php
while($row = mysql_fetch_assoc($result)) {
$options = array($row['option1'], $row['option2'], $row['option3'], $row['answer']);
shuffle($options);
echo '<p>';
echo $row['id'] . '. ';
echo $row['question'];
echo '</p>';
foreach($options as $option){?>
<p><input type="radio" name="ID<?php echo $row['id']; ?>" value="<?php echo $option; ?>"><?php echo $option; ?></p>
<?php }
echo '<br>';
}
?>
This all works correctly with the db connect info saved elsewhere. I need to know what query to use or possibly utilise session variables to save the random ids selected. Say I say select rows 1,2,3,4,5 from the db I need to use those rows in results.php, how would I go about achieving this?
EDIT: If $_SESSION['ID'] is an array with 5 values, (ids), what would be the select query for retrieving each array entry? ie.
$query="SELECT * FROM table WHERE id ='{$_SESSION['ID']}";
To prevent Cross-site-request-forgery (that is: relying on the user sending back the correct question IDs he was presented) I recommend (as you correctly stated in the question) to keep track of the questions presented to the user either in $_SESSION or in the database (if you have identified the user, i.e. he is logged in).
To do that, you first select your random questions and save their IDs in $_SESSION:
$_SESSION["questionID_$rowIndex"] = $row["id"];
When the user answers the questions, you can retrieve the original IDs by reading $_SESSION["questionID_0"] to $_SESSION["questionID_4"].
For that, in both scripts, you need to call session_start() in the very beginning.
AFAIK, the session-serializer is also capable of serializing arrays, so you should also be able to do something like this:
$_SESSION["questionIDs"] = array();
foreach($row in $resultset) //pseudo-foreach here
$_SESSION["questionIDs"][] = $row["id"];
and access it by
$_SESSION["questionIDs"][0] - $_SESSION["questionIDs"][4]
This will give you the IDs you previously presented to the user.
Although i would prefer the database-storage-thing: Save the data in the database, together with either the session-id you can retrieve by calling php_session_id() after initializing the session with session_start() or the user id if you know it.
Use $_SESSION to store your ids.
Session Variables are kept during requests.
Call session_start(); at the beginning of your script and then you can save the ids like $_SESSION['ID']=...
$query = sprintf("SELECT * FROM dspstuff WHERE id in (%s)", implode(',', $_SESSION['ID']) );