chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r11685] survey improvements

Browse Source
skala
Patrick Cool 19 years ago
parent a9eff38e78
commit 65a9c02383
12 changed files with 733 additions and 231 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. BIN
      main/img/percentagequestion.gif
  2. 30
      main/inc/lib/add_course.lib.inc.php
  3. 7
      main/inc/lib/database.lib.php
  4. 87
      main/survey/fillsurvey.php
  5. 5
      main/survey/preview.php
  6. 4
      main/survey/question.php
  7. 423
      main/survey/reporting.php
  8. 333
      main/survey/survey.lib.php
  9. 19
      main/survey/survey.php
  10. 34
      main/survey/survey_invitation.php
  11. 14
      main/survey/survey_invite.php
  12. 8
      main/survey/survey_list.php

BIN
main/img/percentagequestion.gif
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

30
main/inc/lib/add_course.lib.inc.php
Unescape View File

@ -1271,6 +1271,7 @@ function update_Db_course($courseDbName)
display varchar(10) NOT NULL,
sort int NOT NULL,
shared_question_id int(11),
max_value int(11),
PRIMARY KEY (question_id)
)";
$result = mysql_query($sql) or die(mysql_error($sql));
@ -1302,6 +1303,7 @@ function update_Db_course($courseDbName)
survey_id int unsigned NOT NULL,
question_id int unsigned NOT NULL,
option_id int unsigned NOT NULL,
value int unsigned NOT NULL,
user varchar(250) NOT NULL,
PRIMARY KEY (answer_id)
)";
@ -1375,9 +1377,9 @@ function fill_course_repository($courseRepository)
fputs($fp, $enreg);
}
fclose($fp);
$default_document_array=array();
if(api_get_setting('example_material_course_creation')<>'false')
{
$img_code_path = api_get_path(SYS_CODE_PATH)."default_course_document/images/";
@ -1388,14 +1390,14 @@ function fill_course_repository($courseRepository)
$course_documents_folder_audio=$sys_course_path.$courseRepository.'/document/audio/';
$course_documents_folder_flash=$sys_course_path.$courseRepository.'/document/flash/';
$course_documents_folder_video=$sys_course_path.$courseRepository.'/document/video/';
/*
* Images
*/
$files=array();
$files=browse_folders($img_code_path,$files,'images');
$pictures_array = sort_pictures($files,"dir");
$pictures_array = array_merge($pictures_array,sort_pictures($files,"file"));
@ -1414,16 +1416,16 @@ function fill_course_repository($courseRepository)
}
}
$default_document_array['images']=$pictures_array;
/*
* Audio
*/
$files=array();
$files=browse_folders($audio_code_path,$files,'audio');
$audio_array = sort_pictures($files,"dir");
$audio_array = array_merge($audio_array,sort_pictures($files,"file"));
@ -1443,14 +1445,14 @@ function fill_course_repository($courseRepository)
}
$default_document_array['audio']=$audio_array;
/*
* Flash
*/
$files=array();
$files=browse_folders($flash_code_path,$files,'flash');
$flash_array = sort_pictures($files,"dir");
$flash_array = array_merge($flash_array,sort_pictures($files,"file"));
@ -1470,14 +1472,14 @@ function fill_course_repository($courseRepository)
}
$default_document_array['flash']=$flash_array;
/*
* Video
*/
$files=array();
$files=browse_folders($video_code_path,$files,'video');
$video_array = sort_pictures($files,"dir");
$video_array = array_merge($video_array,sort_pictures($files,"file"));
@ -1496,7 +1498,7 @@ function fill_course_repository($courseRepository)
}
}
$default_document_array['video']=$video_array;
$default_document_array['video']=$video_array;
}
return $default_document_array;
@ -1940,8 +1942,8 @@ function register_course($courseSysCode, $courseScreenCode, $courseRepository, $
sort='". ($sort +1) . "',
user_course_cat='0'";
api_sql_query($sql, __FILE__, __LINE__);
if(count($teachers)>0){
if(count($teachers)>0){
foreach($teachers as $key){
$sql = "INSERT INTO ".$TABLECOURSUSER . " SET
course_code = '".addslashes($courseSysCode) . "',

7
main/inc/lib/database.lib.php
Unescape View File

@ -585,10 +585,15 @@ class Database
* @param string The string to escape
* @return string The escaped string
* @author Yannick Warnier <yannick.warnier@dokeos.com>
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
*/
function escape_string($string)
{
return mysql_escape_string($string);
if (get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
return mysql_real_escape_string($string);
}
/**
* Gets the array from a SQL result (as returned by api_sql_query) - help achieving database independence

87
main/survey/fillsurvey.php
Unescape View File

@ -66,7 +66,7 @@ if (!isset($_GET['course']) OR !isset($_GET['invitationcode']))
}
// now we check if the invitationcode is valid
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".mysql_real_escape_string($_GET['invitationcode'])."'";
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".Database::escape_string($_GET['invitationcode'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) < 1)
{
@ -86,7 +86,7 @@ if ($survey_invitation['answered'] == 1)
// checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".mysql_real_escape_string($survey_invitation['survey_code'])."'";
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) > 1)
{
@ -118,24 +118,70 @@ else
// storing the answers
if ($_POST)
{
/*
echo '<pre>';
print_r($_POST);
echo '</pre>';
*/
// getting all the types of the question (because of the special treatment of the score question type
$sql = "SELECT * FROM $table_survey_question WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
$types[$row['question_id']] = $row['type'];
}
// looping through all the post values
foreach ($_POST as $key=>$value)
{
// if the post value key contains the string 'question' then it is an answer on a question
if (strstr($key,'question'))
{
// finding the question id by removing 'question'
$survey_question_id = str_replace('question', '',$key);
// if the post value is an array then we have a multiple response question or a scoring question type
// remark: when it is a multiple response then the value of the array is the option_id
// when it is a scoring question then the key of the array is the option_id and the value is the value
if (is_array($value))
{
remove_answer($survey_invitation['user'], $survey_invitation['survey_id'], $survey_question_id);
foreach ($value as $answer_key => $answer_value)
{
store_answer($survey_invitation['user'], $survey_invitation['survey_id'], $survey_question_id, $answer_value);
if ($types[$survey_question_id] == 'score')
{
$option_id = $answer_key;
$option_value = $answer_value;
}
else
{
$option_id = $answer_value;
$option_value = '';
}
store_answer($survey_invitation['user'], $survey_invitation['survey_id'], $survey_question_id, $option_id, $option_value);
}
}
else // multipleresponse
// all the other question types (open question, multiple choice, percentage, ...)
else
{
if ($types[$survey_question_id] == 'percentage')
{
$sql = "SELECT * FROM $table_survey_question_option WHERE question_option_id='".Database::escape_string($value)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$option_value = $row['option_text'];
}
else
{
$option_value = 0;
}
$survey_question_answer = $value;
remove_answer($survey_invitation['user'], $survey_invitation['survey_id'], $survey_question_id);
store_answer($survey_invitation['user'], $survey_invitation['survey_id'], $survey_question_id, $value);
store_answer($survey_invitation['user'], $survey_invitation['survey_id'], $survey_question_id, $value, $option_value);
}
}
}
@ -168,12 +214,12 @@ if ($_POST['finish_survey'])
if (isset($_GET['show']))
{
// Getting all the questions for this page
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.sort, survey_question.type,
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.sort, survey_question.type, max_value,
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".mysql_real_escape_string($survey_invitation['survey_id'])."'
WHERE survey_question.survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
ORDER BY survey_question.sort ASC";
if ($_GET['show'])
{
@ -185,6 +231,7 @@ if (isset($_GET['show']))
while ($row = mysql_fetch_assoc($result))
{
// if the type is not a pagebreak we store it in the $questions array
// which is used for displaying the page
if($row['type'] <> 'pagebreak')
{
$questions[$row['sort']]['question_id'] = $row['question_id'];
@ -193,6 +240,10 @@ if (isset($_GET['show']))
$questions[$row['sort']]['display'] = $row['display'];
$questions[$row['sort']]['type'] = $row['type'];
$questions[$row['sort']]['options'][$row['question_option_id']] = $row['option_text'];
$questions[$row['sort']]['maximum_score'] = $row['max_value'];
// we also store the type of the questions in an array
$types[$row['question_id']] = $row['type'];
}
// if the type is a pagebreak we are finished loading the questions for this page
else
@ -239,18 +290,22 @@ Display :: display_footer();
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version January 2007
*/
function store_answer($user, $survey_id, $question_id, $option_id)
function store_answer($user, $survey_id, $question_id, $option_id, $option_value)
{
global $_course;
global $types;
// table definition
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER, $_course['db_name']);
$sql = "INSERT INTO $table_survey_answer (user, survey_id, question_id, option_id) VALUES (
'".mysql_real_escape_string($user)."',
'".mysql_real_escape_string($survey_id)."',
'".mysql_real_escape_string($question_id)."',
'".mysql_real_escape_string($option_id)."'
$sql = "INSERT INTO $table_survey_answer (user, survey_id, question_id, option_id, value) VALUES (
'".Database::escape_string($user)."',
'".Database::escape_string($survey_id)."',
'".Database::escape_string($question_id)."',
'".Database::escape_string($option_id)."',
'".Database::escape_string($option_value)."'
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
}
@ -274,9 +329,9 @@ function remove_answer($user, $survey_id, $question_id)
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER, $_course['db_name']);
$sql = "DELETE FROM $table_survey_answer
WHERE user = '".mysql_real_escape_string($user)."'
AND survey_id = '".mysql_real_escape_string($survey_id)."'
AND question_id = '".mysql_real_escape_string($question_id)."'";
WHERE user = '".Database::escape_string($user)."'
AND survey_id = '".Database::escape_string($survey_id)."'
AND question_id = '".Database::escape_string($question_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
}
?>

5
main/survey/preview.php
Unescape View File

@ -93,12 +93,12 @@ else
if (isset($_GET['show']))
{
// Getting all the questions for this page
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.sort, survey_question.type,
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.sort, survey_question.type, survey_question.max_value,
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC";
if ($_GET['show'])
{
@ -119,6 +119,7 @@ else
$questions[$row['sort']]['display'] = $row['display'];
$questions[$row['sort']]['type'] = $row['type'];
$questions[$row['sort']]['options'][$row['option_sort']] = $row['option_text'];
$questions[$row['sort']]['maximum_score'] = $row['max_value'];
}
// if the type is a pagebreak we are finished loading the questions for this page
else

4
main/survey/question.php
Unescape View File

@ -21,7 +21,7 @@
* @package dokeos.survey
* @author unknown, the initial survey that did not make it in 1.8 because of bad code
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University: cleanup, refactoring and rewriting large parts of the code
* @version $Id: question.php 11451 2007-03-06 21:54:30Z pcool $
* @version $Id: question.php 11685 2007-03-25 21:14:55Z pcool $
*/
// name of the language file that needs to be included
@ -76,7 +76,7 @@ if ($_GET['action'] == 'edit')
// the possible question types
$possible_types = array('yesno', 'multiplechoice', 'multipleresponse', 'open', 'dropdown', 'comment', 'pagebreak');
$possible_types = array('yesno', 'multiplechoice', 'multipleresponse', 'open', 'dropdown', 'comment', 'pagebreak', 'percentage', 'score');
// checking if it is a valid type
if (!in_array($_GET['type'], $possible_types))

423
main/survey/reporting.php
Unescape View File

@ -21,9 +21,9 @@
* @package dokeos.survey
* @author unknown, the initial survey that did not make it in 1.8 because of bad code
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University: cleanup, refactoring and rewriting large parts of the code
* @version $Id: reporting.php 11462 2007-03-07 07:49:38Z pcool $
* @version $Id: reporting.php 11685 2007-03-25 21:14:55Z pcool $
*
* @todo use quickforms for the forms
* @todo The question has to be more clearly indicated (same style as when filling the survey)
*/
// name of the language file that needs to be included
@ -109,8 +109,21 @@ if (!$_GET['action'] OR $_GET['action'] == 'overview')
else
{
$interbreadcrumb[] = array ("url" => "reporting.php?survey_id=".$_GET['survey_id'], "name" => get_lang('Reporting'));
/** @todo fix this language problem **/
$tool_name = get_lang($_GET['action']);
switch ($_GET['action'])
{
case 'questionreport':
$tool_name = get_lang('DetailedReportByQuestion');
break;
case 'userreport':
$tool_name = get_lang('DetailedReportByUser');
break;
case 'comparativereport':
$tool_name = get_lang('ComparativeReport');
break;
case 'completereport':
$tool_name = get_lang('CompleteReport');
break;
}
}
// Displaying the header
@ -201,7 +214,18 @@ function check_parameters()
function handle_reporting_actions()
{
// getting the number of question
$questions_data = survey_manager::get_questions($_GET['survey_id']);
$temp_questions_data = survey_manager::get_questions($_GET['survey_id']);
// sorting like they should be displayed and removing the non-answer question types (comment and pagebreak)
foreach ($temp_questions_data as $key=>$value)
{
if ($value['type'] <> 'comment' AND $value['type']<>'pagebreak')
{
$questions_data[$value['sort']]=$value;
}
}
// counting the number of questions that are relevant for the reporting
$survey_data['number_of_questions'] = count($questions_data);
if ($_GET['action'] == 'questionreport')
@ -271,40 +295,58 @@ function display_user_report()
Display::display_normal_message(get_lang('AllQuestionsOnOnePage'), false);
// getting all the questions and options
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.sort, survey_question.type,
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.max_value, survey_question.sort, survey_question.type,
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
if($row['type'] <> 'pagebreak')
{
$questions[$row['sort']]['question_id'] = $row['question_id'];
$questions[$row['sort']]['survey_id'] = $row['survey_id'];
$questions[$row['sort']]['survey_question'] = $row['survey_question'];
$questions[$row['sort']]['display'] = $row['display'];
$questions[$row['sort']]['type'] = $row['type'];
$questions[$row['sort']]['question_id'] = $row['question_id'];
$questions[$row['sort']]['survey_id'] = $row['survey_id'];
$questions[$row['sort']]['survey_question'] = $row['survey_question'];
$questions[$row['sort']]['display'] = $row['display'];
$questions[$row['sort']]['type'] = $row['type'];
$questions[$row['sort']]['maximum_score'] = $row['max_value'];
$questions[$row['sort']]['options'][$row['question_option_id']] = $row['option_text'];
}
}
// getting all the answers of the user
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id = '".mysql_real_escape_string($_GET['survey_id'])."' AND user = '".mysql_real_escape_string($_GET['user'])."'";
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."' AND user = '".Database::escape_string($_GET['user'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
$answers[$row['question_id']][] = $row['option_id'];
$all_answers[$row['question_id']][] = $row;
}
// displaying all the questions
foreach ($questions as $key=>$question)
{
// if the question type is a scoring then we have to format the answers differently
if ($question['type'] == 'score')
{
foreach($all_answers[$question['question_id']] as $key=>$answer_array)
{
$second_parameter[$answer_array['option_id']] = $answer_array['value'];
}
}
else
{
$second_parameter = $answers[$question['question_id']];
}
$display = new $question['type'];
$display->render_question($question, $answers[$question['question_id']]);
$display->render_question($question, $second_parameter);
// echo '<pre>';
// print_r($answers[$question['question_id']]);
// echo '</pre>';
}
}
}
@ -325,6 +367,7 @@ function display_user_report()
* @todo allow switching between horizontal and vertical.
* @todo multiple response: percentage are probably not OK
* @todo the question and option text have to be shortened and should expand when the user clicks on it.
* @todo the pagebreak and comment question types should not be shown => removed from $survey_data before
*
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version February 2007
@ -346,11 +389,30 @@ function display_question_report($survey_data)
$offset = $_GET['question'];
}
echo '<div id="question_report_questionnumbers">';
for($i=1; $i<=($survey_data['number_of_questions']); $i++ )
{
if ($offset <> $i-1)
{
echo '<a href="reporting.php?action=questionreport&amp;survey_id='.(int)$_GET['survey_id'].'&amp;question='.($i-1).'">'.$i.'</a>';
}
else
{
echo $i;
}
if ($i < $survey_data['number_of_questions'])
{
echo ' | ';
}
}
echo '</div>';
// getting the question information
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".mysql_real_escape_string($_GET['survey_id'])."' LIMIT ".$offset.",1";
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' AND type<>'pagebreak' AND type<>'comment' ORDER BY sort ASC LIMIT ".$offset.",1";
$result = api_sql_query($sql, __FILE__, __LINE__);
$question = mysql_fetch_assoc($result);
// navigate through the questions (next and previous)
if ($_GET['question'] <> 0)
{
echo '<a href="reporting.php?action='.$_GET['action'].'&amp;survey_id='.$_GET['survey_id'].'&amp;question='.($offset-1).'"> &lt;&lt; '.get_lang('PreviousQuestion').'</a> ';
@ -372,10 +434,113 @@ function display_question_report($survey_data)
echo $question['survey_question'];
echo '<br />';
if ($question['type'] == 'score')
{
/** @todo this function should return the options as this is needed further in the code */
$options = display_question_report_score($survey_data, $question, $offset);
}
elseif ($question['type'] == 'open')
{
/** @todo also get the user who has answered this */
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
echo $row['option_id'].'<hr noshade="noshade" size="1" />';
}
}
else
{
// getting the options
$sql = "SELECT * FROM $table_survey_question_option
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
$options[$row['question_option_id']] = $row;
}
// getting the answers
$sql = "SELECT *, count(answer_id) as total FROM $table_survey_answer
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
GROUP BY option_id, value";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
$number_of_answers += $row['total'];
$data[$row['option_id']] = $row;
}
// displaying the table: headers
echo '<table>';
echo ' <tr>';
echo ' <th>&nbsp;</th>';
echo ' <th>'.get_lang('AbsoluteTotal').'</th>';
echo ' <th>'.get_lang('Percentage').'</th>';
echo ' <th>'.get_lang('VisualRepresentation').'</th>';
echo ' <tr>';
// displaying the table: the content
foreach ($options as $key=>$value)
{
$absolute_number = $data[$value['question_option_id']]['total'];
echo ' <tr>';
echo ' <td>'.$value['option_text'].'</td>';
echo ' <td><a href="reporting.php?action='.$_GET['action'].'&amp;survey_id='.$_GET['survey_id'].'&amp;question='.$offset.'&amp;viewoption='.$value['question_option_id'].'">'.$absolute_number.'</a></td>';
echo ' <td>'.round($absolute_number/$number_of_answers*100, 2).' %</td>';
echo ' <td><div style="background-color:#0066CC; height:10px; width:'.($absolute_number/$number_of_answers*100*2).'px">&nbsp;</div></td>';
echo ' </tr>';
}
// displaying the table: footer (totals)
echo ' <tr>';
echo ' <td style="border-top:1px solid black"><b>'.get_lang('Total').'</b></td>';
echo ' <td style="border-top:1px solid black"><b>'.$number_of_answers.'</b></td>';
echo ' <td style="border-top:1px solid black">&nbsp;</td>';
echo ' <td style="border-top:1px solid black">&nbsp;</td>';
echo ' </tr>';
echo '</table>';
}
if (isset($_GET['viewoption']))
{
echo get_lang('PeopleWhoAnswered').': '.$options[$_GET['viewoption']]['option_text'].'<br />';
if (is_numeric($_GET['value']))
{
$sql_restriction = "AND value='".Database::escape_string($_GET['value'])."'";
}
$sql = "SELECT user FROM $table_survey_answer WHERE option_id = '".Database::escape_string($_GET['viewoption'])."' $sql_restriction";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
echo '<a href="reporting.php?action=userreport&survey_id='.$_GET['survey_id'].'&user='.$row['user'].'">'.$row['user'].'</a><br />';
}
}
}
function display_question_report_score($survey_data, $question, $offset)
{
// Database table definitions
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
// getting the options
$sql = "SELECT * FROM $table_survey_question_option
WHERE survey_id='".mysql_real_escape_string($_GET['survey_id'])."'
AND question_id = '".mysql_real_escape_string($question['question_id'])."'
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
@ -385,20 +550,27 @@ function display_question_report($survey_data)
// getting the answers
$sql = "SELECT *, count(answer_id) as total FROM $table_survey_answer
WHERE survey_id='".mysql_real_escape_string($_GET['survey_id'])."'
AND question_id = '".mysql_real_escape_string($question['question_id'])."'
GROUP BY option_id";
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
GROUP BY option_id, value";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
$number_of_answers += $row['total'];
$data[$row['option_id']] = $row;
$data[$row['option_id']][$row['value']] = $row;
}
/*
echo '<pre>';
print_r($data);
echo '</pre>';
*/
// displaying the table: headers
echo '<table>';
echo ' <tr>';
echo ' <th>&nbsp;</th>';
echo ' <th>'.get_lang('Score').'</th>';
echo ' <th>'.get_lang('AbsoluteTotal').'</th>';
echo ' <th>'.get_lang('Percentage').'</th>';
echo ' <th>'.get_lang('VisualRepresentation').'</th>';
@ -408,37 +580,29 @@ function display_question_report($survey_data)
// displaying the table: the content
foreach ($options as $key=>$value)
{
$absolute_number = $data[$value['question_option_id']]['total'];
for ($i=1; $i<=$question['max_value']; $i++)
{
$absolute_number = $data[$value['question_option_id']][$i]['total'];
echo ' <tr>';
echo ' <td>'.$value['option_text'].'</td>';
echo ' <td>'.$i.'</td>';
echo ' <td><a href="reporting.php?action='.$_GET['action'].'&amp;survey_id='.$_GET['survey_id'].'&amp;question='.$offset.'&amp;viewoption='.$value['question_option_id'].'&amp;value='.$i.'">'.$absolute_number.'</a></td>';
echo ' <td>'.round($absolute_number/$number_of_answers*100, 2).' %</td>';
echo ' <td><div style="background-color:#0066CC; height:10px; width:'.($absolute_number/$number_of_answers*100*2).'px">&nbsp;</div></td>';
echo ' </tr>';
}
}
// displaying the table: footer (totals)
echo ' <tr>';
echo ' <td>'.$value['option_text'].'</td>';
echo ' <td><a href="reporting.php?action='.$_GET['action'].'&amp;survey_id='.$_GET['survey_id'].'&amp;question='.$offset.'&amp;viewoption='.$value['question_option_id'].'">'.$absolute_number.'</a></td>';
echo ' <td>'.round($absolute_number/$number_of_answers*100, 2).' %</td>';
echo ' <td><div style="background-color:#0066CC; height:10px; width:'.($absolute_number/$number_of_answers*100*2).'px">&nbsp;</div></td>';
echo ' <td style="border-top:1px solid black"><b>'.get_lang('Total').'</b></td>';
echo ' <td style="border-top:1px solid black">&nbsp;</td>';
echo ' <td style="border-top:1px solid black"><b>'.$number_of_answers.'</b></td>';
echo ' <td style="border-top:1px solid black">&nbsp;</td>';
echo ' <td style="border-top:1px solid black">&nbsp;</td>';
echo ' </tr>';
}
// displaying the table: footer (totals)
echo ' <tr>';
echo ' <td style="border-top:1px solid black"><b>'.get_lang('Total').'</b></td>';
echo ' <td style="border-top:1px solid black"><b>'.$number_of_answers.'</b></td>';
echo ' <td style="border-top:1px solid black">&nbsp;</td>';
echo ' <td style="border-top:1px solid black">&nbsp;</td>';
echo ' </tr>';
echo '</table>';
if (isset($_GET['viewoption']))
{
echo get_lang('PeopleWhoAnswered').': '.$options[$_GET['viewoption']]['option_text'].'<br />';
$sql = "SELECT user FROM $table_survey_answer WHERE option_id = '".mysql_real_escape_string($_GET['viewoption'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
echo '<a href="reporting.php?action=userreport&survey_id='.$_GET['survey_id'].'&user='.$row['user'].'">'.$row['user'].'</a><br />';
}
}
echo '</table>';
}
/**
@ -480,7 +644,7 @@ function display_complete_report()
FROM $table_survey_question questions LEFT JOIN $table_survey_question_option options
ON questions.question_id = options.question_id
/*WHERE questions.question_id = options.question_id*/
AND questions.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'
AND questions.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY questions.question_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
@ -517,7 +681,7 @@ function display_complete_report()
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
@ -542,7 +706,7 @@ function display_complete_report()
// getting all the answers of the users
$old_user='';
$answers_of_user = array();
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".mysql_real_escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
@ -587,7 +751,14 @@ function display_complete_report_row($possible_answers, $answers_of_user, $user)
echo '<td align="center">';
if (!empty($answers_of_user[$question_id][$option_id]))
{
echo 'v';
if ($answers_of_user[$question_id][$option_id]['value']<>0)
{
echo $answers_of_user[$question_id][$option_id]['value'];
}
else
{
echo 'v';
}
}
echo '</td>';
}
@ -620,7 +791,7 @@ function export_complete_report()
FROM $table_survey_question questions LEFT JOIN $table_survey_question_option options
ON questions.question_id = options.question_id
/*WHERE questions.question_id = options.question_id*/
AND questions.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'
AND questions.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY questions.question_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
@ -649,7 +820,7 @@ function export_complete_report()
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
@ -672,7 +843,7 @@ function export_complete_report()
// getting all the answers of the users
$old_user='';
$answers_of_user = array();
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".mysql_real_escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
@ -735,6 +906,9 @@ function export_complete_report_row($possible_answers, $answers_of_user, $user)
*/
function display_comparative_report()
{
// allowed question types for comparative report
$allowed_question_types = array('yesno', 'multiplechoice', 'multipleresponse', 'dropdown', 'percentage', 'score');
// getting all the questions
$questions = survey_manager::get_questions($_GET['survey_id']);
@ -752,7 +926,7 @@ function display_comparative_report()
echo '<option value="">---</option>';
foreach ($questions as $key=>$question)
{
if (in_array($question['type'], array('yesno', 'multiplechoice', 'multipleresponse', 'dropdown')))
if (in_array($question['type'], $allowed_question_types))
{
echo '<option value="'.$question['question_id'].'"';
if ($_GET['xaxis'] == $question['question_id'])
@ -769,7 +943,7 @@ function display_comparative_report()
echo '<option value="">---</option>';
foreach ($questions as $key=>$question)
{
if (in_array($question['type'], array('yesno', 'multiplechoice', 'multipleresponse', 'dropdown')))
if (in_array($question['type'], $allowed_question_types))
{
echo '<option value="'.$question['question_id'].'"';
if ($_GET['yaxis'] == $question['question_id'])
@ -803,6 +977,7 @@ function display_comparative_report()
// displaying the table
echo '<table border="1" class="data_table">';
// the header
echo ' <tr>';
for ($ii=0; $ii<=count($question_x['answers']); $ii++)
@ -813,7 +988,18 @@ function display_comparative_report()
}
else
{
echo ' <th>'.$question_x['answers'][($ii-1)].'</th>';
if ($question_x['type']=='score')
{
for($x=1; $x<=$question_x['maximum_score']; $x++)
{
echo ' <th>'.$question_x['answers'][($ii-1)].'<br />'.$x.'</th>';
}
$x='';
}
else
{
echo ' <th>'.$question_x['answers'][($ii-1)].'</th>';
}
}
}
echo ' </tr>';
@ -821,21 +1007,87 @@ function display_comparative_report()
// the main part
for ($ij=0; $ij<count($question_y['answers']); $ij++)
{
echo ' <tr>';
for ($ii=0; $ii<=count($question_x['answers']); $ii++)
// The Y axis is a scoring question type so we have more rows than the options (actually options * maximum score)
if ($question_y['type'] == 'score')
{
if ($ii == 0)
for($y=1; $y<=$question_y['maximum_score']; $y++)
{
echo ' <th>'.$question_y['answers'][($ij)].'</th>';
echo ' <tr>';
for ($ii=0; $ii<=count($question_x['answers']); $ii++)
{
if ($question_x['type']=='score')
{
for($x=1; $x<=$question_x['maximum_score']; $x++)
{
if ($ii == 0)
{
echo ' <th>'.$question_y['answers'][($ij)].' '.$y.'</th>';
break;
}
else
{
echo ' <td align="center">';
echo comparative_check($answers_x, $answers_y, $question_x['answersid'][($ii-1)], $question_y['answersid'][($ij)], $x, $y);
echo '</td>';
}
}
}
else
{
if ($ii == 0)
{
echo ' <th>'.$question_y['answers'][($ij)].' '.$y.'</th>';
}
else
{
echo ' <td align="center">';
echo comparative_check($answers_x, $answers_y, $question_x['answersid'][($ii-1)], $question_y['answersid'][($ij)], 0, $y);
echo '</td>';
}
}
}
echo ' </tr>';
}
else
}
// The Y axis is NOT a score question type so the number of rows = the number of options
else
{
echo ' <tr>';
for ($ii=0; $ii<=count($question_x['answers']); $ii++)
{
echo ' <td align="center">';
echo comparative_check($answers_x, $answers_y, $question_x['answersid'][($ii-1)], $question_y['answersid'][($ij)]);
echo '</td>';
if ($question_x['type']=='score')
{
for($x=1; $x<=$question_x['maximum_score']; $x++)
{
if ($ii == 0)
{
echo ' <th>'.$question_y['answers'][($ij)].'</th>';
break;
}
else
{
echo ' <td align="center">';
echo comparative_check($answers_x, $answers_y, $question_x['answersid'][($ii-1)], $question_y['answersid'][($ij)], $x, 0);
echo '</td>';
}
}
}
else
{
if ($ii == 0)
{
echo ' <th>'.$question_y['answers'][($ij)].'</th>';
}
else
{
echo ' <td align="center">';
echo comparative_check($answers_x, $answers_y, $question_x['answersid'][($ii-1)], $question_y['answersid'][($ij)]);
echo '</td>';
}
}
}
echo ' </tr>';
}
echo ' </tr>';
}
echo '</table>';
}
@ -859,13 +1111,21 @@ function get_answers_of_question_by_user($survey_id, $question_id)
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$sql = "SELECT * FROM $table_survey_answer
WHERE survey_id='".mysql_real_escape_string($survey_id)."'
AND question_id='".mysql_real_escape_string($question_id)."'
WHERE survey_id='".Database::escape_string($survey_id)."'
AND question_id='".Database::escape_string($question_id)."'
ORDER BY USER ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
$return[$row['user']][] = $row['option_id'];
if ($row['value'] == 0)
{
$return[$row['user']][] = $row['option_id'];
}
else
{
$return[$row['user']][] = $row['option_id'].'*'.$row['value'];
}
}
return $return;
}
@ -883,16 +1143,33 @@ function get_answers_of_question_by_user($survey_id, $question_id)
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version February 2007
*/
function comparative_check($answers_x, $answers_y, $option_x, $option_y)
function comparative_check($answers_x, $answers_y, $option_x, $option_y, $value_x=0, $value_y=0)
{
if ($value_x==0)
{
$check_x = $option_x;
}
else
{
$check_x = $option_x.'*'.$value_x;
}
if ($value_y==0)
{
$check_y = $option_y;
}
else
{
$check_y = $option_y.'*'.$value_y;
}
$counter = 0;
foreach ($answers_x as $user => $answers)
{
// check if the user has given $option_x as answer
if (in_array($option_x, $answers))
if (in_array($check_x, $answers))
{
// check if the user has given $option_y as an answer
if (in_array($option_y, $answers_y[$user]))
if (in_array($check_y, $answers_y[$user]))
{
$counter++;
}

333
main/survey/survey.lib.php
Unescape View File

@ -1,5 +1,5 @@
<?php
$config['survey']['debug'] = false;
$config['survey']['debug'] = true;
/*
DOKEOS - elearning and course management software
@ -59,7 +59,7 @@ class survey_manager
$table_survey = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION);
}
$sql = "SELECT * FROM $table_survey WHERE survey_id='".mysql_real_escape_string($survey_id)."'";
$sql = "SELECT * FROM $table_survey WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$return = mysql_fetch_assoc($result);
@ -101,17 +101,17 @@ class survey_manager
if (!$values['survey_id'] OR !is_numeric($values['survey_id']))
{
$sql = "INSERT INTO $table_survey (code, title, subtitle, author, lang, avail_from, avail_till, is_shared, template, intro, surveythanks, creation_date) VALUES (
'".mysql_real_escape_string($values['survey_code'])."',
'".mysql_real_escape_string($values['survey_title'])."',
'".mysql_real_escape_string($values['survey_subtitle'])."',
'".mysql_real_escape_string($_user['user_id'])."',
'".mysql_real_escape_string($values['survey_language'])."',
'".mysql_real_escape_string($values['start_date'])."',
'".mysql_real_escape_string($values['end_date'])."',
'".mysql_real_escape_string($shared_survey_id)."',
'".mysql_real_escape_string('template')."',
'".mysql_real_escape_string($values['survey_introduction'])."',
'".mysql_real_escape_string($values['survey_thanks'])."',
'".Database::escape_string($values['survey_code'])."',
'".Database::escape_string($values['survey_title'])."',
'".Database::escape_string($values['survey_subtitle'])."',
'".Database::escape_string($_user['user_id'])."',
'".Database::escape_string($values['survey_language'])."',
'".Database::escape_string($values['start_date'])."',
'".Database::escape_string($values['end_date'])."',
'".Database::escape_string($shared_survey_id)."',
'".Database::escape_string('template')."',
'".Database::escape_string($values['survey_introduction'])."',
'".Database::escape_string($values['survey_thanks'])."',
'".date()."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$survey_id = mysql_insert_id();
@ -125,18 +125,18 @@ class survey_manager
else
{
$sql = "UPDATE $table_survey SET
code = '".mysql_real_escape_string($values['survey_code'])."',
title = '".mysql_real_escape_string($values['survey_title'])."',
subtitle = '".mysql_real_escape_string($values['survey_subtitle'])."',
author = '".mysql_real_escape_string($_user['user_id'])."',
lang = '".mysql_real_escape_string($values['survey_language'])."',
avail_from = '".mysql_real_escape_string($values['start_date'])."',
avail_till = '".mysql_real_escape_string($values['end_date'])."',
is_shared = '".mysql_real_escape_string($shared_survey_id)."',
template = '".mysql_real_escape_string('template')."',
intro = '".mysql_real_escape_string($values['survey_introduction'])."',
surveythanks = '".mysql_real_escape_string($values['survey_thanks'])."'
WHERE survey_id = '".mysql_real_escape_string($values['survey_id'])."'";
code = '".Database::escape_string($values['survey_code'])."',
title = '".Database::escape_string($values['survey_title'])."',
subtitle = '".Database::escape_string($values['survey_subtitle'])."',
author = '".Database::escape_string($_user['user_id'])."',
lang = '".Database::escape_string($values['survey_language'])."',
avail_from = '".Database::escape_string($values['start_date'])."',
avail_till = '".Database::escape_string($values['end_date'])."',
is_shared = '".Database::escape_string($shared_survey_id)."',
template = '".Database::escape_string('template')."',
intro = '".Database::escape_string($values['survey_introduction'])."',
surveythanks = '".Database::escape_string($values['survey_thanks'])."'
WHERE survey_id = '".Database::escape_string($values['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
//$return['message'] = get_lang('SurveyUpdatedSuccesfully').'<br />'.get_lang('YouCanNowAddQuestionToYourSurvey').': ';
@ -170,14 +170,14 @@ class survey_manager
if (!$values['survey_id'] OR !is_numeric($values['survey_id']) OR $values['survey_share']['survey_share'] == 'true')
{
$sql = "INSERT INTO $table_survey (code, title, subtitle, author, lang, template, intro, surveythanks, creation_date, course_code) VALUES (
'".mysql_real_escape_string($values['survey_code'])."',
'".mysql_real_escape_string($values['survey_title'])."',
'".mysql_real_escape_string($values['survey_subtitle'])."',
'".mysql_real_escape_string($_user['user_id'])."',
'".mysql_real_escape_string($values['survey_language'])."',
'".mysql_real_escape_string('template')."',
'".mysql_real_escape_string($values['survey_introduction'])."',
'".mysql_real_escape_string($values['survey_thanks'])."',
'".Database::escape_string($values['survey_code'])."',
'".Database::escape_string($values['survey_title'])."',
'".Database::escape_string($values['survey_subtitle'])."',
'".Database::escape_string($_user['user_id'])."',
'".Database::escape_string($values['survey_language'])."',
'".Database::escape_string('template')."',
'".Database::escape_string($values['survey_introduction'])."',
'".Database::escape_string($values['survey_thanks'])."',
'".date()."',
'".$_course['id']."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
@ -186,15 +186,15 @@ class survey_manager
else
{
$sql = "UPDATE $table_survey SET
code = '".mysql_real_escape_string($values['survey_code'])."',
title = '".mysql_real_escape_string($values['survey_title'])."',
subtitle = '".mysql_real_escape_string($values['survey_subtitle'])."',
author = '".mysql_real_escape_string($_user['user_id'])."',
lang = '".mysql_real_escape_string($values['survey_language'])."',
template = '".mysql_real_escape_string('template')."',
intro = '".mysql_real_escape_string($values['survey_introduction'])."',
surveythanks = '".mysql_real_escape_string($values['survey_thanks'])."'
WHERE survey_id = '".mysql_real_escape_string($values['survey_share']['survey_share'])."'";
code = '".Database::escape_string($values['survey_code'])."',
title = '".Database::escape_string($values['survey_title'])."',
subtitle = '".Database::escape_string($values['survey_subtitle'])."',
author = '".Database::escape_string($_user['user_id'])."',
lang = '".Database::escape_string($values['survey_language'])."',
template = '".Database::escape_string('template')."',
intro = '".Database::escape_string($values['survey_introduction'])."',
surveythanks = '".Database::escape_string($values['survey_thanks'])."'
WHERE survey_id = '".Database::escape_string($values['survey_share']['survey_share'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$return = $values['survey_share']['survey_share'];
}
@ -220,7 +220,7 @@ class survey_manager
}
// deleting the survey
$sql = "DELETE from $table_survey WHERE survey_id='".mysql_real_escape_string($survey_id)."'";
$sql = "DELETE from $table_survey WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
// deleting the questions of the survey
@ -251,11 +251,11 @@ class survey_manager
$number = count($people_filled);
// storing this value in the survey table
$sql = "UPDATE $table_survey SET answered = '".mysql_real_escape_string($number)."' WHERE survey_id = '".mysql_real_escape_string($survey_id)."'";
$sql = "UPDATE $table_survey SET answered = '".Database::escape_string($number)."' WHERE survey_id = '".Database::escape_string(s$survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
// storing that the user has finished the survey.
$sql = "UPDATE $table_survey_invitation SET answered='1' WHERE user='".mysql_real_escape_string($user)."'";
$sql = "UPDATE $table_survey_invitation SET answered='1' WHERE user='".Database::escape_string($user)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
}
@ -302,17 +302,20 @@ class survey_manager
function icon_question($type)
{
// the possible question types
$possible_types = array('yesno', 'multiplechoice', 'multipleresponse', 'open', 'dropdown', 'comment', 'pagebreak');
$possible_types = array('yesno', 'multiplechoice', 'multipleresponse', 'open', 'dropdown', 'comment', 'pagebreak', 'percentage', 'score');
// the images array
$icon_question = array(
'yesno' => 'fill_in_blanks.gif',
'yesno' => 'yesno.gif',
'multiplechoice' => 'mcua.gif',
'multipleresponse' => 'mcma.gif',
'open' => 'open_answer.gif',
'dropdown' => 'fill_in_blanks.gif',
'comment' => 'fill_in_blanks.gif',
'pagebreak' => 'fill_in_blanks.gif');
'dropdown' => 'dropdown.gif',
'percentage' => 'percentagequestion.gif',
'score' => 'scorequestion.gif',
'comment' => 'commentquestion.gif',
'pagebreak' => 'page_end.gif',
);
if (in_array($type, $possible_types))
{
@ -347,7 +350,7 @@ class survey_manager
}
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE question_id='".mysql_real_escape_string($question_id)."'";
$sql = "SELECT * FROM $tbl_survey_question WHERE question_id='".Database::escape_string($question_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$return['survey_id'] = $row['survey_id'];
@ -356,9 +359,10 @@ class survey_manager
$return['question'] = $row['survey_question'];
$return['horizontalvertical'] = $row['display'];
$return['shared_question_id'] = $row['shared_question_id'];
$return['maximum_score'] = $row['max_value'];
// getting the information of the question options
$sql = "SELECT * FROM $table_survey_question_option WHERE question_id='".mysql_real_escape_string($question_id)."'";
$sql = "SELECT * FROM $table_survey_question_option WHERE question_id='".Database::escape_string($question_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
@ -389,7 +393,7 @@ class survey_manager
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE survey_id='".mysql_real_escape_string($survey_id)."'";
$sql = "SELECT * FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
@ -398,10 +402,13 @@ class survey_manager
$return[$row['question_id']]['type'] = $row['type'];
$return[$row['question_id']]['question'] = $row['survey_question'];
$return[$row['question_id']]['horizontalvertical'] = $row['display'];
$return[$row['question_id']]['maximum_score'] = $row['max_value'];
$return[$row['question_id']]['sort'] = $row['sort'];
}
// getting the information of the question options
$sql = "SELECT * FROM $table_survey_question_option WHERE survey_id='".mysql_real_escape_string($survey_id)."'";
$sql = "SELECT * FROM $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
@ -441,20 +448,22 @@ class survey_manager
if ($form_content['question_id'] == '' OR !is_numeric($form_content['question_id']))
{
// finding the max sort order of the questions in the given survey
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question WHERE survey_id='".mysql_real_escape_string($form_content['survey_id'])."'";
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($form_content['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$max_sort = $row['max_sort'];
// adding the question to the survey_question table
$sql = "INSERT INTO $tbl_survey_question (survey_id,survey_question,survey_question_comment,type,display, sort, shared_question_id) VALUES (
'".mysql_real_escape_string($form_content['survey_id'])."',
'".mysql_real_escape_string($form_content['question'])."',
'".mysql_real_escape_string($form_content['question_comment'])."',
'".mysql_real_escape_string($form_content['type'])."',
'".mysql_real_escape_string($form_content['horizontalvertical'])."',
'".mysql_real_escape_string($max_sort+1)."',
'".mysql_real_escape_string($form_content['shared_question_id'])."')";
$sql = "INSERT INTO $tbl_survey_question (survey_id,survey_question,survey_question_comment,type,display, sort, shared_question_id, max_value) VALUES (
'".Database::escape_string($form_content['survey_id'])."',
'".Database::escape_string($form_content['question'])."',
'".Database::escape_string($form_content['question_comment'])."',
'".Database::escape_string($form_content['type'])."',
'".Database::escape_string($form_content['horizontalvertical'])."',
'".Database::escape_string($max_sort+1)."',
'".Database::escape_string($form_content['shared_question_id'])."',
'".Database::escape_string($form_content['maximum_score'])."'
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$question_id = mysql_insert_id();
$form_content['question_id'] = $question_id;
@ -465,10 +474,11 @@ class survey_manager
{
// adding the question to the survey_question table
$sql = "UPDATE $tbl_survey_question SET
survey_question = '".mysql_real_escape_string($form_content['question'])."',
survey_question_comment = '".mysql_real_escape_string($form_content['question_comment'])."',
display = '".mysql_real_escape_string($form_content['horizontalvertical'])."'
WHERE question_id = '".mysql_real_escape_string($form_content['question_id'])."'";
survey_question = '".Database::escape_string($form_content['question'])."',
survey_question_comment = '".Database::escape_string($form_content['question_comment'])."',
display = '".Database::escape_string($form_content['horizontalvertical'])."',
max_value = '".Database::escape_string($form_content['maximum_score'])."'
WHERE question_id = '".Database::escape_string($form_content['question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$return_message = 'QuestionUpdated';
}
@ -500,21 +510,21 @@ class survey_manager
{
// finding the max sort order of the questions in the given survey
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question
WHERE survey_id='".mysql_real_escape_string($survey_data['survey_share'])."'
AND code='".mysql_real_escape_string($_course['id'])."'";
WHERE survey_id='".Database::escape_string($survey_data['survey_share'])."'
AND code='".Database::escape_string($_course['id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$max_sort = $row['max_sort'];
// adding the question to the survey_question table
$sql = "INSERT INTO $tbl_survey_question (survey_id, survey_question, survey_question_comment, type, display, sort, code) VALUES (
'".mysql_real_escape_string($survey_data['survey_share'])."',
'".mysql_real_escape_string($form_content['question'])."',
'".mysql_real_escape_string($form_content['question_comment'])."',
'".mysql_real_escape_string($form_content['type'])."',
'".mysql_real_escape_string($form_content['horizontalvertical'])."',
'".mysql_real_escape_string($max_sort+1)."',
'".mysql_real_escape_string($_course['id'])."')";
'".Database::escape_string($survey_data['survey_share'])."',
'".Database::escape_string($form_content['question'])."',
'".Database::escape_string($form_content['question_comment'])."',
'".Database::escape_string($form_content['type'])."',
'".Database::escape_string($form_content['horizontalvertical'])."',
'".Database::escape_string($max_sort+1)."',
'".Database::escape_string($_course['id'])."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$shared_question_id = mysql_insert_id();
}
@ -523,11 +533,11 @@ class survey_manager
{
// adding the question to the survey_question table
$sql = "UPDATE $tbl_survey_question SET
survey_question = '".mysql_real_escape_string($form_content['question'])."',
survey_question_comment = '".mysql_real_escape_string($form_content['question_comment'])."',
display = '".mysql_real_escape_string($form_content['horizontalvertical'])."'
WHERE question_id = '".mysql_real_escape_string($form_content['shared_question_id'])."'
AND code='".mysql_real_escape_string($_course['id'])."'";
survey_question = '".Database::escape_string($form_content['question'])."',
survey_question_comment = '".Database::escape_string($form_content['question_comment'])."',
display = '".Database::escape_string($form_content['horizontalvertical'])."'
WHERE question_id = '".Database::escape_string($form_content['shared_question_id'])."'
AND code='".Database::escape_string($_course['id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$shared_question_id = $form_content['shared_question_id'];
}
@ -560,7 +570,7 @@ class survey_manager
}
// finding the two questions that needs to be swapped
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".mysql_real_escape_string($survey_id)."' ORDER BY sort $sort";
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' ORDER BY sort $sort";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))
{
@ -578,9 +588,9 @@ class survey_manager
}
}
$sql1 = "UPDATE $table_survey_question SET sort = '".mysql_real_escape_string($question_sort_two)."' WHERE question_id='".mysql_real_escape_string($question_id_one)."'";
$sql1 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_two)."' WHERE question_id='".Database::escape_string($question_id_one)."'";
$result = api_sql_query($sql1, __FILE__, __LINE__);
$sql2 = "UPDATE $table_survey_question SET sort = '".mysql_real_escape_string($question_sort_one)."' WHERE question_id='".mysql_real_escape_string($question_id_two)."'";
$sql2 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_one)."' WHERE question_id='".Database::escape_string($question_id_two)."'";
$result = api_sql_query($sql2, __FILE__, __LINE__);
}
@ -605,7 +615,7 @@ class survey_manager
}
// deleting the survey questions
$sql = "DELETE from $table_survey_question WHERE survey_id='".mysql_real_escape_string($survey_id)."'";
$sql = "DELETE from $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
// deleting all the options of the questions of the survey
@ -638,7 +648,7 @@ class survey_manager
}
// deleting the survey questions
$sql = "DELETE from $table_survey_question WHERE survey_id='".mysql_real_escape_string($survey_id)."' AND question_id='".mysql_real_escape_string($question_id)."'";
$sql = "DELETE from $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
// deleting the options of the question of the survey
@ -665,7 +675,7 @@ class survey_manager
$question_data = survey_manager::get_question($question_id);
// deleting the survey questions
$sql = "DELETE FROM $table_survey_question WHERE question_id='".mysql_real_escape_string($question_data['shared_question_id'])."'";
$sql = "DELETE FROM $table_survey_question WHERE question_id='".Database::escape_string($question_data['shared_question_id'])."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
// deleting the options of the question of the survey
@ -689,6 +699,15 @@ class survey_manager
*/
function save_question_options($form_content, $survey_data)
{
// a percentage question type has options 1 -> 100
if ($form_content['type'] == 'percentage')
{
for($i=1;$i<101;$i++)
{
$form_content['answers'][] = $i;
}
}
if (is_numeric($survey_data['survey_share']) AND $survey_data['survey_share'] <> 0)
{
survey_manager::save_shared_question_options($form_content, $survey_data);
@ -700,7 +719,7 @@ class survey_manager
// we are editing a question so we first have to remove all the existing options from the database
if (is_numeric($form_content['question_id']))
{
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".mysql_real_escape_string($form_content['question_id'])."'";
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".Database::escape_string($form_content['question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
}
@ -708,10 +727,10 @@ class survey_manager
foreach ($form_content['answers'] as $key=>$answer)
{
$sql = "INSERT INTO $table_survey_question_option (question_id, survey_id, option_text, sort) VALUES (
'".mysql_real_escape_string($form_content['question_id'])."',
'".mysql_real_escape_string($form_content['survey_id'])."',
'".mysql_real_escape_string($answer)."',
'".mysql_real_escape_string($counter)."')";
'".Database::escape_string($form_content['question_id'])."',
'".Database::escape_string($form_content['survey_id'])."',
'".Database::escape_string($answer)."',
'".Database::escape_string($counter)."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$counter++;
}
@ -734,17 +753,17 @@ class survey_manager
$table_survey_question_option = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION);
// we are editing a question so we first have to remove all the existing options from the database
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".mysql_real_escape_string($form_content['shared_question_id'])."'";
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".Database::escape_string($form_content['shared_question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$counter = 1;
foreach ($form_content['answers'] as $key=>$answer)
{
$sql = "INSERT INTO $table_survey_question_option (question_id, survey_id, option_text, sort) VALUES (
'".mysql_real_escape_string($form_content['shared_question_id'])."',
'".mysql_real_escape_string($survey_data['is_shared'])."',
'".mysql_real_escape_string($answer)."',
'".mysql_real_escape_string($counter)."')";
'".Database::escape_string($form_content['shared_question_id'])."',
'".Database::escape_string($survey_data['is_shared'])."',
'".Database::escape_string($answer)."',
'".Database::escape_string($counter)."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$counter++;
}
@ -778,7 +797,7 @@ class survey_manager
}
// deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".mysql_real_escape_string($survey_id)."'";
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
return true;
}
@ -805,7 +824,7 @@ class survey_manager
}
// deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".mysql_real_escape_string($survey_id)."' AND question_id='".mysql_real_escape_string($question_id)."'";
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
return true;
}
@ -852,7 +871,7 @@ class survey_manager
// variable initialisation
$return = array();
$sql = "SELECT DISTINCT user FROM $table_survey_answer WHERE survey_id = '".mysql_real_escape_string($survey_id)."'";
$sql = "SELECT DISTINCT user FROM $table_survey_answer WHERE survey_id = '".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($res))
{
@ -1533,5 +1552,119 @@ class pagebreak extends question
class percentage extends question
{
function create_form($form_content)
{
$this->html = parent::create_form($form_content);
}
function render_question($form_content, $answers=array())
{
$this->html .= '<option value="--">--</option>';
foreach ($form_content['options'] as $key=>$value)
{
$this->html .= '<option value="'.$key.'" ';
if (in_array($key,$answers))
{
$this->html .= 'selected="selected"';
}
$this->html .= '>'.$value.'</option>';
}
echo '<div class="survey_question_wrapper">';
echo '<div class="survey_question">'.$form_content['survey_question'].'</div>';
echo '<div class="survey_question_options">';
echo '<select name="question'.$form_content['question_id'].'" id="select">';
echo $this->html;
echo '</select>';
echo '</div>';
}
}
class score extends question
{
function create_form($form_content)
{
$this->html = parent::create_form($form_content);
// the maximum score that can be given
$this->html .= ' <tr>';
$this->html .= ' <td colspan="3"><strong>'.get_lang('MaximumScore').'</strong></td>';
$this->html .= ' </tr>';
$this->html .= ' <tr>
<td colspan="3"><input type="text" name="maximum_score" value="'.$form_content['maximum_score'].'"></td>
</tr>';
// The answers
$this->html .= ' <tr>';
$this->html .= ' <td colspan="3"><strong>'.get_lang('AnswerOptions').'</strong></td>';
$this->html .= ' </tr>';
$total_number_of_answers = count($form_content['answers']);
foreach ($form_content['answers'] as $key=>$value)
{
$this->html .= ' <tr>';
$this->html .= ' <td align="right"><label for="answers['.$key.']">'.($key+1).'</label></td>';
//$this->html .= ' <td><input type="text" name="answers['.$key.']" id="answers['.$key.']" value="'.$form_content['answers'][$key].'" /></td>';
$this->html .= ' <td width="500">'.api_return_html_area('answers['.$key.']', $form_content['answers'][$key]).'</td>';
$this->html .= ' <td>';
if ($key<$total_number_of_answers-1)
{
$this->html .= ' <input type="image" src="../img/down.gif" value="move_down['.$key.']" name="move_down['.$key.']"/>';
}
if ($key>0)
{
$this->html .= ' <input type="image" src="../img/up.gif" value="move_up['.$key.']" name="move_up['.$key.']"/>';
}
if ($total_number_of_answers> 2)
{
$this->html .= ' <input type="image" src="../img/delete.gif" value="delete_answer['.$key.']" name="delete_answer['.$key.']"/>';
}
$this->html .= ' </td>';
$this->html .= ' </tr>';
}
// The buttons for adding or removing
$this->html .= parent :: add_remove_buttons($form_content);
}
function render_question($form_content, $answers=array())
{
/*
echo '<div style="border: 1px solid red;">';
echo '<pre>';
print_r($answers);
echo '</pre></div>';
*/
$this->html = '<table>';
foreach ($form_content['options'] as $key=>$value)
{
$this->html .= '<tr>
<td>'.$value.'</td>';
$this->html .= ' <td>';
$this->html .= '<select name="question'.$form_content['question_id'].'['.$key.']">';
$this->html .= '<option value="--">--</option>';
for($i=1; $i<=$form_content['maximum_score']; $i++)
{
$this->html .= '<option value="'.$i.'"';
if ($answers[$key] == $i)
{
$this->html .= 'selected="selected" ';
}
$this->html .= '>'.$i.'</option>';
}
$this->html .= '</select>';
$this->html .= ' </td>';
$this->html .= '</tr>';
}
$this->html .= '</table>';
echo '<div class="survey_question_wrapper">';
echo '<div class="survey_question">'.$form_content['survey_question'].' score</div>';
echo '<div class="survey_question_options">';
//echo '<select name="question'.$form_content['question_id'].'" id="select">';
echo $this->html;
//echo '</select>';
echo '</div>';
}
}
function db_escape_string($value)
{
}
?>

19
main/survey/survey.php
Unescape View File

@ -21,7 +21,7 @@ Tel. +32 (2) 211 34 56
* @package dokeos.survey
* @author unknown
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University: cleanup, refactoring and rewriting large parts of the code
* @version $Id: survey.php 11451 2007-03-06 21:54:30Z pcool $
* @version $Id: survey.php 11685 2007-03-25 21:14:55Z pcool $
*
* @todo use quickforms for the forms
*/
@ -112,8 +112,8 @@ echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.
echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.php?action=add&type=multipleresponse&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/mcma.gif" /><br />'.get_lang('MultipleResponse').'</a></div>';
echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.php?action=add&type=open&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/open_answer.gif" /><br />'.get_lang('Open').'</a></div>';
echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.php?action=add&type=dropdown&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/dropdown.gif" /><br />'.get_lang('Dropdown').'</a></div>';
//echo '<div style="float:left"><a href="question.php?action=add&type=percentage&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/fill_in_blanks.gif" /><br />'.get_lang('Dropdown').'</a></div>';
//echo '<div style="float:left"><a href="question.php?action=add&type=rating&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/fill_in_blanks.gif" /><br />'.get_lang('Dropdown').'</a></div>';
echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.php?action=add&type=percentage&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/percentagequestion.gif" /><br />'.get_lang('Percentage').'</a></div>';
echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.php?action=add&type=score&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/fill_in_blanks.gif" /><br />'.get_lang('Score').'</a></div>';
echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.php?action=add&type=comment&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/commentquestion.gif" /><br />'.get_lang('Comment').'</a></div>';
echo '<div style="float:left; text-align:center; margin:5px;"><a href="question.php?action=add&type=pagebreak&amp;survey_id='.$_GET['survey_id'].'"><img src="../img/page_end.gif" /><br />'.get_lang('Pagebreak').'</a></div>';
echo '</div>';
@ -134,7 +134,7 @@ $sql = "SELECT survey_question.*, count(survey_question_option.question_option_i
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY survey_question.question_id
ORDER BY survey_question.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
@ -143,7 +143,16 @@ while ($row = mysql_fetch_assoc($result))
{
echo '<tr>';
echo ' <td>'.$question_counter.'</td>';
echo ' <td>'.$row['survey_question'].'</td>';
echo ' <td>';
if (strlen($row['survey_question']) > 100)
{
echo substr($row['survey_question'],0, 100).' ... ';
}
else
{
echo $row['survey_question'];
}
echo '</td>';
echo ' <td>'.get_lang(ucfirst($row['type'])).'</td>';
echo ' <td>'.$row['number_of_options'].'</td>';
echo ' <td>';

34
main/survey/survey_invitation.php
Unescape View File

@ -85,10 +85,30 @@ $answered_data = survey_manager::get_people_who_filled_survey($_GET['survey_id']
//
echo ' <a href="'.$_SERVER['PHP_SELF'].'?survey_id='.(int)$_GET['survey_id'].'&amp;view=invited">'.get_lang('ViewInvited').'</a> |
<a href="'.$_SERVER['PHP_SELF'].'?survey_id='.(int)$_GET['survey_id'].'&amp;view=answered">'.get_lang('ViewAnswered').'</a> |
<a href="'.$_SERVER['PHP_SELF'].'?survey_id='.(int)$_GET['survey_id'].'&amp;view=unanswered">'.get_lang('ViewUnanswered').'</a> |
';
if (!isset($_GET['view']) OR $_GET['view'] == 'invited')
{
echo get_lang('ViewInvited'). ' | ';
}
else
{
echo ' <a href="'.$_SERVER['PHP_SELF'].'?survey_id='.(int)$_GET['survey_id'].'&amp;view=invited">'.get_lang('ViewInvited').'</a> |';
}
if ($_GET['view'] == 'answered')
{
echo get_lang('ViewAnswered').' | ';
}
else
{
echo ' <a href="'.$_SERVER['PHP_SELF'].'?survey_id='.(int)$_GET['survey_id'].'&amp;view=answered">'.get_lang('ViewAnswered').'</a> |';
}
if ($_GET['view'] == 'unanswered')
{
echo get_lang('ViewUnanswered');
}
else
{
echo ' <a href="'.$_SERVER['PHP_SELF'].'?survey_id='.(int)$_GET['survey_id'].'&amp;view=unanswered">'.get_lang('ViewUnanswered').'</a>';
}
// table header
echo '<table class="data_table">';
@ -101,7 +121,7 @@ echo ' </tr>';
$sql = "SELECT survey_invitation.*, user.firstname, user.lastname, user.email FROM $table_survey_invitation survey_invitation
LEFT JOIN $table_user user ON survey_invitation.user = user.user_id
WHERE survey_invitation.survey_code = '".mysql_real_escape_string($survey_data['code'])."'";
WHERE survey_invitation.survey_code = '".Database::escape_string($survey_data['code'])."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($res))
{
@ -181,7 +201,7 @@ function get_survey_invitations_data()
'' as col4
FROM $table_survey_invitation survey_invitation
LEFT JOIN $table_user user ON survey_invitation.user = user.user_id
WHERE survey_invitation.survey_id = '".mysql_real_escape_string($_GET['survey_id'])."'";
WHERE survey_invitation.survey_id = '".Database::escape_string($_GET['survey_id'])."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_array($res))
{
@ -205,7 +225,7 @@ function get_number_of_survey_invitations()
// Database table definition
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$sql = "SELECT count(user) AS total FROM $table_survey_invitation WHERE survey_id='".mysql_real_escape_string($_GET['survey_id'])."'";
$sql = "SELECT count(user) AS total FROM $table_survey_invitation WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($res);
return $row['total'];

14
main/survey/survey_invite.php
Unescape View File

@ -76,7 +76,7 @@ Display::display_header($tool_name);
// checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".mysql_real_escape_string($survey_data['code'])."'";
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_data['code'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) > 1)
{
@ -186,7 +186,7 @@ function save_invite_mail($mailtext, $reminder=0)
$mail_field = 'reminder_mail';
}
$sql = "UPDATE $table_survey SET $mail_field = '".mysql_real_escape_string($mailtext)."' WHERE survey_id = '".$_GET['survey_id']."'";
$sql = "UPDATE $table_survey SET $mail_field = '".Database::escape_string($mailtext)."' WHERE survey_id = '".$_GET['survey_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
}
@ -238,7 +238,7 @@ function save_invitations($users_array, $invitation_title, $invitation_text, $re
if ((is_numeric($value) AND !in_array($value,$already_invited['course_users'])) OR (!is_numeric($value) AND !strstr($already_invited['additional_users'], $value)) AND !empty($value))
{
$sql = "INSERT INTO $table_survey_invitation (user, survey_code, invitation_code, invitation_date) VALUES
('".mysql_real_escape_string($value)."','".mysql_real_escape_string($survey_data['code'])."','".mysql_real_escape_string($invitation_code)."','".mysql_real_escape_string(date('Y-m-d H:i:s'))."')";
('".Database::escape_string($value)."','".Database::escape_string($survey_data['code'])."','".Database::escape_string($invitation_code)."','".Database::escape_string(date('Y-m-d H:i:s'))."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
// replacing the **link** part with a valid link for the user
@ -252,7 +252,7 @@ function save_invitations($users_array, $invitation_title, $invitation_text, $re
// optionally: finding the e-mail of the course user
if (is_numeric($value))
{
$sql = "SELECT firstname, lastname, email FROM $table_user WHERE user_id='".mysql_real_escape_string($value)."'";
$sql = "SELECT firstname, lastname, email FROM $table_user WHERE user_id='".Database::escape_string($value)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$recipient_email = $row['email'];
@ -293,13 +293,13 @@ function update_count_invited($survey_code)
$table_survey = Database :: get_course_table(TABLE_SURVEY);
// counting the number of people that are invited
$sql = "SELECT count(user) as total FROM $table_survey_invitation WHERE survey_code = '".mysql_real_escape_string($survey_code)."'";
$sql = "SELECT count(user) as total FROM $table_survey_invitation WHERE survey_code = '".Database::escape_string($survey_code)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$total_invited = $row['total'];
// updating the field in the survey table
$sql = "UPDATE $table_survey SET invited = '".mysql_real_escape_string($total_invited)."' WHERE code = '".mysql_real_escape_string($survey_code)."'";
$sql = "UPDATE $table_survey SET invited = '".Database::escape_string($total_invited)."' WHERE code = '".Database::escape_string($survey_code)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
}
@ -320,7 +320,7 @@ function get_invitations($survey_code)
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
// Selecting all the invitations of this survey
$sql = "SELECT user FROM $table_survey_invitation WHERE survey_code='".mysql_real_escape_string($survey_code)."'";
$sql = "SELECT user FROM $table_survey_invitation WHERE survey_code='".Database::escape_string($survey_code)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($result))

8
main/survey/survey_list.php
Unescape View File

@ -21,7 +21,7 @@
* @package dokeos.survey
* @author unknown, the initial survey that did not make it in 1.8 because of bad code
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University: cleanup, refactoring and rewriting large parts of the code
* @version $Id: survey_list.php 11451 2007-03-06 21:54:30Z pcool $
* @version $Id: survey_list.php 11685 2007-03-25 21:14:55Z pcool $
*
* @todo The invite column is not done
* @todo try to understand the white, blue, ... template stuff.
@ -330,15 +330,15 @@ function survey_search_restriction()
{
if ($_GET['keyword_title']<>'')
{
$search_term[] = 'title =\''.mysql_real_escape_string($_GET['keyword_title']).'\'';
$search_term[] = 'title =\''.Database::escape_string($_GET['keyword_title']).'\'';
}
if ($_GET['keyword_code']<>'')
{
$search_term[] = 'code =\''.mysql_real_escape_string($_GET['keyword_code']).'\'';
$search_term[] = 'code =\''.Database::escape_string($_GET['keyword_code']).'\'';
}
if ($_GET['keyword_language']<>'%')
{
$search_term[] = 'lang =\''.mysql_real_escape_string($_GET['keyword_language']).'\'';
$search_term[] = 'lang =\''.Database::escape_string($_GET['keyword_language']).'\'';
}
$search_restriction = implode(' AND ', $search_term);

Write Preview
Loading…
Cancel
Save