BetterPHP

I am making a survey feature for my website. Nothing is wrong with the current security (that I know of :s) I was actually wondering what I could do to improve the security. Sorry for the lack of organization I have no code editor on this computer.

survey.php

<?php
require('check/ip_check.php');
if($id == "1") {
if($ip_check != "0") {
?>
<p>You have already taken this survey.  Please choose another.</p>
<?php
}
else {
?>
<form action="submit/submit_survey.php?id=1" method="post">
<p>In this survey we will ask you a series of 5 questions involving the subject "blah".  Please answer all questions honestly as they will effect the future of the site.</p>
<p> </p>
<p>* = Required</p>
<p> </p>
<p>* 1. blah blah blah</p>
<p><input type="radio" name="agree" value="Yes" /> Yes</p>
<p><input type="radio" name="agree" value="No" /> No</p>
<p> </p>
<p>* 2. blah blah blah</p>
<p><a href="example/placement1.php" target="_blank">Link 1</a></p>
<p><a href="example/placement2.php" target="_blank">Link 2</a></p>
<p> </p>
<p><textarea maxlength="250" name="placement" cols="25" rows="5"></textarea></p>
<p> </p>
<p>* 3. blah blah blah</p>
<p><input type="radio" name="different_location" value="Yes" /> Yes</p>
<p><input type="radio" name="different_location" value="No" /> No</p>
<p> </p>
<p>4. blah blah blah</p>
<p> </p>
<p><textarea maxlength="250" name="location" cols="25" rows="5"></textarea></p>
<p> </p>
<p>5. blah blah blah</p>
<p> </p>
<p><textarea maxlength="250" name="other_locations" cols="25" rows="5"></textarea></p>
<p> </p>
<p><input type="submit" value="Submit"></p>
</form>
<?php
}
}else {
?>
<p>No survey selected.  Please <a href='index.php'>click here</a> to choose a survey.</p>
<?php
}
?>

submit_survey.php

<?php			
require('check/ip_check.php');			
if($id == "1"){
if($ip_check != "0") {
echo "<p>Error: You have already taken this survey.<br>";
echo "<a href='../index.php'>Back</a></p>";
die;
}
else {
if($_POST['agree'] == "Yes") {
}
else if($_POST['agree'] == "No") {
}
else {
echo "<p>Error: Please select an answer for question 1<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
if($_POST['placement'] == "") {
echo "<p>Error: Please enter text for question 2<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
if($_POST['different_location'] == "Yes") {
if($_POST['location'] == ""){
echo "<p>Error: It seems you selected yes for question 3.  Please enter text for question 4.<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
}
else if($_POST['different_location'] == "No") {
}
else {
echo "<p>Error: Please select an answer for question 3<br>";
echo "<a href='../survey.php?id=1'>Back</a></p>";
die;
}
include('add_survey1.php');
}
}
else {
echo "Error: Invalid survey id";
}

?>

Both ip_check.php (One for selecting survey, other for if a user were to make their own form and submit)

<?php
session_start();

require('../config.php');

$ip = $_SERVER['REMOTE_ADDR'];

include('connection.php');

$getid = mysql_real_escape_string($_GET['id']);

$sql ="SELECT * FROM Survey_Responses WHERE `ip` = '$ip' AND `id` = '$getid'";

$result = @mysql_query($sql, $connection) or die(mysql_error());

$ip_check = mysql_num_rows($result);
?>

add_survey1.php

<?php
session_start();

require('../config.php');
include('connection.php');

$ip = $_SERVER['REMOTE_ADDR'];

$question1 = htmlentities($_POST['agree'], ENT_QUOTES);
$question1 = mysql_real_escape_string($question1);

$question2 = htmlentities($_POST['placement'], ENT_QUOTES);
$question2 = mysql_real_escape_string($question2);

$question3 = htmlentities($_POST['different_location'], ENT_QUOTES);
$question3 = mysql_real_escape_string($question3);

$question4 = htmlentities($_POST['location'], ENT_QUOTES);
$question4 = mysql_real_escape_string($question4);

$question5 = htmlentities($_POST['other_locations'], ENT_QUOTES);
$question5 = mysql_real_escape_string($question5);

$sql ="INSERT INTO Survey_Responses VALUES('1', '$question1', '$question2', '$question3', '$question4', '$question5', '$ip')";

$result = @mysql_query($sql, $connection) or die(mysql_error());

echo "Thank you for taking our survey.  Your answers have been successfully recorded.";

?>

Any help would be appreciated

Hmm... it seems OK however, for each question you're giving users a choice, I would put each choice in an array and check against that because someone could easily view the forms' source, inject their own string, and submit the form. If you put all possible allowable answers in an array, this cannot happen (will return an error). Apart from that I'm not sure

Are there actually varying levels of security ? I see it as more of an absolute state, your code can either be exploited or it can't. For somethign this simple all you would really need to worry about is SQL injection, and you have that covered

Thank you