Databases Reference
In-Depth Information
$input = mysqli_real_escape_string($connection, $input);
return $input;
}
// Check if the user is logged in. If not, send them to the login
// page
function logincheck()
{
session_start();
if (empty($_SESSION["username"]))
{
// redirect to the login page
header("Location: index.php");
exit;
}
}
?>
We can incorporate this file as required using the
require_once( )
directive; for exam-
ple, we can add the line:
require_once("db.php");
in the file
index.php
to have the
db.php
file included in it.
Editing the List of Gifts
Jack and Jill, our bride and groom, need to set up the list of gifts for wedding guests to
choose from. Our application includes an
edit.php
file that allows the user to add or
remove gifts, or modify existing gifts. In this section, we describe how we can prevent
users other than Jack and Jill from accessing the editing page, and how the script enables
gifts to be added, updated, and deleted.
Restricting Edit Access
To prevent unauthorized access, we ensure that only the users
jack
and
jill
can access
this file; other users attempting to access this page are redirected to the gift list page
list.php
:
<?php
// edit.php: Show the user the available gifts and the gifts in
// their shopping list
// Include database parameters and related functions
require_once('db.php');
// Check if the user is logged in
// (this also starts the session)
logincheck();
