Databases Reference
In-Depth Information
Figure 15-3. The wedding registry gift editing page
// Look up this user's role in the database
$query="SELECT role FROM users WHERE username=".$_SESSION['username'];
if (($result = @ mysqli_query($connection, $query))==FALSE)
showerror($connection);
// Fetch the matching row
// If we don't get exactly one answer, then we have a problem
for($matchedrows=0; ($row = @ mysqli_fetch_array($result)); $matchedrows++);
if($matchedrows!=1)
die("We've just experienced a technical problem - ".
"please notify the administrator.");
// Save the role into a session variable for use
// in other parts of the application
$_SESSION['role']=$row['role'];
// Check that the user is an administrator;
// other users are not allowed to edit the gifts.
if($_SESSION['role']!="administrator")
...
In this example, we've assumed that the
users
table has a
role
column. Role-based
authentication is probably overkill for our simple wedding gift registry, but it's a good
approach for most other applications.
The Gift Editing Form
edit.php The
edit.php
script displays a list of the gifts in the system for editing or dele-
tion, and a blank gift entry to allow a new gift item to be added. Figure 15-3 shows the
application gift editing page loaded in a web browser. The HTML source of the file
includes a link to the
logout.php
script that ends the user session and a link to the
