Protect pages and use global db connection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
absfrm
Forum Newbie
Posts: 1
Joined: Sun Oct 28, 2012 1:52 pm

Protect pages and use global db connection

Post by absfrm »

Hi every one
I'm a new php developer and generally i have some question
1 : I write a code for session and cookie , and now how can i protect all of my pages?
have to put session_start(); and some code before any code in my php pages?
or we have some better ways?


2 : How can i use db connection globally? for example , i'm using mysqli and if i don't include db.php in each page or each function , ... i have error .

what should i do?

thanks before your help
Regards
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Protect pages and use global db connection

Post by Christopher »

absfrm wrote:1 : I write a code for session and cookie , and now how can i protect all of my pages?
have to put session_start(); and some code before any code in my php pages?
Put that Access Control code in a file and include it at the top of every page that you want to protect. Something like:

Code: Select all

session_start();
if (!isset($_SESSION['access_allowed']) && !isset($_COOKIE['access_allowed']) {
     header('Location: http://www.mysite.com/access_denied.php');
     exit();
}
absfrm wrote:2 : How can i use db connection globally? for example , i'm using mysqli and if i don't include db.php in each page or each function , ... i have error .
You need to include db.php in every page that uses the database.
absfrm wrote:or we have some better ways?
When you get more experienced, look into the Front Controller pattern.

EDIT: following Mordred's excellent advice, added exit() after header() so anyone viewing this post in the future will see corrected code
(#10850)
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Protect pages and use global db connection

Post by Mordred »

Always die() or exit() after a header('Location: ...'), otherwise the code below the header still gets executed.
dharmeshb
Forum Commoner
Posts: 36
Joined: Wed Dec 14, 2011 12:17 pm

Re: Protect pages and use global db connection

Post by dharmeshb »

Don't mean to hijack the thread, but my question is related. I am learning php as well.

I created a db.php file with the db connection.. that looks like

Code: Select all

<?php
         $Host = 'host';
         $Name = 'database';
         $User = 'user';
         $Password = 'password';
        
        $link = mysqli_connect($Host, $User, $Password, $Name);
        mysqli_select_db($link, $Name);
?>
Then my functions.php file that I am using to write my db functions looks like

Code: Select all

<?php 
     include 'db.php'; 

    function userCheck($UName) {
            $uname = mysqli_real_escape_string($link, $UName);
            $query = mysqli_query("SELECT 1 FROM 'users' WHERE 'Username' = '" . $uname . "'");
            $rows = mysqli_num_rows($query);
            if ($rows > 0){
                return true;
            }
            else{
                return false;
            }
    };
?>
But when I try to login I get Notice: Undefined variable: link in functions.php and Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in functions.php

Please advise what I am doing wrong.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Protect pages and use global db connection

Post by Mordred »

In PHP the variables are local by default. You need to explicitly declare $link as global:

global $link;

Also, learn about include, require, include_once and require_once. Use require_once('db.php'), otherwise you can include it twice by mistake and create twice as many DB connections.
Post Reply