Page 1 of 1
Protect pages and use global db connection
Posted: Sun Oct 28, 2012 2:06 pm
by absfrm
Hi every one
I'm a new php developer and generally i have some question
1 : I write a code for session and cookie , and now how can i protect all of my pages?
have to put session_start(); and some code before any code in my php pages?
or we have some better ways?
2 : How can i use db connection globally? for example , i'm using mysqli and if i don't include db.php in each page or each function , ... i have error .
what should i do?
thanks before your help
Regards
Re: Protect pages and use global db connection
Posted: Sun Oct 28, 2012 6:53 pm
by Christopher
absfrm wrote:1 : I write a code for session and cookie , and now how can i protect all of my pages?
have to put session_start(); and some code before any code in my php pages?
Put that Access Control code in a file and include it at the top of every page that you want to protect. Something like:
Code: Select all
session_start();
if (!isset($_SESSION['access_allowed']) && !isset($_COOKIE['access_allowed']) {
header('Location: http://www.mysite.com/access_denied.php');
exit();
}
absfrm wrote:2 : How can i use db connection globally? for example , i'm using mysqli and if i don't include db.php in each page or each function , ... i have error .
You need to include db.php in every page that uses the database.
absfrm wrote:or we have some better ways?
When you get more experienced, look into the Front Controller pattern.
EDIT: following Mordred's excellent advice, added exit() after header() so anyone viewing this post in the future will see corrected code
Re: Protect pages and use global db connection
Posted: Mon Oct 29, 2012 6:00 am
by Mordred
Always die() or exit() after a header('Location: ...'), otherwise the code below the header still gets executed.
Re: Protect pages and use global db connection
Posted: Fri Nov 02, 2012 8:27 am
by dharmeshb
Don't mean to hijack the thread, but my question is related. I am learning php as well.
I created a db.php file with the db connection.. that looks like
Code: Select all
<?php
$Host = 'host';
$Name = 'database';
$User = 'user';
$Password = 'password';
$link = mysqli_connect($Host, $User, $Password, $Name);
mysqli_select_db($link, $Name);
?>
Then my functions.php file that I am using to write my db functions looks like
Code: Select all
<?php
include 'db.php';
function userCheck($UName) {
$uname = mysqli_real_escape_string($link, $UName);
$query = mysqli_query("SELECT 1 FROM 'users' WHERE 'Username' = '" . $uname . "'");
$rows = mysqli_num_rows($query);
if ($rows > 0){
return true;
}
else{
return false;
}
};
?>
But when I try to login I get
Notice: Undefined variable: link in functions.php and
Warning: mysqli_real_escape_string() expects parameter 1 to be mysqli, null given in functions.php
Please advise what I am doing wrong.
Re: Protect pages and use global db connection
Posted: Fri Nov 02, 2012 9:00 am
by Mordred
In PHP the variables are local by default. You need to explicitly declare $link as global:
global $link;
Also, learn about include, require, include_once and require_once. Use require_once('db.php'), otherwise you can include it twice by mistake and create twice as many DB connections.